I believe the external review will cover this issue.
What happens in the design is this:
There is a 256 entropy pool called CE (Conditioned Entropy). After reseeding, the CE has been 'used' and is marked as such. A counter is reset (counter <= 0).
When a new raw 256 bit raw sample arrives and (counter == 0) the sample is mixed in to the lower half
new_CE[127:0] <= AES-CBC-MAC(k, Raw_sample[255:0] || old_CE[127:0])
if (sample was healthy) counter++
Then when another 256 bit raw sample arrives and (counter == 1) the sample is mixed in to the upper half
new_CE[255:128] <= AES-CBC-MAC(k, Raw_sample[255:0] || old_CE[255:128]
if (sample_was_healthy) counter ++
When (counter == 2) the CE is used to reseed the PRNG.
if (counter == 2) reseed_prng(CE)
counter <= 0
So it repeats conditioning and reseeding continuously at a rate determined by the arrival rate of entropy from the ~2.5Gbps supply of raw entropy bits.
You can see that if a sample was not marked as healthy by the statistical test, it would be mixed in, but the counter would not be incremented, so the next sample would also be mixed in and this would repeat until a healthy sample was received. So to get to (counter == 2), at least two healthly samples must have been mixed in, along with any number of unhealthy samples received in between. The healthy to unhealthy ratio for a working entropy source is about 99:1. I.E. there's a false positive rate of 1%.
You can also see that we do not 'replace' the CE value. We mix the new data in with the old. So even though it should never happen, a transient failure of the ES would not make the CEpool non random. The state in CE and the PRNG would be able to maintain the required security level on the output for 2^40 RdRands (as required by SP800-90). But we put a hard limit in of 2^11, which is obviously more conservative. 2^11 was not chosen to be conservative, it is simplya value that is never reached, so it doesn'tneed to be any bigger. The ES is fast enough toreseed frequently enough that wedon't get above 22 RdRands (~2^5) before a reseed.
So at least 512 bits of raw entropy (which is generally > 95% entropic) is stirred into the data which is used to reseed the PRNG. The PRNG maintains 256 bits of internal state (k and V)and outputs 128 bit values.
We do not control the content of the external review (that's the point of an external review). But I'm pretty sure it will cover this.
Dodis et al.  have analysed the security of CBC-MAC, the cascade construction and HMAC, and were the first to do so in the standard model. Their results for CBC-MAC are of little practical use, since a security level of only e = 62 bits can be achieved using existing AES block ciphers, which all have a block size of 128 bits. To achieve a security level of e = 82 bits for the extractor, a block size of at least 169 bits would be required.
That seems to indicate that AES CBC MAC has somewhat limited effectiveness, even in the case where there's a fixed number of inputs.
My motivation in getting into so much detail is due to the cryptological applications I'm working on. The analysis required to do that properly can be somewhat delicate. For example see On the (non)Universality of the One-Time Pad by Yevgeniy Dodis and Joel Spencer.
Hence I really appreciate your patience in helping me out with some of these details. I believe there are probably many other practioners out there with similiar applications and concerns, so hopefully the trouble you're taking with me on this will help them out as well!
It's certainly possible that I'm misinterpreting something you wrote, or that references that I cited are not actually applicable in this case, if so I'm looking forward to being set straight on that!