Is rdrand really the very last stage? As in the output is "stream XOR rdrand"? If that is really the case it puts full, 100% trust in Intel not to insert a backdoor. It wouldn't even be hard. All the CPU need do is check for the xor operation used with rdrand as an operand, and instead of performing the xor, substitute the backdoored pseudo-random stream instead. No runtime monitoring of internal state would be necessary, the whole thing could be done at the assembly to microcode translation layer.