(Note: Not talking about Apple now, hypothetically...) How would one do this on a fully trust-chained system with processor support?

Barring software bugs that allow for arbitrary code exec as the binary?

Signed package + necessary keys embedded in silicon -> processor verfies signature at memory load -> processor disallows user privilege escalation to write to arbitrary memory