There are good ways to protect against malicious supply chains, like cryptographic tamper protection as we use: https://blog.bitbox.swiss/en/supply-chain-attacks/

For the issue that the BitBox could be compromised by a rogue employee, we have implemented Anti-Klepto, which prevents your seed from secretly being exfiltrated via signature nonces (also known as Dark-Skippy): https://blog.bitbox.swiss/en/how-almost-all-hardware-wallets-can-steal-your-seed/

With generic hardware, you're not solving this problem, but only moving it. Suddenly you don't have to worry about the hardware being malicious, but the code that you're flashing. Hardware wallets are made so you don't have to trust your host device, but if you're flashing your firmware from the host device to the generic hardware, that's where you're exposed to a potential attack surface.

/Joko