Are you referring to open source BL2/BL31 for GL-iNet products, and/or for OpenWrt One? I’m not sure it’s possible with either, as haven’t looked into the One in detail yet, as I wasn’t aware it had launched until TFA was posted, though I was aware of it since January or so.

I’d like to run fully open source network stack if possible myself, though I’m not sure if that possible without moving the goalposts and virtualizing something or doing it in software, and even then I’d have to figure out some kind of boot attestation ideally, thought I'm not sure how that's going to pan out. Isn't Intel SGX/AMD SEV/ARM CCA required for that?

Some links I thought we interesting on that topic, as it's adjacent to the discussion:

> A comparison study of intel SGX and AMD memory encryption technology

https://dl.acm.org/doi/10.1145/3214292.3214301

> vSGX: Virtualizing SGX Enclaves on AMD SEV

https://ieeexplore.ieee.org/document/9833694

What do you suggest? How’s your hat fitting, by the way?

Here's the firmware for the OpenWrt One, if that helps you determine whether it does what you want:

https://firmware-selector.openwrt.org/?version=SNAPSHOT&targ...

If you find the answer to your/our questions, please let me/us know!

Sent from my iPhone in Lockdown Mode