From my point of view, a hardware wallet has to be totally opensource, both software, firmware and hardware.

This reduces the options to only three:

Trezor one, Trezor T and Jade.

Trezor one and Trezor T you have to use passphrase if or if because they are vulnerable to seed extraction, or sd protection in Trezor T to mitigate this vulnerability.

Jade is not vulnerable to seed extraction.

Therefore Jade, but using the firmware no radio to disable bluetooth.

Post: Also seedsigner, but I don't like having to have your seed always available.