There's also the Olimex boards (and related Freedombox project)[1], which can boot with no binary blobs :)
They have an interesting philosophy in their definition of OSHW includes making it easy for others to produce their boards. So not just publishing schematics, but facilitating manufacturing as much as possible.
> Olimex's A20 OLinuXino Lime2 is a fully Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the FreedomBox goals.
The issue with the AllWinner Sunxi chips is somewhat similar to the VideoCore booter where an internal ROM is required to boot the CPU; this has been open sourced somewhat recently, but we can't really inspect or change it.
On the other hand, it's not really that much of a big deal since unlike some other chips, it doesn't lock you out of anything, it just does normal basic stuff like making sure the WDT doesn't reset your CPU before you have had a chance to setup the bare minimum of registers and interrupt tables. For me, I'd either have a chip that has a boot vector outside of itself (i.e. some fixed SPI address) or something so small and measurable that it doesn't really matter much (like this BROM).
The big 'next gen' problem we have is somewhat separate but regarding root of trust in hardware it's nearly impossible to make trusted hardware (from a software perspective) without some device specific PKI that is inside the main CPU and cannot be modified from the outside. The big downside is that there is no way to do this after the fact (otherwise a malicious person could do the same), and doing it ahead of time ties it to the hardware vendor or even the chip fab. Sharing things like private keys to whoever buys the chip doesn't work either, as that would make all of the other chips vulnerable as well. PKI-per-chip doesn't work either, as you wouldn't want to maintain a PKI and re-sign everything for evert individual chip.
eFuses seem to be the only other way, or (E)PROM, but those can be attacked using power hacks (i.e. using a ChipWhisperer).
Perhaps a free and open hardware root of trust is just not feasible.
i have olimexs sunxi boards and they have a blob bootloader with no sources so they are not completely covered, only hardware as it mentions. but this is common for arm of course.
on the flipside thats still leagues above rpis and you can buy the chips for your own use unlike the broadcom ones
Thun sunxi family of chips is really badly supported by the manufacturers, but the mainlining effort (as documented at https://linux-sunxi.org/Linux_mainlining_effort) is going pretty well. It's still a bit risky if you don't buy an entire integration package from one of the big vendors and at that point you're NDA'ed so hard you might as well go Broadcom or Qualcomm.
They have an interesting philosophy in their definition of OSHW includes making it easy for others to produce their boards. So not just publishing schematics, but facilitating manufacturing as much as possible.
> Olimex's A20 OLinuXino Lime2 is a fully Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the FreedomBox goals.
[1] https://wiki.debian.org/FreedomBox/Hardware/A20-OLinuXino-Li...
[1b] https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXino-...
[1c] https://www.armbian.com/olimex-lime-2-emmc/