Their AES implementation uses old-school 2-share boolean masking [1], which has been shown to be insecure since 2005 [2][3]. A modern implementation would use domain-oriented masking [4], like OpenTitan does. Pretty bad look for Crossbar.
[1] https://github.com/baochip/baochip-1x/blob/main/rtl/modules/... [2] https://link.springer.com/chapter/10.1007/978-3-540-30574-3_... [3] https://static.aminer.org/pdf/PDF/000/086/973/successfully_a... [4] https://eprint.iacr.org/2016/486
That sucks, but also probably the best vindication for their strategy; any other mcu and you just wouldn't know.