New 5G/6G mobile networks will allow to run distributed multi-tenancy workloads with high requirements on latency, throughput, and energy efficiency. This also demands a transformation of the underlying radio access networks (RANs) towards an architecture with open-source software, heterogeneous hardware, and interoperable interfaces as already described by the O-RAN ALLIANCE. In principle, virtualization of the RAN allows for defining additional interfaces which can be used for system verification and therefore can increase the trustworthiness of implementations. However, due to many security risks induced by the current O-RAN specification, it requires to rethink the overall security architecture from the ground up to establish trustworthy mobile networks in general.In this paper, we discuss hardware-enforced capabilities as a structuring principle for future O-RAN architectures. We present our approach of a hardware/operating system co-design to implement these principles. The evaluation results of architectural components demonstrate the technical feasibility of our approach and illustrate that security and low latency can be achieved simultaneously.