trusted execution is also a thing, just largely unused/underutilized. in my opinion hardware/software platforms can be designed such that the only real exploit would be for someone to insert an attack vector into the hardware (IC) itself, which is nation-state level work. again, possible but not used in practice because of the perceived risk-reward tradeoff at the moment.
