[flto]

> Also your boot-chain is still closed and proprietary

Nowadays the entire thing until you land in EL1 needs to be signed by Qualcomm as well. This is without "Secure Boot" enabled. OEMs only get to run code under the hypervisor. And you might want to use a part of the hardware but someone decided the VM your code runs in shouldn't have access to that, too bad.

[my123]

not all true. And Qualcomm taking over EL2 is optional now

[flto]

What is not true?

EL2 is still locked down for the chip this post is about, AFAIK. And everything else is is staying locked.

[my123]

AFAIK Google runs their own EL3 on the Snapdragon Chromebooks. (And KVM at EL2)

Lots of this is customer dependent but what you say is true for the typical android phone config that most use

[flto]

The Snapdragon Chromebooks use older chips that didn't have the locked down boot-chain yet. Even if you didn't have the official EL3 unlock that Google got, you could still get into EL3 trivially if you wanted to.

It will be interesting to see what Google got from Qualcomm for the new Chromebooks (EL3 isn't even the highest level anymore, that's TME now).

[my123]

> It will be interesting to see what Google got from Qualcomm for the new Chromebooks (EL3 isn't even the highest level anymore, that's TME now).

The new AL BSP target for Hamoa, which is what's going to ship on the new Android laptops, runs KVM at EL2 instead of Gunyah. But it has (at least partially) Qualcomm-owned EL3.