All articles

Secure Elements in Trezor Safe devices

Table of Contents

What is a Secure Element and how does it work?
How the Secure Element protects your wallet
How the Secure Element is certified
- What does CC EAL6+ mean?
Why Trezor chose the OPTIGA™ Trust M (V3)

Trezor Safe 5 and Trezor Safe 3 include a Secure Element—a dedicated chip that strengthens your device’s protection against physical attacks. This article explains how the Secure Element works, how it protects your wallet’s private keys, and how it fits into Trezor’s overall security model.

What is a Secure Element and how does it work?

A Secure Element is a tamper-resistant chip designed to securely store secrets and enforce access controls. It's the same type of chip used in credit cards and passports to protect sensitive information. In Trezor Safe devices, it plays two key roles:

Enforcing PIN protection in hardware: The Secure Element protects physical access to your wallet by securely enforcing PIN verification. This protects your private keys from brute-force attempts on a stolen device.
Verifying your device is genuine: The Secure Element stores a certificate from Trezor that helps prove your device is genuine and includes an authentic Secure Element installed during manufacturing.

The Secure Element used in Trezor Safe 5 and Trezor Safe 3 devices is the OPTIGA™ Trust M (V3).

How the Secure Element protects your wallet

The Secure Element protects physical access to your private keys by securely enforcing PIN verification, without storing the PIN itself. This protects your private keys from brute-force attempts on a stolen device.

During PIN setup, your Trezor generates a secret that is stored inside the Secure Element.
This secret is used—along with your PIN—to encrypt the private keys stored on the main chip.
The Secure Element only releases the secret if the correct PIN is entered.
After 16 incorrect PIN attempts, the Secure Element erases the secret, and the Trezor device is reset. You can always recover your wallet using your wallet backup.

All Trezor devices protect your private keys from online attacks. Trezor Safe 5 and Safe 3 offer an extra layer of protection against physical attacks, thanks to the Secure Element.

How the Secure Element is certified

The Secure Element in Trezor Safe 5 and Safe 3 is certified to Common Criteria EAL6+, a high assurance level for secure hardware components.

What does CC EAL6+ mean?

The Common Criteria (CC) is a global standard for evaluating the security of IT products.

EAL6+ indicates the chip has been extensively tested for resistance to sophisticated physical and software-based attacks.
The “+” includes extra requirements such as protections against fault injection and side-channel analysis.

Why Trezor chose the OPTIGA™ Trust M (V3)

Transparency is a core part of Trezor’s security model. That’s why we chose a Secure Element that supports public review.

The OPTIGA™ Trust M (V3) provides strong physical protection without requiring Non-Disclosure Agreements (NDA) or restricting access to documentation.

Many Secure Elements are locked behind non-disclosure agreements that prevent public security research. We chose a different path—one that users and independent experts can verify.

This choice reflects our long-term commitment to open, auditable hardware.

;