Since people are talking bootware/firmware, here’s a method, BootSafe, from high-security a while back that combined language-based security, certifying compilation, and the Open Firmware standard to reduce risks in this area. It’s currently a commercial offering by a security company. Aside from that, I always thought someone could do something similar with SPARK, Rust, Frama-C, and so on that is compiled to something along lines of coreboot. I’d rather OSS projects such as that be done that way. The compilation might be certified as in BootSafe or just hand-produced from the high-level code with different people carefully analyzing it.