A deep dive into the security primitives your CPU already offers and almost nobody uses — TPM2, Secure Boot, kernel lockdown, IOMMU, and IMA/EVM — with concrete implementation guidance for self-built Linux machines.