Maybe booting from Tails on the USB would be more secure. Using Sparrow wallet and connecting to your own node, own vpn server added on top. Dns should be also added (pihole?). 

duuv

true, the address should always be verified on the screen of the hw device

Need to be careful with the false sense of security in this case. Whilst a compromised computer couldn't steal your seed, it could manipulate the transactions you sign to steal funds still. 

chairman_pretense

bitcoin

hardware wallet thoughts

crrdlx

HW wallets are designed to work when you don't trust the computer on which you are transacting

Insert that USB into an infected, internet connected laptop and your bitcoin is gone