Most Allwinner chips can run an entirely open-source stack and there's quite a few hobbyist-oriented boards out there based on them. (Technically the ROM bootloader is closed source, but all it does is load your choice of bootloader into RAM and execute it. After that you have full control, including the ability to run code in TrustZone mode and on the supervisor CPU core if one exists.)

IIRC Allwinner does not have public datasheets, and honestly I prefer to have an half-documented half-accessible x86 platform rather than a theoretically fully-accessible ARM one that in practice is 1/10 publicly usable (the cpu alone is not enough to have fun with a platform... especially in the ARM SoC world -- and existing drivers have never replaced a good documentation of the hardware they drive.)

Security issues in ROM are still security issues. Even if it is in ROM, it still needs to be auditable.

There are plenty of boards that run using mainline u-boot and mainline Linux, you can often ignore the vendor BSP.

You are right about ARM though, TrustZone is another DRM-oriented aspect of ARM-based SoCs.

While TrustZone can implement DRM, it is not a closed management engine. If you control the board, you can load your own OS there (but, conversely, if you cannot load your own OS there, you do not control the board).

There was a talk at FOSDEM this year about using TrustZone to run a small hypervisor: https://fosdem.org/2016/schedule/event/microkernels_genode_u...

The boot ROMs on these things are proprietary, though. The vendors I've talked with have been extremely coy about what's in them (got an overview from Marvell once, spent a day looking at code on a projector screen and getting a walkthrough. They could have hidden much).

I should add that the code we saw may not have been the code that was actually run. It had reset vectors and whatnot, but that's no guarantee there were no hidden ROMs that ran code before the code we reviewed got run. And it's certainly no guarantee there are no hidden hardware-level state machines that unlock . . . things. Things like ignoring X bits in pages, or being able to do some low-bandwidth computation with code embedded at the stenographic level.

TrustZone is just another processor mode and associated memory protection, nothing more, nothing less.

It's equally as incoherent to say supervisor mode and the MMU is 'DRM-oriented'.

In practice, TrustZone is for DRM.

I'm using ASUS C201 which uses ARM. It was a Chromebook, now running libreboot and parabola linux.

Can you share documentation? I have an upstream kernel running on my peach pit, but have not replaced uboot yet.

How is it regarding GPU driver (or what Mali is)? Are you running binary mali driver or FOSS lima?

I don't really do GPU-intensive stuff on it. It renders webpages & youtube fine, which is probably the most graphical intensive stuff. I'm currently using it mostly for porting MuseScore to arm, mainly using qtcreator for development.

The external hdmi doesn't really work properly...I remember not being able to run external monitor in full screen, or at the same time as the lcd screen.

I just installed and ran glxgears. It gets 250 FPS and a default window size. But I do get an command line error libGL error: unable to load driver: rockchip_dri.so, so I don't think I'm getting GPU.

There is no FOSS lima driver for Mali-T760. There was a lima dev working on it but cause of some e drama that went down the drain.

so jealous... I've tried to replicate that setup on my C201 but kept hitting issues. I might give it another shot some day soon. Does Libreboot make it easier to boot from SD/USB?

off topic: do you happen to have any issues with the usb ports on the right side of the case?

My dtb is generated from a dts at kernel compile time... Chromebook land is fun.

Lucky. I have to hunt around for DTBs based on modified Rockchip and Freescale SoCs to update my devices.

I am unwilling to distribute said binaries to make it easier for people with the same hardware as I to update their 3 year old software. That, too, is a shame.

So it's not an "ARM architectures" issue. It's a problem between you and your provider, who for some reason is not willing to provide the DTS.

That said, given that DTB/DTS is an open spec, tools to reverse a DTB into a DTS should probably exist (like this one: http://forum.xda-developers.com/android/software-hacking/how...)

You don't even need a secondary tool. The standard devicetree compiler, dtc, can convert a dtb back into a dts no problem. The dtb format is a pretty basic serialisation of the dts file, so fairly little information is lost (mainly pre-processor stuff like includes and some macros for constants) and you can easily round-trip.

On some boards, the dtb controls things like voltage to the eMMC, so getting it wrong can be catastrophic.

DTB?

Device tree blob. But FAFAIK that is just a binary decription of the hardware layout, and does not include (driver) code.