Indeed the secure elements are closed source, however trezor is developing an open source secure element called tropic. On the other hand, there is an alternative solution which is the one used by coldcard, with several secure elements, in this case two that do not trust each other.