What is the TROPIC01 chip?

TROPIC01 is an open, auditable secure element. In Trezor Safe 7, it protects your PIN, proves device authenticity, and provides secure randomness for wallet creation.

This article explains what TROPIC01 is, why openness matters, and how it strengthens Trezor Safe 7.

TROPIC01 is built by Tropic Square, a SatoshiLabs company focused on verifiable hardware security.

The story behind Tropic Square

Tropic Square is a SatoshiLabs company focused on building secure chips that anyone can inspect and verify. Instead of hiding the design behind non-disclosure agreements (NDAs), they make the technical details open from the start.

This “audit-ready” approach means independent experts can review the chip’s design, test it for weaknesses, and confirm that it works as promised. The aim is to provide security you can trust because it can be openly verified.

The name Tropic stands for “Truly Open Integrated Circuit.”

What makes TROPIC01 transparent?

Unlike most secure chips, the TROPIC01 is designed to be open from the ground up. Tropic Square has published its Data Brief (PDF) and full Datasheet (PDF), which describe its threat model, protections, and real-world use cases. Both make clear that the design is intended for independent review.

Developers and auditors can go further. The User API (PDF) explains how the chip works at the command and register level. On GitHub, the open-source libtropic SDK and the TROPIC Verification Library (TVL) provide code and models for testing and integration.

This openness follows Kerckhoffs’s principle: security should rely on the secrecy of keys, not the secrecy of design. By making the chip’s design accessible, experts can verify, test, and improve it. This is the essence of Tropic Square’s “open-architecture” approach.

Key technical features

TROPIC01 combines open architecture with advanced cryptography and hardware-level tamper protection.

Security architecture

• Open RISC-V controller core
• Hardware root of trust for secure key storage and device identity
• Secure firmware update process for transparent maintenance

Physical protections

• Voltage, temperature, electromagnetic, and laser sensors
• Active shield and tamper-detection logic
• On-the-fly memory encryption and address scrambling

Cryptography and entropy

• Ed25519 and P-256 signing
• X25519 key exchange
• SHA-256 / SHA-512 hashing
• AES-GCM encryption
• Physical Unclonable Function (PUF) creating a unique chip fingerprint
• True Random Number Generator (TRNG) for cryptographic randomness

The TROPIC01 chip’s roles in Trezor Safe 7

In your Trezor Safe 7, TROPIC01 works as one of two secure elements in a dual-chip architecture. It collaborates with the OPTIGA Trust M and the device’s main microcontroller to protect your wallet on multiple levels.

1. Hardware-enforced PIN protection

TROPIC01 enforces PIN attempts directly in hardware using its unique mechanism.

Each attempt consumes a one-time physical slot, making resets or rollbacks impossible. This prevents brute-force attacks and strengthens protection against fault-injection attempts.

2. Authenticity verification

The chip stores cryptographic certificates that confirm your Trezor Safe 7 is genuine.

During setup, it helps verify that the device was built by Trezor and hasn’t been altered or replaced.

3. Secure randomness for wallet creation

TROPIC01 provides high-quality randomness through its TRNG and PUF.

This entropy is used when generating your wallet backup, ensuring your private keys are unique and unpredictable.

To learn more about how the two secure elements work together, see Dual Secure Elements in Trezor Safe 7.

Summary

The use of the TROPIC01 chip in Trezor Safe 7 reflects our deep commitment to security through transparency.

By choosing an open, auditable chip, we help ensure that the security of your device can be verified by experts and trusted by you.