I don't think BIP85 or passphrases protect you in case of malicious firmware

joko

Or bip85 and some passphrases to keep it simple. Multisig is tricky.

JeanLamine

The point of the article is that there is a way to not having to trust the supply chain of your hardware wallet. Usually there is no easy way for a manufacturer to steal users funds (if they know what they are doing), except for a convert nonce channel. Anti-Klepto fixes this. 

MultiSig eliminates that problem, but introduces others.

I need to multisig asap. I'm always considering that one of my hardware wallets may be compromised. The FBI sold honeypot burner phones for years without being detected. What are the chances that a state actor hasn't compromised the supply chain of one of the major hardware manufacturers?