This is all well and good - yes it works just fine. However as I understand it, it spoils the benefits of having a 3rd party entity be able to *exactly* reproduce your signatures to verify that your HW device is not doing anything dumb when generating said signatures. This gives them confidence that your HW wallet is not leaking information about private keys through sub-par 'random' number generation.
What would be the disadvantage of deterministically generating k each time and then multiplying by a PRNG generated number and reducing mod n and use this to sign?
Wouldn't you get protection against the failure of either method this way?