All articles

Trezor Firmware hash check

What’s happening?

Starting with Trezor Suite 24.11.1, we introduced an additional security measure to help protect Trezor users against counterfeit or unauthorized firmware. From now on, every time you connect your Trezor device to your computer it will undergo a firmware hash check.
 

The firmware hash check runs alongside the firmware revision check, but they are two distinct processes. The firmware revision check verifies that the device’s firmware is official and up-to-date, while the firmware hash check verifies that the firmware has not been altered or tampered with. Trezor Suite combines them under one “firmware revision check” setting for simplicity.
 

What’s new in Trezor Suite 24.11.1

Previously, the firmware hash check was only performed during firmware installation or updates. If a hash mismatch was detected, Suite would flag the device as counterfeit and display a persistent warning banner.


In Trezor Suite 24.11.1, the firmware hash check is also run each time a Trezor device connects.


Conditions for running the firmware hash check:
 

  • If the Trezor Suite firmware binary matches the version on the device, the check will be performed.
  • If the firmware versions differ (e.g., if the device firmware is outdated) the check is skipped, avoiding the need for an internet connection.
 

For the Trezor Suite desktop app, the check only runs if the device is updated to latest firmware offered by Suite. However, the Trezor Suite web app performs the hash check for all Trezor Model One firmware versions 1.11 or newer as it downloads the firmware binary automatically, and version 2.6.0 or newer for all other devices.
 

Security notifications: warning screen and banners

If the hash check detects a firmware mismatch, Trezor Suite displays a warning screen that alerts the user that their device may be compromised or running unofficial firmware. After the user dismisses the screen, a warning banner remains visible to reinforce the potential security risk. The warning banner message may vary depending on whether the issue was detected by the firmware revision check or the firmware hash check.
 

How does the firmware hash check work?

Each time you connect a Trezor device, Trezor Suite now runs a security check to verify the firmware on the device.
 

Here’s a quick overview of the process:
 

  1. Match check: The firmware hash check done by Trezor Suite presents a mathematical challenge to the device that can be passed only if the official and untampered version of the firmware is present on the device.
  2. If it matches: The device is verified, and you can use it as usual.
  3. If it doesn’t match: Trezor Suite flags the device as potentially unsafe, displays the warning screen, and restricts certain functions. The banner notification remains visible to alert you of this risk.

This check also runs during firmware installation or updates, helping to keep your device secure at all times.
 

Why this matters for your security

These firmware checks are part of our commitment to ensuring the safety of your device and funds. By verifying the firmware each time you connect your device, Trezor Suite protects you from counterfeit or tampered firmware, ensuring that only authentic, secure firmware is running on your device. This new process is automated and runs in the background, so you can enjoy increased security without any extra effort.