The purpose of this article is to give a detailed account of the software specifications and security features used by the Trezor Model One, Trezor Model T, Trezor Safe 3, and Trezor Safe 5.
The software used in Trezor devices has always been open-source to be fully auditable. Everybody can look at the code used in Trezor devices and verify its integrity, look for vulnerabilities, or come up with improvements and integrations.
We made Trezor fully transparent to eliminate the inherent need for trust and to share as much of our knowledge and ideas with the broader community.
See the SatoshiLabs Security Philosophy Manifesto if you wish to read more about our principles and motivations.
There are multiple layers of code ensuring the legitimacy and safety of operations executed by your device.
The bootloader is a simple program designed to install, update, and check the firmware loaded on the Trezor device. The bootloader checks the integrity and signatures of the firmware and runs it if everything is OK. This examination occurs every time you power the device. If the bootloader detects an unofficial firmware, it displays a noticeable warning on the device screen.
If the bootloader detects both buttons being pressed or absence of the firmware on the device, it starts in a firmware update mode (also referred to as "the bootloader mode"), allowing a firmware update via USB.
Bootloader key points: uploads, updates, and checks the integrity of the firmware; is updatable; signatures checked by the bootloader.
The firmware is the program which operates your device. Its code executes most functions and features you use. Firmware is also crucially important in making the operations secure. Firmware can be updated directly from Trezor Suite via USB and always requires physical confirmation on the device itself.
When updating the firmware, the bootloader erases the memory on the device and only restores it after it verifies the signatures on the firmware. Downgrading the firmware erases the memory.
The Trezor device implements several safety measures protecting the device against unauthorized physical access.
While adding a nice personal touch to your device, the homescreen also serves an important function. Having a custom and unique picture helps the user immediately recognize the device as soon as it powers on, thus serving as the first-line defense against having the device replaced my malicious third parties.
Changing the home screen requires PIN entry and cannot be completed without it. The same characteristics apply to the device label.
Even if you enter the PIN on the computer directly, you're perfectly safe. The Trezor PIN mechanism is protected against key-loggers, so using it even in internet cafes means no risk for you. PIN is a number that you set when you first initialize your Trezor device. It protects the device against being used by unauthorized persons.
Passphrase protection is the crown jewel of Trezor security design. Unlike the PIN, which is completely device-dependent and can be changed or disabled with no effect on your accounts, the passphrase is bound to your wallet backup.
By using a completely custom phrase, you can add more entropy to the seed loaded in the wallet as represented by your wallet backup. The passphrase and wallet backup combined builds an entirely new, hidden passphrase wallet 'on top' of your wallet backup. The passphrase is not recorded anywhere on the device; thus it can't be tracked and is unbreakable.
Wallet backup is your ultimate access to all private keys and associated data used and protected by your device.
There are multiple layers of code ensuring the legitimacy and safety of operations executed by your device.
The boardloader is the write-protected, embedded-immutable code of the device. Its function is to load and check the integrity and signatures of the bootloader. The primary purpose for write protecting the boardloader is to make it the immutable portion that can defend against code-based attacks (e.g., BadUSB), and bugs which could reprogram any/all of the embedded code. It assures that only embedded code with verified signatures runs on the device (and that the intended code is run, and not skipped). The boardloader cannot be updated, modified, or removed.
The bootloader is a simple program designed to install, update, and check the firmware loaded on the Trezor device. The bootloader checks the integrity and signatures of the firmware and runs it if everything is OK. This examination occurs every time you power the device. If the bootloader detects an unofficial firmware, it displays a warning on the device screen.
If the bootloader detects a pressed finger on the display or absence of the firmware on the device, it starts in a firmware update mode (also referred to as "bootloader mode"), allowing a firmware update via USB.
The firmware is the program which operates your device. Its code executes most functions and features you use. Firmware is also crucially important in making the operations secure. Firmware can be updated directly from Trezor Suite via USB and always requires the physical confirmation on the device itself.
When updating the firmware, the bootloader erases the memory on the device and only restores it after it verifies the signatures on the firmware. Downgrading the firmware erases the memory.
The Trezor device implements several safety measures protecting the device against unauthorized physical access.
While adding a nice personal touch to your device, the homescreen also serves an important function. Having a custom and unique picture helps the user immediately recognize the device as soon as it powers on, thus serving as the first-line defense against having the device replaced my malicious third parties.
Changing the home screen requires PIN entry and cannot be completed without it. The same characteristics apply to the device label.
Even if you enter the PIN on the computer directly, you're perfectly safe. The Trezor PIN mechanism is protected against key-loggers, so using it even in internet cafes means no risk for you. PIN is a number that you set when you first initialize your Trezor device. It protects the device against being used by unauthorized persons.
Passphrase protection is the crown jewel of Trezor security design. Unlike the PIN, which is completely device-dependent and can be changed or disabled with no effect on your accounts, the passphrase is bound to your wallet backup.
By using a completely custom phrase, you can add more entropy to the seed loaded in the wallet as represented by your wallet backup. The passphrase and wallet backup combined builds an entirely new, hidden passphrase wallet 'on top' of your wallet backup. The passphrase is not recorded anywhere on the device; thus it can't be tracked and is unbreakable.
Wallet backup is your ultimate access to all private keys and associated data used and protected by your device.
There are multiple layers of code ensuring the legitimacy and safety of operations executed by your device.
Boardloader
The boardloader is the write-protected, embedded-immutable code of the device. Its function is to load and check the integrity and signatures of the bootloader. The primary purpose for write protecting the boardloader is to make it the immutable portion that can defend against code-based attacks (e.g., BadUSB), and bugs which could reprogram any/all of the embedded code. It assures that only embedded code with verified signatures runs on the device (and that the intended code is run, and not skipped). The boardloader cannot be updated, modified, or removed.
Boardloader key points: embedded; unmodifiable; loads the bootloader and checks its integrity.
The bootloader is a simple program designed to install, update, and check the firmware loaded on the Trezor device. The bootloader checks the integrity and signatures of the firmware and runs it if everything is OK. This examination occurs every time you power the device. If the bootloader detects an unofficial firmware, it displays a warning on the device screen.
If the bootloader detects both butons being pressed or absence of the firmware on the device, it starts in a firmware update mode (also referred to as "bootloader mode"), allowing a firmware update via USB.
The firmware is the program which operates your device. Its code executes most functions and features you use. Firmware is also crucially important in making the operations secure. Firmware can be updated directly from Trezor Suite via USB and always requires physical confirmation on the device itself.
When updating the firmware, the bootloader erases the memory on the device and only restores it after it verifies the signatures on the firmware. Downgrading the firmware erases the memory.
The Trezor device implements several safety measures protecting the device against unauthorized physical access. Notably, Trezor Safe 3 has a dedicated Secure Element–the OPTIGATM Trust M (V3). In effect, it is a chip designed to protect highly sensitive information from software and hardware attacks.
While adding a nice personal touch to your device, the homescreen also serves an important function. Having a custom and unique picture helps the user immediately recognize the device as soon as it powers on, thus serving as the first-line defense against having the device replaced my malicious third parties.
Changing the home screen requires PIN entry and cannot be completed without it. The same characteristics apply to the device label.
Even if you enter the PIN on the computer directly, you're perfectly safe. The Trezor PIN mechanism is protected against key-loggers, so using it even in internet cafes means no risk for you. PIN is a number that you set when you first initialize your Trezor device. It protects the device against being used by unauthorized persons.
Passphrase protection is the crown jewel of Trezor security design. Unlike the PIN, which is completely device-dependent and can be changed or disabled with no effect on your accounts, the passphrase is bound to your wallet backup.
By using a completely custom phrase, you can add more entropy to the seed loaded in the wallet as represented by your wallet backup. The passphrase and wallet backup combined builds an entirely new, hidden passphrase wallet 'on top' of your wallet backup. The passphrase is not recorded anywhere on the device; thus it can't be tracked and is unbreakable.
Wallet backup is your ultimate access to all private keys and associated data used and protected by your device.
There are multiple layers of code ensuring the legitimacy and safety of operations executed by your device.
Boardloader
The boardloader is the write-protected, embedded-immutable code of the device. Its function is to load and check the integrity and signatures of the bootloader. The primary purpose for write protecting the boardloader is to make it the immutable portion that can defend against code-based attacks (e.g., BadUSB), and bugs which could reprogram any/all of the embedded code. It assures that only embedded code with verified signatures runs on the device (and that the intended code is run, and not skipped). The boardloader cannot be updated, modified, or removed.
Boardloader key points: embedded; unmodifiable; loads the bootloader and checks its integrity.
Bootloader
The bootloader is a simple program designed to install, update, and check the firmware loaded on the Trezor device. The bootloader checks the integrity and signatures of the firmware and runs it if everything is OK. This examination occurs every time you power the device. If the bootloader detects an unofficial firmware, it displays a warning on the device screen.
If the bootloader detects both butons being pressed or absence of the firmware on the device, it starts in a firmware update mode (also referred to as "bootloader mode"), allowing a firmware update via USB.
Bootloader key points: uploads, updates, and checks the integrity of the firmware; is updatable; signatures checked by the bootloader.
Firmware
The firmware is the program which operates your device. Its code executes most functions and features you use. Firmware is also crucially important in making the operations secure. Firmware can be updated directly from Trezor Suite via USB and always requires physical confirmation on the device itself.
When updating the firmware, the bootloader erases the memory on the device and only restores it after it verifies the signatures on the firmware. Downgrading the firmware erases the memory.
Firmware key points: operates the device; checked by the bootloader; regularly updated.
Physical access
The Trezor device implements several safety measures protecting the device against unauthorized physical access. Notably, Trezor Safe 5 has a dedicated Secure Element–the OPTIGATM Trust M (V3). In effect, it is a chip designed to protect highly sensitive information from software and hardware attacks.
Homescreen - surprisingly useful
While adding a nice personal touch to your device, the homescreen also serves an important function. Having a custom and unique picture helps the user immediately recognize the device as soon as it powers on, thus serving as the first-line defense against having the device replaced my malicious third parties.
Changing the home screen requires PIN entry and cannot be completed without it. The same characteristics apply to the device label.
PIN - protecting the device
Even if you enter the PIN on the computer directly, you're perfectly safe. The Trezor PIN mechanism is protected against key-loggers, so using it even in internet cafes means no risk for you. PIN is a number that you set when you first initialize your Trezor device. It protects the device against being used by unauthorized persons.
Passphrase - protecting the wallet backup
Passphrase protection is the crown jewel of Trezor security design. Unlike the PIN, which is completely device-dependent and can be changed or disabled with no effect on your accounts, the passphrase is bound to your wallet backup.
By using a completely custom phrase, you can add more entropy to the seed loaded in the wallet as represented by your wallet backup. The passphrase and wallet backup combined builds an entirely new, hidden passphrase wallet 'on top' of your wallet backup. The passphrase is not recorded anywhere on the device; thus it can't be tracked and is unbreakable.
Wallet backup is your ultimate access to all private keys and associated data used and protected by your device.