Any ARM Systems That Don't Use Trustzone ?
Usually the typical platforms people mention to escape x86 to are Power9; RISC-V and ARM. The more research I do into ARM and the more I find out about Trustzone which is what AMD's PSP is based off of. Are there any ARM systems that don't use Trustzone ? From what I gather both the Pinebook Pro and RockPro64 do.
I understand that AMD uses this feature in such a way that their CPU must have some blob signed by them in order to run.
I searched about the RockPro64 and RK3399, here is what I found:
- https://wiki.pine64.org/wiki/ROCKPro64#Older_firmware_overwrites_actively_used_memory: it seems possible to make a full boot loader purely from free software (bl31.elf from Arm trusted firmware released under BSD 3-clause license, u-boot without blob)
- http://opensource.rock-chips.com/wiki_Boot_option: the picture shows
- booting with miniloader as pre-loader, that seems to be a proprietary blob, and then u-boot
- booting with u-boot as pre-loader, then u-boot with bl31.elf, bl32.bin and tee.bin to be added to u-boot, and put in the colour of "Rockchip tools" (blue)
- it is still mentioned that bl31.elf is built from source code, there is nothing about bl32.bin and tee.bin
- when miniloader is used, it wants a trust.img that includes the same bl31.elf, things shown in green and other things
https://u-boot.readthedocs.io/en/v2021.07/board/rockchip/rockchip.html also mentions building bl31.elf from ARM trusted firmware in order to make u-boot work. If that works, perhaps that is enough and then, is there really any issue with the "Trustzone" of the RockPro64?
What I don't understand is whether this "Trustzone" is really used for something or not.
I have read the docs explaining that this feature is to run two OSs, one in the "secure world" and one in the "normal word", such that the OS in the "normal world" has restricted access to the "secure world".
The use case advertised is to only allow the user to install her OS in the "normal world" (to enforce DRM in the "secure world"), but I would rather install my OS (Trisquel, Parabola or Replicant) in the "secure world" and use the "normal world" for software to communicate with a cellular modem and prevent it from interfering with the software I install!
I read FSF (https://www.fsf.org/blogs/sysadmin/closing-in-on-fully-free-bioses-with-the-fsf-tech-team) is working toward using the Power9 ("And now, we are proud to say that the upcoming Trisquel 11 release will support POWER9!") but a look at prices from Raptor (https://www.raptorcs.com/content/base/products.html) is a little disheartening. But, at least, "The Raptor motherboards come with entirely free firmware -- and even have free hardware designs!."