> Does anyone actually have faith in their hw+sw security these days?
Not much.
We actually know how to deal with most of the things you mentioned. There are simple CPU cores that don't have speculative execution problems. It is possible to achieve memory safety. Formally proven OS kernels exist. Physical security is largely understood and can be made very difficult to compromise.
Why don't we have all this as routine? Because security theater is cheaper than actual security. The value of 'cheaper' here is very broad and includes avoiding all of the costs that emerge with robust security including opportunity costs.
Intel seem to be paying a hefty price lately for some security shortcuts they made in hardware compared to AMD (who paid the opportunity cost; security measures don't happen by accident, and they do slow you down).
Good security is getting rarer all the time, and therefore expensive; I think a lot of people would be interested in having a small truly secure system (say, for storing your cryptocurrency keys), and as I wrote, I sincerely don't know where to practically begin with this.
Is it commercially available? Concretely speaking, what can I buy, and what software should I run on it?
But the gains they made have surely outweighed any current hit? Also I haven’t perceived that much of a hit (although I’m not in the industry): are they selling more CPUs? AMD have an opportunity, but I haven’t seen that translated into sales to hyperscalers or consumers (beyond what they were achieving anyway).
Same as Microsoft knowingly for decades chose functionality before security - with the cooperation of plenty of customers that knew better.
Not much.
We actually know how to deal with most of the things you mentioned. There are simple CPU cores that don't have speculative execution problems. It is possible to achieve memory safety. Formally proven OS kernels exist. Physical security is largely understood and can be made very difficult to compromise.
Why don't we have all this as routine? Because security theater is cheaper than actual security. The value of 'cheaper' here is very broad and includes avoiding all of the costs that emerge with robust security including opportunity costs.