I don’t get the controversy. It’s god damn simple:
1- RPi GPU starts first.
2- GPU loads proprietary bootcode.bin
3- GPU wakes up CPU
4- Normal boot process continues
Why is so controversial to point out the device has a rootkit by design? It’s okay for the threat level of a node or a mini server but signing transactions?