You own firmware for a network appliance that processes packets, manages crypto offload, and exposes a management plane. The platform relies on hardware interrupts for NIC receive/transmit, watchdog timers, secure boot status, and tamper signals. During stress testing, the device shows intermittent packet loss, delayed watchdog servicing, and rare lockups when interrupt rates spike.
How would you explain the role of interrupts in this embedded system and design interrupt handling so it remains performant and secure under load? Be explicit about the threats you would model, the controls you would add, and how you would verify that interrupt-driven paths cannot be abused to cause denial of service, state corruption, or privilege escalation.