Those are just restricted-boot CPU's, not secure CPU's. I agree secure CPU's will make attacks more difficult. Here's you a few examples of them with various tradeoffs:
So, spread word on things like those, esp CHERI given FreeBSD support, instead of that DRM garbage that uses the word security but is more about marketing & control. ;)