This design does actually have a second external FPGA chip, which is in the "Untrusted" domain. It's running an ICE40UP5K, and acts more as the power management IC that turns the secure domain on and off.