@tinker @djnick The core of the problem is the OS.

Namely, an OS with a kernel lacking any meaningful fault isolation.

The research for making OSes not vulnerable to that sort of problem has been completed since at least the 80s.

There really isn't an excuse.

The research for making /performant/ equivalents that do not require special hardware is newer (Singularity OS project is one example from the very same OS publisher, for instance), but was also mostly completed a few decades back.

Trusting Trust is not about the same problem (malice of the component doesn't matter so much if it never has access to anything it shouldn't anyway), but even so David A. Wheeler's paper was published a while ago now.

(Caveat of course being that malicious components can still potentially DoS the system and hardware vulnerabilities can also enable complete compromise despite there being no logic-level flaw in the isolation.)