The only trust-less way to protect your keys with a signing device is by DIY entirely. Any third party involved in the process introduces trust. Hardware is very difficult to DIY for almost 100% of the people, use pre-whitepaper hardware!