I never trusted hardware wallets, from my research, airgapped old laptops runnig some linux distro are the best way for cold storage. You must learn how to bring raw transactions from your airgapped computer into an online node, I haven't learned how to do this yet, I will eventually get into it.
Hardware wallets might be not a best choice for cold storage, but they are still a good choice if you want to access your bitcoins on many different computers which might be compromised. I used to encrypt my Electrum seed using VeraCrypt but I was too scared of keyloggers and other malware. Right now I don't have to worry about it since my TREZOR has a touchscreen to input everything on the device. It is still possible that this model might get hacked anytime soon, time will show us.
If your computer was fully encrypted and never accessed the internet, then how could it have a keylogger? Assuming it's properly airgapped, that is, no physical wifi card, ethernet card, or anything else of this nature, then even if somehow the computer got infected with a keylogger, how could the keylogger communicate with the attacker to send the logs?
Seems pretty solid to me. Meanwhile, hardware wallets have their own RNG and you can't just never be fully sure, and the fact that they are devices supposed to contain bitcoin by default it's just an obvious target.