Secure Elements in Trezor Safe devices

Trezor Safe 7, Safe 5, and Safe 3 all include a Secure Element — a dedicated chip that strengthens your device's protection against physical attacks.

Trezor Safe 7 goes further: it combines OPTIGA Trust M (V3) with TROPIC01, the world's only independently auditable secure element, developed by Tropic Square. These two secure elements work alongside the device's main microcontroller as three hardware layers of security in Trezor Safe 7.

What is a Secure Element and how does it work?

A Secure Element is a tamper-resistant chip designed to securely store secrets and enforce access controls. It's the same type of chip used in credit cards and passports to protect sensitive information. In Trezor Safe devices, it plays two key roles:

• Enforcing PIN protection in hardware: The Secure Element protects physical access to your wallet by securely enforcing PIN verification. This protects your private keys from brute-force attempts on a stolen device.
• Verifying your device is genuine: The Secure Element stores a certificate from Trezor that helps prove your device is genuine and includes an authentic Secure Element installed during manufacturing.
• Providing secure randomness: The Secure Element contributes an independent source of entropy during wallet seed creation. This contributes to ensure your wallet's private keys are generated from truly unpredictable data.

Trezor Safe 5 and Safe 3 use the OPTIGA Trust M (V3) Secure Element.

Trezor Safe 7 uses the same OPTIGA Trust M (V3) plus TROPIC01, the world's only independently auditable secure element, created by Tropic Square — alongside the device's main microcontroller, as three hardware layers of security.

How the Secure Element protects your private keys

The Secure Element protects physical access to your private keys by securely enforcing PIN verification, without storing the PIN itself. This protects your private keys from brute-force attempts on a stolen device.

• During PIN setup, your Trezor generates a secret that is stored inside the Secure Element.
• This secret is used—along with your PIN—to encrypt the private keys stored on the main chip.
• The Secure Element only releases the secret if the correct PIN is entered.
• After 16 incorrect PIN attempts, the Secure Element erases the secret, and the Trezor device is reset. You can always recover your wallet using your wallet backup.

How the Secure Element is certified

The Secure Element in Trezor Safe 5 and Safe 3 is certified to Common Criteria EAL6+, a high assurance level for secure hardware components.

TROPIC01, used alongside OPTIGA Trust M in Trezor Safe 7, takes a different approach: it is the world's only independently auditable secure element. Its design and implementation are open for independent researchers to review.

What does CC EAL6+ mean?

The Common Criteria (CC) is a global standard for evaluating the security of IT products.

• EAL6+ indicates the chip has been extensively tested for resistance to sophisticated physical and software-based attacks.
• The “+” includes extra requirements such as protections against fault injection and side-channel analysis.

Why Trezor chose the OPTIGA Trust M (V3)

Transparency is a core part of Trezor’s security model. That’s why we chose a Secure Element that supports public review.

The OPTIGA Trust M (V3) provides strong physical protection without requiring Non-Disclosure Agreements (NDA) or restricting access to documentation.

Many Secure Elements are locked behind non-disclosure agreements that prevent public security research. We chose a different path—one that users and independent experts can verify.

This choice reflects our long-term commitment to open, auditable hardware.