Assuming you fully trust your PRNG algorithm, you really only need to do this once, generate a seed, then hash it with the current time(Assuming you have a trusted source), and whatever other entropy you have, plus the untrusted hardware RNG.
A backdoored RNG is unlikely to ever repeat patterns, that would be obvious, so it should be trustworthy enough to create a unique number.
It also probably, but not definitely can't phone home without someone noticing(Unless it can target specific people who aren't looking), and if it can, it can also send anything else it wants anyway.
An insecure but unique seed hashed with a secret machine specific value should be safe, it's not like they can manipulate the final value without having a way to break the hash, right?
You could even reuse the secret between machines as long as the attacker doesn't know it and everything else in the hash is unique.
Whatever network boot thingy or ansible job could provision random seeds when it updates the OS.
A backdoored RNG is unlikely to ever repeat patterns, that would be obvious, so it should be trustworthy enough to create a unique number.
It also probably, but not definitely can't phone home without someone noticing(Unless it can target specific people who aren't looking), and if it can, it can also send anything else it wants anyway.
An insecure but unique seed hashed with a secret machine specific value should be safe, it's not like they can manipulate the final value without having a way to break the hash, right?
You could even reuse the secret between machines as long as the attacker doesn't know it and everything else in the hash is unique.
Whatever network boot thingy or ansible job could provision random seeds when it updates the OS.