The only solution is open source, auditing source code and building from source code without binaries. First build an OS without using any binaries, then build the rest of the stack, auditing the code for each stage before doing any building.

Some solutions for that include Bootstrappable Builds (and StageX), Reproducible Builds and crev.

https://bootstrappable.org/ https://stagex.tools/ https://reproducible-builds.org/ https://github.com/crev-dev/