It can literally take control of the machine. Even if it's written in Rust, there's no "this binary used an unsafe block" on binaries. If they're signing and proving everything, then what's the purpose of sticking that code in user space to begin with?
There does exist a precedent in tha mainframe world of trusted compilers and mechanisms of verifying that a piece of code was produced by the blessed compiler.
I guess the embedded version of this would have to be an offline compiler & code signing based system, and the language would need to be much more sandboxy than Rust.
