It's confusing to me that you're calling it "less-constrained." The signed-bootloader world really caught fire in SoCs like Snapdragon and indeed the 410E and 600E include SecureMSM/TrustZone. It hasn't (yet) found big popularity in x86_64 designs -- even when the processors offer it many customers don't leverage/enable it.
The "locked down" designs come from two big motivators: DRM and security. Since many snapdragon phones are sold with subsidies, the signed bootloader allows the network operator to restrict the phone's "owner" in various fashions. The security provided by a signed bootloader is real -- it's much harder for a malicious actor to create ransomware that targets mobile phones like they do PCs.
I'd expect/hope that you can decide not to opt-in on the Snapdragons' SecureMSM features, but it doesn't seem any "less-constrained" than Intel or AMD's offerings.
So, to be honest, I don't know all that much about the ARM world, and I hadn't heard of TrustZone. I looked it up, and it seems that the OEM has a great deal of discretion in setting it up, to the extent that there's a reference implementation on GitHub [0]. And if I buy a bag of loose SOCs, which I can apparently do now, I'm the OEM.
Right, kinda like what happens when you buy a Xeon or an Opteron. You can enable AMD SKINIT / Intel TXT & UEFI Secure Boot if you like. Intel didn't force this upon the consumers, the OEMs requested the processor features.
is wrong. I know that vendors producing servers want that Intel ME (because otherwise remote servicing servers would be much harder), but they surely did not require from Intel that Intel ME cannot be disabled.
But IME is distinct from "Intel TXT & UEFI Secure Boot" ("this"'s referent).
> Intel didn't force [Intel TXT & UEFI Secure Boot] upon the consumers
is true. Both of those things can be disabled on most hardware. In fact, I disabled them on the laptop the I just bought, because I wanted to install OSes that aren't SecureBoot signed.
The locked-down hardware architecture definitely enhances security, as far as protecting the embedded firmware and IP. As a consumer, I don't want a clipper chip in my pocket. It's a sad situation for hardware these days, because if you don't comply with the unwritten rules, you'll go the way of Joseph Nacchio and Qwest.
The "locked down" designs come from two big motivators: DRM and security. Since many snapdragon phones are sold with subsidies, the signed bootloader allows the network operator to restrict the phone's "owner" in various fashions. The security provided by a signed bootloader is real -- it's much harder for a malicious actor to create ransomware that targets mobile phones like they do PCs.
I'd expect/hope that you can decide not to opt-in on the Snapdragons' SecureMSM features, but it doesn't seem any "less-constrained" than Intel or AMD's offerings.