bob prohaska  wrote:
> Theo  wrote:
> > You can get the ARM cores to yourself if you want.  It is possible to keep
u-boot
> > in memory to provide 'firmware' services that your operating system doesn't
> > provide, and there's also TrustZone, although I don't think the Pi
> > environment uses that out of the box (I'm less familiar with Pi4).
>
> Can the firmware services alluded to be called by a user logged in
> through a "normal" connection? I.e., bypassing normal security and
> authentication mechanisms? That's not an issue if the firmware is
> removed/overwritten by the loaded operating system, but if u-boot
> remains I understand much better the objections raised by open source
> advocates.

If you're running regular Linux, generally not from userland.  If you're
running bare-metal, you have kernel privilege so it's up to you how you set
things up.  You could choose to overwrite u-boot if you don't want it
present.

If you have TrustZone, your code running outside TrustZone is
protected from trampling over the TZ firmware.  If you want to get rid of
that firmware you need your bootloader to run things inside the TrustZone.
(I don't believe the Pi does anything with TZ by default and may not have TZ
support in the hardware)

Theo

--- SoupGate-Win32 v1.05