I implemented a firmware signing infrastructure for a large embedded hardware manufacturer using USB Nitrokey HSM devices (sub-$100/ea). We got the functionality we wanted from them at a fraction of the price point of the "big name" HSM manufacturers' offerings. The development effort to integrate the Nitrokey HSM, as a simple PKCS#11 device, was very simple. What we could get of the big-name HSM manufacturers' development docs, w/o an NDA or a purchase, looked to be much more difficult to integrate.
Well, I don't know if they really meant rack-mount gear, but sure it costs a little extra to get it usable with a general-purpose computer.
Specifically, you can get that Microchip HSM in a form factor that plugs into a click shield, then plug the click shield into a Raspberry Pi's GPIO pins. You now have a PKCS#11-usable HSM from a Pi. Including the click shield still puts the cost at <$20.
(I have a few such setups lying around because my $dayjob includes a PKCS#11-consuming application that runs on such setups.)
