I am helping an organization deploy some remote thin clients using Raspberry Pi devices. The idea is to have the client connect to a cloud environment using Wireguard VPN. This environment will be running desktops that are spun up dynamically. I would like to store the private key in a zymbit device then have the thin client load the desktop and applications after the user has authenticated. There will be an agent running (thinking Balena Supervisor) to manage the applications. Each profile is to be encrypted on the device as well as local user data. All data will be eventually backed up in the cloud. If the device is tampered with, all keys are to be destroyed. Is there something like this already that I can tap into? What challenges will I have? Thanks!