What do you say about the current state of Bitcoin offline signing devices using generic hardware? Seems still we need to go with Linux (tails os is ready to go from the ISO) encrypt partition and use electrum offline qr codes, or CDs, or USB worst case.

Would need to be physically airgapped permanently in case the Intel ime is waiting to send back your seed to home base