One simply cannot properly secure a general-purpose operating system.
We suggest a solution that involves taking both the Blue Pill and the Red Pill: providing the trusted path by means of a separate device with a secure operating system, used in tandem with the existing general purpose operating system.