These two freedoms are at odds. To establish this 'chain of trust' or to name it better 'chain of
user control' one needs to run signed binaries. These binaries are provided and signed by the
content providers or a representative of them. The owner of the device has no control on the
content of these binaries. At best it is possible to replay the exact method of creating the binary
and verifying that it was created from a certain set of sources. Tooling to do this verification
does not currently exist.
DRM from boot time removes all the freedoms FOSS promises the user of the device. It does
put the advantage of cheap, high quality software in the hands of the manufacturers.