Every ARM SoC is proprietary, closed hardware. Same applies to most other hardware components like Wi-Fi / NFC / cellular radios, touchscreens, cameras and even batteries. There is nothing open about it, and not shipping the firmware updates just exposes users to vulnerabilities.
Conversation
Try not to get duped by projects pushing an ARM SoC and other proprietary hardware components as open hardware without proprietary firmware. There are several projects very deliberately misrepresenting this, misleading users and putting them at risk by not providing the updates.
1
1
12
Full security updates covering all components are incredibly important. Being able to update firmware/microcode rather than replacing hardware over and over again is not a negative. Verified boot, keystore HSMs and other hardware-based security features are also important things.
1
2
10
It's also important to note that hardware isolation is orthogonal to whether a component is implemented on the same die. In fact, in many cases, components on the SoC chip have better isolation than those outside it due to lack of security work across organizational boundaries.
1
1
9
Privacy and security have been hijacked for marketing by not just companies but also open source projects. You cannot believe what you read on these topics from most companies, projects or the media. The industry is full of scammers, dishonesty and ignorance. It's sad all around.
2
3
14
I find it extremely frustrating. On a day to day basis, I encounter an endless torrent of misinformation and bogus marketing claims. I expect nothing less from tech giants and security companies but it's really sad seeing the same from open source projects and non-profit orgs.
2
1
7
Quote Tweet
Replying to @saleemrash1d
Preventing users from installing firmware updates is also hardly freedom, and yet that's apparently what passes for it these days. Hiding the fact that the hardware and firmware is proprietary with no way to update it doesn't make things better in any way but rather much worse.
2
1
6
Privacy /security are effectively just a marketing approach at this point. Substance doesn't matter. Projects focused on improving privacy and security get pushed out by those pretending to do it. Proprietary hardware falsely presented as open gets funding over open hardware too.