How does 4.1 generate Encryption Keys?

That is, I see for some Computer OS’s computers use Intel Firmware to generate/acquire Entropy for creating Encryption Keys. Long ago we were asked to move cursor around, type onto screen.

As I wrote about on the general forum. The requirement for Windows to use TPM 2 for Windows 11 was said to be for creating Encryption Keys better. ???

To be more specific. If I am creating the Initial Luks hard drive encryption key on install. Then what parts of the MOBO, Firmware, or Intel involved? Why do the Qubes developers trust this?

If I am creating the login Encryption for Qubes account. Same questions.

If I am creating a PGP keypair to use for Email. Same questions.

If I use a Nitro Key/Librem which I read somehow creates Encryption. Same Questions.

Coming back to, and I am sure that you folks are far more up on this than I am. What makes the Qubes Developers sure the current means of generating Encryption keys with, in Qubes 4.1 is reasonable secure?

Qubes is not very good at generating random numbers. You can have various tools for RNG. This has been discussed in numerous topics. I use a GPS and you can see in gpsd (type command in terminal) you can use the last 3 digits of the time offset. If for some reason those are not random you have been pawned.