FAQ is a bit confusing. They say there's only one keyring, but at https://github.com/google/end-to-end/wiki/Keyring they admit it was not a great idea and that they're splitting the responsibilities.
Based on the last planned implementation (External Key Manager (GnuPG bridge, other hardware, network oracle etc..)), I hope it will "just work" with hardware keys.
Yes, the Keyring reimplementation is in progress and ends very soon. After the redesign, applications built on top of E2E library will be able to use different sources of both public and private keys (so it's easy to do integrations with GnuPG, hardware keys HKP, or e.g. Facebook).
One thing that is currently missing from E2E (as far as I can tell having played with it a little in the last month) is any kind of web of trust. When I import a key, I can't tell if it has been signed by me or someone I trust. Is this on the radar for the UI after the Keyring reimplementation is finished?
At the moment, what we've suggested at our work is that people manage keys in GPG and then only export keys into E2E if they trust them. But it would be nice be able to do those kinds of things in E2E (or at least be able to tell if a key was signed by me).
Based on the last planned implementation (External Key Manager (GnuPG bridge, other hardware, network oracle etc..)), I hope it will "just work" with hardware keys.