The only way to make any source code secure and reliable is to make it available for public scrutiny,
especially when the code involves cryptography.
However, a crypto algorithm code can't be correctly reviewed, if it does not include the code which
uses the said crypto algorithm, namely the Flutter communications code.
In any case, Taylor is better off implementing half crypto in hardware and half in software, since
Flutter frequency hopping is sensitive to processor availability, and crypto tends to be heavy on the resources.
Device authentication and comm channel establishment can be securely implemented in software, since
they require relatively less resources compared with constant data encryption provided by AES, either
implemented as hardware or software.
For better efficiency, the Public Key Infrastructure is best implemented as C code, since I assume Taylor wishes to conserve CPU resources.
This unfortunately makes code review more difficult, since it requires fluency in C, which requires a lot of training.
Even so, the situation can be improved a lot, should Taylor choose to document his source code in depth.
There are a few options I see available to him regarding crypto, where the one with the easiest and least secure implementation would forgo the PKI and rely solely on AES.
The second option for him would be to read up on crypto, implement something in C, and give it out to the public for review. This is time consuming and error-prone, however, thanks to the Feature Creep, Taylor might be able to implement a PKI at a later date.
The third option, which would be the fastest, the most trustworthy, but would require finances, would be for him to hire a seasoned C crypto developer, who would be able to develop the PKI in time for product launch.
Still, we have to take into account the necessity for the crypto.
The chances that someone breaks into someone elses Flutter network in a couple of months after product release is fairly negligible, which makes it unnecessary to immediately develop ultra secure PKI.
Therefore, it seems to me that the second option would be the best, considering the conditions.
As for the AES chip and encrypted data transmission itself, while I am not discreetly familiar with the process,
I believe it to be a straight forward matter of relaying data to the chip, which returns it in an encrypted form,
which gets directly transmitted over the air.
As for establishing a comm link for the former process to take place, I have no specific information.
Perhaps Taylor would enlighten us on the said matter when he is able to find a moment to visit the community.