de0u I believe the OS running on the trusted element is open-source (TrustyOS)
Oh, nice.
de0u but the package run in TrustZone on Pixel devices may not be, i.e., the apps bundled with the OS image may not be open.
What do you mean? You mean some apps running on Trusty in the TEE is not open source, even if Trusty itself is?
de0u I'm not sure "higher privileges" is the most accurate conception. My understanding is that code in the TEE has no access to devices or to memory except for a limited IPC channel to GrapheneOS. So GrapheneOS can't inspect or change the state inside the TEE, but that code can't inspect or change the state of GrapheneOS.
This contradicts my understanding, I thought the protection was one-sided here, main OS cannot reach TEE OS, but TEE can access everything. Like TEE is host and main OS runs in a virtual machine. But now I got uncertain, I am not that familiar with for TEE works, and not TrustZone specifically. I may need to ask someone I know that knows these things.
But if it is all open source anyway, it doesn't really matter.