[squarefoot]

This is possible, although if the user has control over the "trusted" part of the system, nothing prevents the data to be encrypted before leaving it. That is, suppose we know the radio chip contains the encryption code, but also some suspicious closed firmware we cannot examine; since we can't trust that chipset, we could add one more encryption layer on the data before it reaches the untrusted chipset, so that any potentially malicious firmware would see essentially random noise. Of course the other end must employ the same decryption scheme, which is not immediate for sure, but still doable and would make extremely difficult for anyone to snoop our data.

The point is: we can't have a 100% fully open and auditable system, both in HW and SW, so they built a fence to separate the trusted hardware in which we work with our data and the untrusted but necessary part where our data can't enter before being encrypted.

It's a huge effort, which brings us one more time on the importance of having full open hardware/firmware/software. I wonder if current technology would allow crowfunding the creation of fully open chipsets. Nothing immediate, just one damn chip at a time: networking today, storage controllers in two years, graphics in 5, etc.