we publish the hardware design - in reality we have to run it on someone's chip, we've picked one that includes among other things AES, we just don't use that stuff, at some point we have to trust the CPU, and we use a CRC32 engine for minor whitening and stirring of our internal entropy pool - but crc32 is easy to verify (while AES is not)

more importantly we've chosen a platform that we think is unlikely to have already subverted by 3 letter agencies