ive been lookinng at it and i was going to use uboot to boootstrap the kexec'ing linux kernel that then boots thhe kernel/OS of your choice. cuts down the dev time and pumps up the feature set and allows you to do the entire "signed kernel" and trusted boot thing (which i aam a fann off scince i have all the keys to my device just likee you will have the keys to yoour device
i will go on record as saying that i think trusted computing is a good idea, BUT i fear that its the implemntation we have to fear and how its used. i do not belive that microsoft will lock down the machines so that you cant instaall another OS as it would be suicide. think about it microsofts poligy about getting hit by a virus is a clean install of the OS. if you restricted the bootloader in that way then it would make it very hard to reinstall the OS OR microsooft would have to find a work around which could be uused to install linux aanyway
anyway back OT, the lockdown is actually on pourpse, if a comercial entity wants to produce a loked down version then fine with me, i gave them the ability to do so and if they want it modified then who better to ask than the community. then we get a cheap source of units
its most likly that we wont be able to flash these units however there may be a work around. and at any rate i wouldd state that the price of me helping them would be accsess to the keys (which i would keep in escrow for any user who wants me too) so that i could "reset" devices. this would mean that thier keys are not publically relased but we can get cheap uniits
tthe ide is that if you haave the unlock key then you have accsess to the internal (to the chip) lash that holds the keys, you then erase the Manufacturers key and reboot, leeaving an unlocked device which you canthenfollow the normall flashing procedure
and last of all, i have no problem with DRM, its the manufacturers giving you a locked bok and the keys to open the box and saying "only open the box to listen to the music". once ou have the keys there is nothing stopping you from doing what you want hence the aurgument that at a funemental level the concept of DRM is flawed
this explains microsofts trusted boot, they dont want data "leakege" to untrusted modules. good for them, i cant wait to see the day microsoft pulls off a 100% bulletproof solution (no saracsm here) and same goess for linux. not everything works as expected, make sure you plan around it
and while im at it i might mention that if i can i will try and make sure developers get free units, if i ma sponsered this will happen, if im not then patrtially subcidies will be more likly. ii have plans and everything is slowly falling into place