There are also a number of people making minimal OSes, interpreters, and compilers that you can, for example, assemble by hand and type in "from scratch".
There was a nice list of those that I can't find right now, but you could look at
Yes, you can definitely get very severe attacks from backdoored hardware. Some of them appear almost impossible to defend against with software alone.
On the bright side, it's hard to imagine that many of these attacks will be self-propagating, which is the particularly insidious thing about the Trusting Trust attack. Yes, hardware is used to design hardware, but typically in a more indirect and heterogeneous way than the "compiler compiling itself" scenario. To be concrete, I'd say Microsoft or Canonical has much more to fear from a Trusting Trust sort of attack than Intel does, but the software developers also have better options to contain or detect such an attack.
https://dwheeler.com/trusting-trust/
There are also a number of people making minimal OSes, interpreters, and compilers that you can, for example, assemble by hand and type in "from scratch".
There was a nice list of those that I can't find right now, but you could look at
https://bootstrappable.org/projects/mes.html
as one example in this direction.