"Some hardware needs to be trusted. To my knowledge, no-one has found a way of building a trusted plaform on top of an untrusted CPU. "
But that raises a scary prospect. Given (1) that ARM CPU designs can be tinkered at the licensor's discretion (which is how these SoCs come into being), and (2) that some State agencies are loony enough to want control at the hardware level, including hidden stuff in the CPU, doesn't this raise some serious DTA prospects?