> Also your boot-chain is still closed and proprietary
Nowadays the entire thing until you land in EL1 needs to be signed by Qualcomm as well. This is without "Secure Boot" enabled. OEMs only get to run code under the hypervisor. And you might want to use a part of the hardware but someone decided the VM your code runs in shouldn't have access to that, too bad.
The Snapdragon Chromebooks use older chips that didn't have the locked down boot-chain yet. Even if you didn't have the official EL3 unlock that Google got, you could still get into EL3 trivially if you wanted to.
It will be interesting to see what Google got from Qualcomm for the new Chromebooks (EL3 isn't even the highest level anymore, that's TME now).
> It will be interesting to see what Google got from Qualcomm for the new Chromebooks (EL3 isn't even the highest level anymore, that's TME now).
The new AL BSP target for Hamoa, which is what's going to ship on the new Android laptops, runs KVM at EL2 instead of Gunyah. But it has (at least partially) Qualcomm-owned EL3.
Nowadays the entire thing until you land in EL1 needs to be signed by Qualcomm as well. This is without "Secure Boot" enabled. OEMs only get to run code under the hypervisor. And you might want to use a part of the hardware but someone decided the VM your code runs in shouldn't have access to that, too bad.