How does 4.1 generate Encryption Keys?

That is, I see for some Computer OS’s computers use Intel Firmware to generate/acquire Entropy for creating Encryption Keys. Long ago we were asked to move cursor around, type onto screen.

As I wrote about on the general forum. The requirement for Windows to use TPM 2 for Windows 11 was said to be for creating Encryption Keys better. ???

To be more specific. If I am creating the Initial Luks hard drive encryption key on install. Then what parts of the MOBO, Firmware, or Intel involved? Why do the Qubes developers trust this?

If I am creating the login Encryption for Qubes account. Same questions.

If I am creating a PGP keypair to use for Email. Same questions.

If I use a Nitro Key/Librem which I read somehow creates Encryption. Same Questions.

Coming back to, and I am sure that you folks are far more up on this than I am. What makes the Qubes Developers sure the current means of generating Encryption keys with, in Qubes 4.1 is reasonable secure?