Another contributor here. This is one of the novel advancements made by Kong.
Specifically, Kong notes use a secure element which 1) self-generates a key pair 2) can attest the key pair was self-generated and 3) does not leak the private portion of that key pair. Section 2 of the paper (specifically 2.2) goes into more detail[1].
So your answer is "trust us". Because how would I know if the claims of the hardware manufacturer (you or your supplier) are true?
This of course holds true for all hardware. When someone creates or stores a Bitcoin key on a laptop, they are at the mercy of the laptop manufacturer.
Specifically, Kong notes use a secure element which 1) self-generates a key pair 2) can attest the key pair was self-generated and 3) does not leak the private portion of that key pair. Section 2 of the paper (specifically 2.2) goes into more detail[1].
[1] https://ipfs.io/ipfs/QmRNRCocj4PwKMXrd1jeUGw7ASQSuEk7BDJu5Ks...