Precisely. Separate the perimeter CPU and the internal (safe) CPU with a serial link that cannot be compromised because physics.
…also, be careful you're using a completely dumb serial interface and not some smart shit that uses a memory mapped IO control structure or you could be looking at the same sort of DMA fuckery that exists with all of the other complex peripherals.