ARM has the exact same problem via TrustZone. Different technical implementation, slightly different known capabilities, but fundamentally, still an unauditable, unremovable ring -3 subsystem that cannot be controlled by the legitimate, lawful owner of the hardware.