That's the entire point of verified boot with custom keys, you don't need to trust Motorola or Lenovo. You can control what runs from the first boot, the threat model for a compromised supply chain is different from a backdoored chip. If you are worried about the latter that applies to every manufacturer including Google & Apple.