Though i feel what you say about the ROM might be true, you still sound like someone, who is not on the side of free and open-source software and hardware users. I am not wanting to get paranoid here, but encrypting the boot procedure and starting the custom kernel in a kind of fake Supervisor mode and pretending to a custom firmware to be sitting on an untampered board, that is what would be the natural way in our days to infiltrate private users home networks and VPN’s and whatever else by simply selling them hardware with Trojan horses, backdoors and trapdoors included. I guess that is where we are since some years. That is the reality that we have to live with. And the other part of this reality is, that systems attempting such a high level of control and access to devices, where they have no business whatsoever by human rights law (privacy law, secrecy and privacy of communication,…) and maybe also by the terms of business under which such devices were sold to customers, will inevitably enter the realm of crime: rape, murder and theft is their natural habitat be it state departments of intelligence or private maniacs, who try to have total control and power over some users hardware and software.
Thus, in order to solve such questions, it needs: legally binding terms of business for trading and selling and producing hardware, e.g. legal safe use standards for hardware, signed by producers and guranteed by the state. Then maybe the community should also start to think, what is actually the purpose of such high infiltration of our computational devices by spyware, malware,…? Not everyone in this world is abusing your device for cryptomining (some companies selling you hardware might even do it legally without you knowing by the terms of business your hardware was sold to you).
Personally, i made my experiences with spooky and improbable things happening in my personal home network, which would everyone make to feel as if being in a horror movie, where it becomes clear that some entity is there, which wants to demonstrate to you its all-powerfulness over your network and computation devices. Let us assume, you actually are completely infiltrated and your every move on your network and computer is protocoled, logged and observed by some outsiders. Then: Who could that be? Is it state entities, who have pissed off the geniuses of their country and who want to find ways to do some NLP and social hacking in order to FORCE them against their human and social rights to work for them, because through all their crimes and violations of human rights they have been uncapable of simply writing a letter, where they make a nice offer to their geniusses according to their real standing (despite what communism and savage capitalism think, there IS actually some objective value of knowledge, understanding and the human possessing it)? Or private entities, who do not want to bother to respect anti-slavery and anti-torture human rights?
If we look into the problem of establishing a good (uninfiltrated) basis for our computing devices on a deeper level, it is maybe our own subconscious, which we are struggling against, when we try to get rid of spyware, malware, Trojan horses, backdoors, trapdoors,… Maybe it is a matter of integrating this dark omnipresent part of us into our way of computing, such that we can actually be happy in a world like ours where DRM and police states with a thousand eyes are getting too strong.
From my personal experience i can share one remedy against people abusing their power over such infiltration systems and who simply conspire to destroy an individual by putting up a wrong case against this individual in order to be able to “justify” infiltrating the individuals network and computer systems by backdoors and trapdoors and other Trojan horses restricted for government use only and only under circumstances clearly listed in the exceptions for human rights policy (war, plague or other situations endangering the state as a whole or certain crimes,…). As Jacob was struggling against god in the book of Genesis in the bible and he won over him, in the same way it is possible to overcome ones infiltrators by wrestling them down and dominate them instead of being dominated by them: Control your controllers, destroy your destroyers, wipe out the enemies of god so to speak. This is the more so true, as people, who establish total control over a persons home network and computers have the burden of seeing everything and this can easily mean “seeing too much, to be left alive”. Even attempts to distribute the burden by shift changes or dividing up competences of the people monitoring a person does not really solve the problem, as the only way to really get rid of the burden is to let loose on the total control over a person. Thus, even if you are under complete control and you are watching child porn all the time, then the reaction of your controllers maybe would not be to turn you over to the authorities, but to restrict your access to such sites (even in networks like Tor) as they actually do not care about you breaking the law (they are themselves violating YOUR inalienable human rights massively by monitoring you), but just about such things appearing in their logs and protocols monitoring you as they want to go around with that logs and protocols to show to others for achieving certain things, e.g. getting legal permissions and justification after the fact for things they have been illegally doing already before…
We remember all how during Corona and now during the Ukraine case our human rights are stretched, state properties all around the world have been systematically raided and abused leaving a large part of a states people deprived of necessary state protection. And now slowly the tide is turning and the failures of the states will bounce back on those, who have tried to uproot the states primary functions to protect its weak members.
It is also possible to put up arguments on the level of security and cleanliness from infiltration one can achieve by cryptographic protocols commonly applied in our computer (networking) protocols as e.g. Bruce Schneier explains in his famous book “Applied Cryptography” (Applied Cryptography ( Bruce Schneier) : Free Download, Borrow, and Streaming : Internet Archive). The general concept in such issues seems to be that there are too extremes: 1) taking no care at all about security of your communication and 2) securing your communication so much, that there is nothing left to talk about to anyone. It is also a little bit like in the uncertainty principle in quantum mechanics, but just for information technology: either you get complete safety of communication or meaningful messages transmitted over your communication channels, but not both at once. Thus, a trade-off has to be made. Look e.g. at Telegram messenger vs. WhatsApp. Live is a give and a take as my beloved father used to say always, while he was still alive…