DRTM, SMM attestation and remote attestation have evil maid attacks in their threat model, with a firmware TPM or SoC enclave that isn't subject to mitm.

Password keystroke surveillance (from sniffer, optical cameras or RF WiFi Sensing) can be mitigated by removable 2FA/smartcard.

TEMPEST info leakage from displays, components or RF implants can be measured, as SDRs and machine learning lower decoding costs, https://news.ycombinator.com/item?id=41116682

Some enterprise PCs can detect when the case cover is opened, e.g. http://h10032.www1.hp.com/ctg/Manual/c07055601.pdf

All of those really reduce the risk. But I wouldn't trust them to be able to stop the CIA, KGB, or whatever the Chinese equivalent is.

Nation-state attackers can afford to exploit zero-day vulnerabilities that bypass OS security protections.

Ok, you can make every chip/device communicate with each other using some challenge-response authentication.