Here is a thought experiment about a hard problem in auditing computer security
https://farside.link/invidious/watch?v=sOeuYuvOcl0if you didn't watch it here's the
tldr:
In principle it's possible to compromise enough of the existing software and hardware stack so that a intelligent enough malicious security flaw could hide it self from you no matter how hardcore you go with your security audit. The conclusion being drawn is that the only solution to making sure you have a clean system, is to start from scratch with basic logic circuitry and then slowly build up a trusted software and hardware stack.
It's a clever argument, but there is a much easier way to get around all of this.
You can get to a trusted stack simply by scrambling the logic of a cpu. The only one that will be able to run logic operations on that cpu will be the person that can use the de-scrambler-key on the logic instructions given to that cpu. Malicious inserts into the hardware will return gibberish if they try to listen, and make the cpu produce logic errors if they try to inject code. It doesn't need to be a performant cpu either, something equivalent to 1985 era processors is good enough, as it's only necessary to bootstrap a trusted environment. A moderately sized organization can probably muster the necessary funds and technical sophistication to get a small batch of scrambled cpus produced.