IMHO, your preoccupation with LUKS is completely misplaced. The vendor had direct access to your hardware. They assembled it. They had countless better opportunities to do something malicious that you would never be able to detect. This is like finding out your reality is a simulation, and your main concern is that the whoever’s running the simulation might have stolen the (virtual) money out of your (virtual) safe. It is simply the wrong thing to be concerned about. If you don’t trust your hardware, you can’t trust anything that runs on it.