Most of them use, it is better to start with the ones that don't and are completely open source both electronic and software. Trezor T, but the seed can be extracted because of it so you have to mitigate it either using passphrase or the sd protection function, also you could mitigate it with a very long pin as it supports up to 50 characters, it is always better the combination of everything. Trezor One, you must mitigate the problem with the passphrase or with a very long pin, as before it is always better the combination of everything. Jade, at the moment has no known vulnerability. It performs the seed encryption through the pin and a second secret provided by a Blockstream server (Oracle server). You can set up your own oracle server if you don't trust the Blockstream server. Note that both secrets are needed to decrypt the seed, so blockstream can't do anything. Jade is definitely the wallet that I recommend, even if you don't know about the supply chain you can assemble it yourself (DIY). @Blockstream

For example BitBox. However, only one of the 4 keys is stored in this closed-source secure chip. The rest is all open-source.