If you do not trust your CPU provider, your only option is a design that assumes an adversarial manufacturer. The only credible design I've seen for this scenario is Precursor, which works because generic backdoors for FPGAs (i.e. those that work with arbitrary randomized designs) are arguably impractical, since you'd need a huge amount of compute power to attempt to analyze the design and figure out how to backdoor it. It's likely even an unsolvable problem in the general case.
Of course, then you get a RISC-V running at 100MHz. If you want something faster, you need to trust your CPU provider. There's no way around that; silicon is not end-user introspectable.
https://www.crowdsupply.com/sutajio-kosagi/precursor
Of course, then you get a RISC-V running at 100MHz. If you want something faster, you need to trust your CPU provider. There's no way around that; silicon is not end-user introspectable.