Checking the hardware is viable only with sophisticated lab equipment. To check the software, someone whould have to carefully check the source code (at every release) for malicious backdoors or weaknesses, and then the client would have to check that the compiled firmware that he is loading, duly signed by the manufacturer, matches that source code. Obviously neither is viable in practice, except after the fact.
The hardware can be checked by feeding it known inputs and checking that the output matches what's expected.
Their build process is deterministic, so you can in fact check that the signed binary matches the open source code. It is also not true that every individual has to check the code every time there is a release, it can be done on an ongoing basis by a community of semi-trusted individuals.
You're really reaching, aren't you? What's your angle here exactly?