We've seen Cisco routers and other devices with malicious hardware that reports on its user's activities. We've also seen that the whole 'trusted platform' thing is incredibly hard to secure, requiring a whole bunch of crypto, signing, authentication and so forth which is really quite difficult to get right. A nation-state attacker, especially one that has time to prepare and controls a large quantity of chip production, could work around this easily. Presenting seemingly known-good but covertly malicious hardware to the operating system is trivial for such an attacker.
One has to assume that the goal of this project is not to protect against such an attack - no software really can - and instead to secure as best one can the software side. I'm not convinced they've done a good job of that either. Using a non-root user is a trivial thing to do but puts in all the security that Unix has had by default for more than thirty years. Using SELinux and containers these days is a no-brainer for building an operating system secure against software attacks. They really need to set the bar much higher.