Hello,
Back to your statement:
TZ gives you absolutely nothing you can’t get with just seL4 (eg in hyp mode) and some form of authenticated boot so, what you refer to as "authenticated boot" has to have some hw support. Clearly, TZ is suitable for that.
that is a common misconception. TrustZone does not provide a secure-boot mechanism. It is merely a mechanism for running a "secure world" behind the back of the regular "normal-world" OS. The normal world is indeed bootstrapped from the secure world (at least in our TZ monitor implementation [1]). But the secure world must be securely booted as well. The mechanism for doing that depends the SoC vendor. For example, FreeScale i.MX uses a so-called high-assurance boot (HAB) mechanism. [1] http://genode.org/documentation/articles/trustzone Best regards Norman -- Dr.-Ing. Norman Feske Genode Labs http://www.genode-labs.com · http://genode.org Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth