[NewAccnt]

I wonder how those in the performance computing sector feel about running a proprietary supervisor with built in DRM on each and every CPU? Raspberry users might not care when for just hobbyist applications, but I doubt any serious scientist is going to overlook that.

http://www.arm.com/products/processors/technologies/trustzon...

[trotsky]

Intel platforms have a very similar risk via SMM and the platform code & controller. It's less advanced, but it can easily exert full control over the system without the os allowing it, minus access to some registers and on die cache. It could DMA in or out of the gpu memory as well.

Whether your soc vendor forces a secure supervisor to load is up to them, and i'd be surprised if an HPC builder had trouble finding vendors to supply parts with a totally controllable boot chain.

I'm sure there are ways to obscure it, but there are just as many ways on x86 platforms, the only real difference being that you could pull the eprom and reflash it and inspect the other board components. There's also plenty of evil things you can put in a soc without relying on trustzone.

Bottom line is you have to trust your vendor. If you want a soc integrated and fab monitored by a business/state that is politically aligned with yours it is probably just a matter of paying a premium.

[qb45]

The hardware cost of TrustZone is rather low and vendors of "compute SoCs" have no reason to ship hypervisor software on their chips.

And Raspberry Pi probably doesn't run any secure mode hypervisor as well.

[lgeek]

Trustzone is just a set of hardware features. Most ARM devices don't come with a proprietary supervisor. In fact, Linux used to run in the secure world on some development devices.