Well it shifts the target a bit. Instead of infecting the compiler you'd try to infect one of the core OS components (presumably in the kernel) and have it detect when those were being compiled and insert itself. Probably also infect any compilers you detect while you're at it as well.

This would probably be a bit more difficult to pull off. If someone did pull it off, fully reproducible builds ought to make it readily detectable at least in the absence of some extreme rootkit contortions.

There are no Linux/other kernel binaries involved in the bootstrappable builds scenario either, only the 512-byte bootstrap seed of machine code, which is written as commented hex, which you then input manually and run. In theory that bootstrap seed could be backdoored, given the size that would be unlikely and auditing it should be feasible.

Reproducible builds wouldn't help here, since all binaries would be backdoored equally. They only help with situations where one build machine is compromised but another one isn't.

Fair enough, you had specified a freestanding seed so we were talking about slightly different things. You can of course go to extreme lengths to bootstrap a secure machine including manual input. Well actually that might be quite difficult in practice seeing as modern computers don't exactly accept punch cards. Presumably you had to prepare the digital media that provides the payload somehow. But regardless.

The much more common scenario would be bootstrapping something like Guix from within a running OS from a much smaller set of initial binaries than you otherwise might. And that host OS could in theory have been compromised. But I think that attack is a significantly higher bar than a compiler binary that compromises itself.