What, just based off of the custom-ness of the device? I think the endgame of this type of security-by-obscurity is like a randomized FPGA computer trying to fool a hypervisor in the same chip.
More or less, yes. A backdoor has to be able to pattern match to find what it's backdooring; the more custom your implementation is the harder that should be. AIUI, it would be easy to make, say, a CPU that recognizes gcc doing a compile natively. It would be, I think, extremely difficult to create a CPU that recognizes the instructions to emulate a MIPS processor running gcc, especially when the emulator didn't even exist when the chip was taped out.
This is roughly how the game obfuscation layers work to prevent crackers. If it takes weeks for top hackers to crack a game, there's no way it will be done automatically by the chip that was taped out before the VM was generated.
