[turblety]

Unfortunately it's not as easy to answer. Intel and AMD manufacture their own chips which means they can put their backdoors into all their products. However with ARM they license their IP and other companies make their chips.

This means some companies have hidden proprietary code in their bootloaders. For example the Samsung Exynos have a range of ARM chips, but to boot them you must use their bootloader, which may contain spyware, backdoors or surveillance systems. You can not see the source code for this bootloader and have no way of auditing what it actually does.

Rockchip is another company that makes ARM chips, and can be considered mostly free [1]. As with all hardware it's very hard to know what's going on inside, but all the code to boot into Linux (minus the optional GPU) on a Rockchip product is open source and can be audited/compiled by anyone.

ARM also have TrustZone [2] that allows you to run applications in a "secure" (or separate) space. It doesn't run on a separate chip, but runs on the ARM chip, separating memory and instructions from the operating system. (Don't quote me but...) I believe you don't actually have to use TrustZone. The instructions/documentation for it doesn't appear to be available to the public, however if you don't upload a blob for TrustZone, with Rockchip it simply won't use it and will run everything on the same level. (Note this is true for Rockchip, but again depending on who is manufacturing the ARM chip, they may force you to use TrustZone).

Unlike with Intel ME and AMD PSP, if you don't want to use their ME, you have no choice. If you remove the blob your system won't boot (or will restart after 30 minutes for some older models).

This means if ARM TrustZone is compromised you can remove it and continue on as normal. But if ME and PSP are compromised you are at the will of Intel and any agency it may have colluded with.

While we're on the subject of free and open source code, note that with (most) ARM chips, the GPU is closed source just like the Intel ME. Again, the difference is if you don't want to use the GPU, you can just not upload the blob, and use the CPU without the GPU. There are some movements being made to open the GPU [3], but it's still a long way off.

1. https://libreboot.org/docs/hardware/c201.html

2. http://www.openvirtualization.org/open-source-arm-trustzone....

3. https://gitlab.freedesktop.org/lima

[gsnedders]

TrustZone is essentially an ISA extension, similar to Intel's TXT and SGX to provide a trusted execution environment. You can trivially avoid it by never running any of the related instructions.

[monocasa]

It's more of an extra address bit and processor mode. It doesn't have related instructions like TXT and SGX, but instead is structured more like a hypervisor.

[0xakhil]

I am not sure if this is correct. There are related instructions like 'smc' that helps to switch to secure world.

[monocasa]

OK, so there's the one instruction to do a system call that hits secure mode. It's equivalent to svc or hvc, but hits EL3 (secure mode) rather than EL2 (hypervisor mode) or EL1 (supervisor mode).

It's very very different than the dozen or so instructions to setup TXT or SGX that sits off to the side of the main OS rather than running like a super hypervisor. If you're going to compare it to something, it's way more like SMM on x86.

Source: I've ported a kernel to EL3 (secure mode).

[floatboth]

You generally do want to run the reference (BSD licensed) Trusted Firmware though. It implements PSCI at least.

[slededit]

The closed boot loader is a red herring. Unless you have the underlying RTL source the hardware could do anything - no secret boot loader required. Open source without open hardware is a false sense of security.