All articles

Trezor Firmware hash check

What’s Happening?


Starting with Trezor Suite 24.11, we introduced an additional security measure to help protect Trezor users against counterfeit or unauthorized firmware. From now on, every time you connect your Trezor device to your computer it will undergo a firmware hash check.
 

The firmware hash check runs alongside the firmware revision check, but they are two distinct processes. The firmware revision check verifies that the device’s firmware is official and up-to-date, while the firmware hash check verifies that the firmware has not been altered or tampered with. Trezor Suite combines them under one “firmware revision check” setting for simplicity.
 

What’s New in Suite 24.11


Previously, the firmware hash check was only performed during firmware installation or updates. If a hash mismatch was detected, the Suite would flag the device as counterfeit and display a persistent warning banner.


In Suite 24.11, the firmware hash check is also run each time a Trezor device connects.


Conditions for Running the Check:
 

  • If the Suite’s firmware binary matches the version on the device, the check will be performed.
  • If the firmware versions differ (e.g., if the device firmware is outdated), the check is skipped to avoid the need for an internet connection.
 

On Suite Desktop, the check only runs if the device is updated to latest firmware offered by Suite. However, Suite Web performs the hash check for all Trezor Model One firmware versions 1.11 or newer as it downloads the firmware binary automatically, and version 2.6.0 or newer for all above devices.
 

Security Notifications: Warning Screen and Banners


If the hash check detects a firmware mismatch, Trezor Suite displays a warning screen that alerts the user that their device may be compromised or running unofficial firmware. After the user dismisses the screen, a warning banner remains visible to reinforce the potential security risk. The warning banner message may vary depending on whether the issue was detected by the firmware revision check or the firmware hash check.

How Does The Firmware Hash Check Work?

Each time you connect a Trezor device, Trezor Suite now runs a security check to verify the firmware on the device.
 

Here’s a quick look at the process:
 

  1. Match Check: The firmware hash check done by Trezor Suite presents a mathematical challenge to the device which can be passed only if the official and untampered version of the Firmware is present on the device.
  2. If it matches: The device is verified, and you can use it as usual.
  3. If it doesn’t match: Trezor Suite flags the device as potentially unsafe, displays the warning screen, and restricts certain functions. The banner notification remains visible to alert you of this risk.
 

This check also runs during firmware installation or updates, helping to keep your device secure at all times.
 

Why This Matters For Your Security


These firmware checks are part of Trezor’s commitment to ensuring the safety of your device and funds. By verifying the firmware on each connection, Trezor Suite protects users from counterfeit or tampered firmware, ensuring that only authentic, secure firmware is running on their device. This new process is automated and runs in the background, so you can enjoy increased security without any extra effort.