Comment by ponkpanda

Except FPGA chips/boards aren't free from malware either: https://www.iacr.org/archive/ches2012/74280019/74280019.pdf

Nor will you be immune from AMD Vitis/Vivado sideloading crap into the bitstream.

Sadly, you have to fab your own chips using sovereign facilities if you want security. Individuals simply cannot access genuinely high assurance product and there's no major government in the world with the slightest interest in changing their stance on this policy. There are simply too many governments long on SIGINT to go down such a route.