You transfer the PSBT (partially signed Bitcoin transaction) via QR codes. A compromised chipset in 1 device might try to change your payment to a Bitcoin address that doesn't belong to you. When you transfer the PSBT to another computer (which could have an OS that is only ever temporary or otherwise never connects to the internet as to ensure we don't have a virus) we can check the information of the PSBT to verify nothing was changed.

After we verify the information is correct, we can sign and transfer to the next device for broadcast.

Now, something people don't talk about that much is printed circuit boards. https://kitspace.org/boards/github.com/neotron-compute/neotron-32-hardware/

These boards are so simple, you can visually verify all the circuitry is correct. The downside is that it doesn't have a secure element like the cold card does.

Anyway, that's all very nerdy stuff. The simple solution obviously is to just use a cold card and multi-sig with people you trust but who don't know each other (if necessary at all)