You are right, but in the scope of chip design we can solve all that. What we can not solve is supply chain trust (how do you now your temp sensor has not been tampered?)
Or your temperature sensor being rendered useless via a clever attack?
Perhaps by something as simple as by a clever pattern of temp sensor reads causing your code to think temperature is in safe range for your application?
Or causing your code to execute extra multiplies to generate heat to hide a momentary temperature drop.
My point is even if you could 100% trust your supply chain and 100% validate your silicon matches your design, there are still residual issues.
For example, power supply glitch attacks [0] are nowadays well known, including techniques to make them sufficiently reliable.
It was just a simple example. There are counter-measures WAY more complex than a simple two lead sensor. I was part of a CC certified chip design, and I can tell you we must implement tests for every single countermeasure in the chip. But still you have no means to check whether your sensor/countermeasure hasn't been tampered all together in the supply chain.
During a CC certification, the design-house, mask shop, and fab are certified to reduce the chances of the chip being tampered. The certification ensures that all those places have decent security practices and protocols. It helps but is quite far from completely mitigating it.
I don't have any reference of a mask being modified to give to you, but it is so easy to do it that we don't actually need evidences to be worried.
If you think about it, just by changing implantation parameters on the transistors that form a ring oscillator for generating random numbers can bias it (this does not require not even modifying the mask).
Ah yes, that makes good sense. I once built a hardware RNG and it was surprisingly hard to keep it stable over the longer term to satisfy the certification criteria. In the end I managed but it was a lot of analog voodoo and I can see how easy it would be to tamper with that in a way that would not be detectable unless you monitored the device continuously.
