> If I want my device to be secure, I want this trust.
Device security and mediated trust between mutually distrustful entities are separate things.
> If I want to sell a copy of my virtual asset to only be used in ways I approve of, I want this trust.
I don't want you to be able to do that. At least not with general purpose computing devices (ie my phone). Maybe for something like a game console or set top box but that doesn't seem to be what's being discussed here.
> either your device can provide this trust or it cannot
It is entirely possible for device firmware to do nothing more than verify that the bootloader was signed with a particular user configurable key.
Device security and mediated trust between mutually distrustful entities are separate things.
> If I want to sell a copy of my virtual asset to only be used in ways I approve of, I want this trust.
I don't want you to be able to do that. At least not with general purpose computing devices (ie my phone). Maybe for something like a game console or set top box but that doesn't seem to be what's being discussed here.
> either your device can provide this trust or it cannot
It is entirely possible for device firmware to do nothing more than verify that the bootloader was signed with a particular user configurable key.