I don’t get the controversy. It’s god damn simple:

1- RPi GPU starts first.

2- GPU loads proprietary bootcode.bin

3- GPU wakes up CPU

4- Normal boot process continues

Why is so controversial to point out the device has a rootkit by design? It’s okay for the threat level of a node or a mini server but signing transactions?