If you have physical access to a device that you can solder an antenna you can compromise a TPM or anything else by sticking a custom DIMM in there that you can program from the “back side” so you can replace any part of memory with anything you want anytime you want. You don’t have to randomly flip a bit and hope for the best. You just inject your entire program.
>>wang_l+(OP)
Unless the hardware employs some variant of encrypted RAM, see cool paper by the NSA from a few months back that includes benchmarks in FPGA and silicon https://eprint.iacr.org/2024/1240
>>wang_l+(OP)
A bit late in reply but dont forget that PUFs are a thing too.
Threat models vary of course. I personally believe my iPhone is safe against back side memory hardware swaps if I have turned it off. I could be wrong though!