hannob aptly explained why I left my job, because Quantum RNG is a gimmick and doesn't solve any real problems. But to expand on that, it was heavily marketed with the idea that somehow we're living in a "entropy starved" world. We do a pretty good job of gathering entropy today from various sources such as mixing unique identifiers of hardware, CPU jitter, interrupt timing, RDRAND (which is a similar design to metastability of ring oscillators), etc. So the remark if you haven't managed to generate one secure 256-bit key then you have much bigger problems resonated heavily with me, and I realised there just isn't a need for gigabit speed TRNGs and the Quantum marketing is just scare tactics which my employer employed.
Also no crypto library or application is going to modify its entropy source to get its randomness from a TRNG device directly when it already has access to a high quality RNG via OS APIs/crypto libraries (for a good list of these check out https://randombytes.cr.yp.to/).
The concern I would have with relying too much on a source key to derive other keys from would be if one of the keys is leaked, the others would also be exposed
Also no crypto library or application is going to modify its entropy source to get its randomness from a TRNG device directly when it already has access to a high quality RNG via OS APIs/crypto libraries (for a good list of these check out https://randombytes.cr.yp.to/).
The concern I would have with relying too much on a source key to derive other keys from would be if one of the keys is leaked, the others would also be exposed
A modern RNG would implement fast key erasure which is what Jason Donenfeld did with random device in Linux. See https://blog.cr.yp.to/20170723-random.html and https://www.zx2c4.com/projects/linux-rng-5.17-5.18/inside-li... .