@theruran @janneke another issue that arises once you take hardware into the picture is: you cannot cross-compile hardware; nor can you hash your hardware and compare it to some known-good hardware.
You may trust your board to really run the code you give it; you may manage to bootstrap a x86_64-linux-gnu GCC on it and confirm it's identical to what your distro ships. But that still doesn't guarantee you that your Intel processor actually runs what your binary says.