Not necessarily true, you can do it with just a display (and two buttons) like the Trezor does[1]. You can probably even omit the buttons using this model:
1. Send message to sign over the wire
2. Display message to sign on the device's screen
3. Send a message to continue or reject over the wire
4. Device displays scrambled pinpad
5. User enters PIN on the compromised computer, using a blinded pinpad (like the Trezor)
6. The blinded PIN is sent over the wire to the device
7. The device verifies the PIN, and if correct, signs the message displayed in step 2
8. The signed message is sent over the wire to the compromised device
I am curious about hardware Bitcoin wallets, because transferring from an address reveals the public key. Do hardware wallets like Trezor do single-use addresses?
Hardware wallets use the BIP32[1] spec to implement "Hierarchical Deterministic" (HD) addresses. Using a single seed phrase (stored internally on the device, and also written down external to the device, neither copy should ever be online), you can generate an infinite number of addresses for your wallet. Every time you request a payment, you get a different address to send to, there is no address reuse (unless you or someone else chooses to send funds to an address that has already been spent from).
Door locks without displays are fine. I agree that some method of entering a PIN would be good since right now the PIN goes via the potentially-compromised computer.
But you have the bulk problem... it's a tough industrial design problem.
If you don't trust the computer you are signing in from don't use a YubiKey or any other token.
Tokens are fine to ensure that credentials cannot be easily compromised and to provide 2FA.
PED security is really critical when the goal is to duplicate the token e.g. credit cards if your machine is compromised then any data protected by the Token can also be compromised as soon as you access it.
When in doubt wipe, while it's nice to have a robust security stance in this case I don't think i would matter much.
