Microchip, for example, offers a similar SDK for their secure elements (like the 608b) called "cryptoauthlib" (https://github.com/MicrochipTech/cryptoauthlib). All code is viewable and they have a basic copyright that doesn't restrict its use (except that it must be used with Microchip products).
It's not open source.This reminds me on what Coldcard is doing with their source code
This Infineon chip used by Trezor is absolutely no more open than any other competing chip, except that Trezor purchases it without signing an NDA. That's it.
Did you (Passport Foundation) sign any NDA with Microchip?