What security boundary can you hope to hold if the CPU is running malicious code straight out of reset (such as through a bootrom implant)? No amount of layers and defense in depth can paper over the fact that your hardware is physically compromised.

It's the whole trusting-trust thing. We don't really have a way to solve it, so it's best not to burn yourself out on it.