Not sure how to best say it, but I think in the end it's better to not put any trust into any hardware- (or software-) provider anyway, it shouldn't matter whether your chips are built by a "good" or "bad" actor, just assume it's a bad actor when designing the systems around it. Maybe this leads to more robust systems overall, also for cases when there was no "evil intent" (see Spectre/Meltdown).
That's not practical. If bytes anywhere in memory can trigger a backdoor, webservers won't be possible because they have to listen to arbitrary requests.
It's maybe not practical, but it is not impossible. You can build a four-component system that does the job. You build two computers with different ISAs from vendors you assume to not share a backdoor, and let all I/O happen through a simple verifier, that copies the input for both machines, compares byte for byte their output. For cryptographic purposes, the random number generators of the machines must be linked, which would be our forth component. The software for each computer should be derived from different sources, which must follow the same I/O specification.
Just build it into an FPGA. Make it simple enough to verify. Done.
"Everything has vulnerabilities!" - Bullshit. Connect your Ethernet MII to a decoder that sets an LED if a certain pattern comes by. Can you hack it, to make it turn on when it isn't supposed to, with crafted network packets alone?
