[RL_Quine]

Right. We're just moving the DMZ, and that's for a lot of cases totally fine. Rather than how people would assume it works like this.

    CPU -> LTE Modem || DMZ || Cellphone Provider

We have this for the Pinephone.

    CPU || DMZ || LTE Modem -> Cellphone Provider

This is fine.

Remember that in the first model, and in most typical phones, the LTE Modem have above root access to the CPU through DMA. The exception is some more modern devices like the iPhone, which give the modem a specific sandbox device to DMA into that's not the actual processor.

[my123]

On the iPhone, the modem has always been on a separate chip.

[detaro]

separate chip doesn't tell you anything about the security model.

[my123]

It was USB/HSIC and then switched over to PCIe with IOMMU.

[mirimir]

Right, regardless of chip configuration, modern phones use IOMMU for isolation. Arguably the main advantage of the PinePhone and Librem 5 is the kill switches.