Unfortunately that died, because Oracle stopped being willing to cooperate with the port [1]. Of course, I understand why they might not see it as being in their commercial interests to support porting their OS to a competitor's hardware; but, I think their turn away from openness with Solaris accelerated its decline rather than delaying it.
(Disclaimer: ex-Oracle employee, but I was never working on Solaris directly, just on higher-level middleware stuff which sometimes ran on Solaris, and I really don't know anything about this topic beyond what has been reported in the media.)
Constructing a scheme where NSA is an active agent in the threat model was not an original requirement :)
You are welcome to introduce any way to produce any part of a router or a PC for that matter that would protect from NSA, it seems that the biggest players in the field are still working out and it is very much a work in progress. When you have an adversary that is able to intercept hardware in transit and spend endless amounts of dollars on devising clever hacks or undetectable hardware exploits, then yes, you're right, some TLS scheme, regardless of where the certs are, is not going to be enough.
Turn of millennium was era before of SSL/TLS. Livejournal did not want to send clear text password during login to the site. SRP was patent encumbered (and anyway implementing proper PAKE in JavaScript of that era was unfeasible).
The usual problem is not shutting down the reactor: both TMI and Fukushima was properly shutdown. Important task is cooling down the core (and SFP) after that.
Left on its own, halted thermal reactor generates hundreds MW of heat after shutdown. That heat destroys cladding of fuel, generates explosive Hydrogen and causes meltdowns of former core.
It is believed that ATF, core catchers and electricity-independent passive cooling will reduce risk of this types of incidents, commonly called LOCA - Loss of coolant
Fukishima unit 1 had an Isolation Condenser, which is the sort of passive safety system you're talking about. It required no electricity, merely that some valves be open. Supposedly after the earthquake and before the tsunami, the operators opted to close at least one of those valves for reasons that are a little hazy, but might have had something to do with not cooling the reactor too fast. After the tsunami, they couldn't electrically control the valves, and for some reason there was ambiguity about the state of the valves, and no one went to physically check them and open them until it was too late and the fuel had melted.
And even port to IBM z/VM ("Sirius"): https://www.theregister.co.uk/2008/10/17/solaris_on_mainfram...