There's a much more straightforward way to achieve multi-party security; require M-of-N signatures throughout the entire PKI. No single root-CA, but M out of N root-CAs required to produce a trusted signature for any given message or intermediate CA.
HSMs should only sign messages if a minimum number of authorized users request the message to be signed (by its hash), and downstream systems should only trust messages signed by a quorum of HSMs (at least 2).
For banking as an example, each bank should require some minimum number of distinct authorized signatures on each transfer request from another bank.
Individuals can have a personal public/private key, but HSM actions should also require multi-signature requests from both the user key (stored on FIDO2 or smart card) and a device signature from a list of devices the user is authorized to use, which reduces the risk of rogue devices tricking users into signing requests.
Go back to using bog-standard laptops everywhere because no single device is in the critical path of security; if a single HSM loses its keys then have it generate new ones and add the new keys to the set of N possible keys allowed for root signatures and remove the old one. Only if too many HSMs need to have their keys restored would administrative users have to resort to SSSS to recover all HSM keypairs at once, but the procedure would be done one HSM at a time with potentially different sets of users responsible for recovering each HSM. There never needs to be a single set of people that can restore the entire PKI; instead have K groups (for K KSMs) of N people, of whom M of each group are required to restore an individual HSM, where only L HSMs are required to operate the PKI. There can even be some intersection between the groups of users per HSM so long as the intersection between any two HSMs < M.
HSMs should only sign messages if a minimum number of authorized users request the message to be signed (by its hash), and downstream systems should only trust messages signed by a quorum of HSMs (at least 2).
For banking as an example, each bank should require some minimum number of distinct authorized signatures on each transfer request from another bank.
Individuals can have a personal public/private key, but HSM actions should also require multi-signature requests from both the user key (stored on FIDO2 or smart card) and a device signature from a list of devices the user is authorized to use, which reduces the risk of rogue devices tricking users into signing requests.
Go back to using bog-standard laptops everywhere because no single device is in the critical path of security; if a single HSM loses its keys then have it generate new ones and add the new keys to the set of N possible keys allowed for root signatures and remove the old one. Only if too many HSMs need to have their keys restored would administrative users have to resort to SSSS to recover all HSM keypairs at once, but the procedure would be done one HSM at a time with potentially different sets of users responsible for recovering each HSM. There never needs to be a single set of people that can restore the entire PKI; instead have K groups (for K KSMs) of N people, of whom M of each group are required to restore an individual HSM, where only L HSMs are required to operate the PKI. There can even be some intersection between the groups of users per HSM so long as the intersection between any two HSMs < M.