Or your temperature sensor being rendered useless via a clever attack?
Perhaps by something as simple as by a clever pattern of temp sensor reads causing your code to think temperature is in safe range for your application?
Or causing your code to execute extra multiplies to generate heat to hide a momentary temperature drop.
My point is even if you could 100% trust your supply chain and 100% validate your silicon matches your design, there are still residual issues.
For example, power supply glitch attacks [0] are nowadays well known, including techniques to make them sufficiently reliable.
Perhaps by something as simple as by a clever pattern of temp sensor reads causing your code to think temperature is in safe range for your application?
Or causing your code to execute extra multiplies to generate heat to hide a momentary temperature drop.
My point is even if you could 100% trust your supply chain and 100% validate your silicon matches your design, there are still residual issues.
For example, power supply glitch attacks [0] are nowadays well known, including techniques to make them sufficiently reliable.
[0]: https://www.google.com/search?q=power+glitch+attack