Unfortunately, no matter how open the hardware and software may be, for the vast number of people it will never be possible to verify that one specific peice of hardware is running a specific peice of software.
And even if the tools existed to enable normal persons to do this, they would need to trust that the hardware/software in the tool has not been tampered with and that the tool is running it.
I don't think that that's going to be a problem. We have a long history of dealing with such verification. What is important is that people trust science and scientific institutions, and sooner rather than later, in-depth analysis of devices conducted by experts will be able to provide security and credibility for the layman to rely on without the need to run tests themselves. This is basically how the privacy and cryptography branches of hardware and software engineering have operated for decades now.
I hope eventually risc-v become the norm. It's the closests to the open source hardware idea.
Unfortunately, no matter how open the hardware and software may be, for the vast number of people it will never be possible to verify that one specific peice of hardware is running a specific peice of software.
And even if the tools existed to enable normal persons to do this, they would need to trust that the hardware/software in the tool has not been tampered with and that the tool is running it.
I don't think trusting the security software would be any harder to trust than the OS or anti-viruses, both systems designed to keep the users safe.
More of an issue would be how to find out who is trustable, and that will take both time and trust from the getgo.
I don't think that that's going to be a problem. We have a long history of dealing with such verification. What is important is that people trust science and scientific institutions, and sooner rather than later, in-depth analysis of devices conducted by experts will be able to provide security and credibility for the layman to rely on without the need to run tests themselves. This is basically how the privacy and cryptography branches of hardware and software engineering have operated for decades now.