Yes and no. Buying a RiscV CPU has the same issues as buying an arm or x86_64, and building one from discrete components (which is absolutelt feasible, there’s multiple people that have done it) still means you might recreate some subtle and deliberate flaw in the spec (How sure are you there is none? That is the whole question). And trusting a FLOSS BIOS over a proprietary one is just accepting a different trust level/anchor. My whole point was that ultimately you cannot perfectly trust anything you haven’t designed and built yourself (and even that depends on this reality not being a malicious simulation; I am being serious), so you’ll need to consciously decide what trade-offs, if any, you’re willing to make.
Yes and no. Buying a RiscV CPU has the same issues as buying an arm or x86_64, and building one from discrete components (which is absolutelt feasible, there’s multiple people that have done it) still means you might recreate some subtle and deliberate flaw in the spec (How sure are you there is none? That is the whole question). And trusting a FLOSS BIOS over a proprietary one is just accepting a different trust level/anchor. My whole point was that ultimately you cannot perfectly trust anything you haven’t designed and built yourself (and even that depends on this reality not being a malicious simulation; I am being serious), so you’ll need to consciously decide what trade-offs, if any, you’re willing to make.