Multi-vendor geo-distributed multisig is best.  Finding all the devices is a tall order vs cracking an SE.  After all, they're just signing devices, not "hardware wallets"