Yeah, I've been happy with my SoloKey, but OnlyKey's integration with a software password manager + OpenPGP + SSH keys is really enticing. I'm on the same boat as a lot of others here, however, that the lack of open hardware is a deal breaker.
Just wondering, what additional security would you expect from open hardware vs. open software with transparently designed hardware? From a threat modeling perspective it seems that if the device is just using one chip onboard there are no clear security advantages of open hardware. Open hardware would only be provide a security benefit if you are planning to make your own security key, which most people won't be doing. And by being open hardware there is an additional threat model created where it is now easy for adversary to create identical clones of security key that can be used maliciously.
Ultimately, it's just a personal belief that all knowledge should be free as in freedom. SoloKey Hacker Edition in particular lets you run custom firmware, so you can at least be confident in the software side of things, and build upon it.
Open hardware has the benefit of being able to build it yourself, which is the only completely secure option. The downside is, indeed, the ability to easily create malicious clones, and the fact that you simply won't be able to build it yourself for any remotely modern hardware. So yeah, there's really no security benefit to it in terms of hardware.
Proprietary hardware has the upside of needing reverse-engineering to create a malicious clone / part, and the transparent design helps you make sure that they can't do a sloppy job at it.
It's a shame that tradeoffs have to be made once technology reaches a certain level of complexity, but alas.
