RSA is almost defunct, btw. Does anyone actually still use that?
Hence why I mentioned the discrete log problem as that is the basis for more recent asymmetric encryption (DHE, etc).
Although shor's algorithm could be used, nobody has yet built a quantum computer to actually do this - so it is theoretical.
https://en.wikipedia.org/wiki/Shor's_algorithm"
In 2001, Shor's algorithm was demonstrated by a group at IBM, who factored 15 into 3 × 5, using an NMR implementation of a quantum computer with 7 qubits.[4] After IBM's implementation, two independent groups implemented Shor's algorithm using photonic qubits, emphasizing that multi-qubit entanglement was observed when running the Shor's algorithm circuits.[5][6] In 2012, the factorization of 15 was performed with solid-state qubits.[7] Also in 2012, the factorization of 21 was achieved, setting the record for the largest number factored with Shor's algorithm.[8] In April 2012, the factorization of 143 was achieved, although this used adiabatic quantum computation rather than Shor's algorithm.[9] In November 2014, it was discovered that this 2012 adiabatic quantum computation had also factored larger numbers, the largest being 56153.
"
Progress is slow, and newer ideas have been developed than Shor's original algorithm, but then progress was slow on the original conventional integer factorisation algorithms.
The weakness in protecting hardware and verifying IOT devices, secure boot etc remains security of hardware manufacture keys. Not verification of the keys or verification of firmware keys, but protecting the master keys.
A true secure boot system will verify the main boot image; the main boot image will verify the image of important software. Software update sources will have their security key certificates verified before permitting updates to proceed.
That's low-level hardware systems, but you won't see that level of protection built into PCs or even smartphones for a while yet.
Secure boot is a completely separate subject. That just stops users fiddling with the systems they rightfully own, or malware from embedding itself where traditional scanners cannot find them, etc.
The question here is how do you trust/verify that a system (as a collection of distinct parts) is trustworthy and isn't sending all of your keystrokes/messages/anything to a state sponsored entity.
(Answer: You can't.)