Todos os artigos

Trezor Safe device authentication check

The Trezor Safe 3 and Safe 5 each include a Secure Element chip that help protect your wallet and verify your device's authenticity.

The Trezor Safe 7 builds on this design with two Secure Elements working together to provide even stronger protection against tampering and physical attacks.

How does device authentication work?

During the manufacturing process of the Trezor Safe hardware wallets, a unique certificate is issued to each new device before it leaves the production line.

The device certificate is securely stored inside the Secure Element on Trezor Safe 3 and Trezor Safe 5. On Trezor Safe 7, both Secure Elements participate in the authentication process to confirm that the device was built by Trezor and has not been altered since manufacture.

When setting up your device:

  1. Trezor Suite generates a random challenge, which is then sent to the Trezor.
  2. The Trezor Safe 3 and Trezor Safe 5 use the Optiga Secure Element to sign this random challenge and returns both the signature and the device certificate. On Trezor Safe 7, the TROPIC01 Secure Element also participates in this verification process, adding a verifiably transparent step.
  3. Trezor Suite verifies the signatures of the challenge and the signature on the certificate to confirm the authenticity of the device.

This process helps to verify the authenticity of your brand-new Trezor Safe 3 or Safe 5 and makes it significantly harder to tamper with. We’ve introduced this feature to ensure you are using a genuine device, safeguarding your coins and tokens.

Trezor Safe 7 performs the same authenticity check described below, but it uses two cooperating Secure Elements: TROPIC01 and OPTIGA Trust M.

Both chips work together to confirm that your device was built by Trezor and has not been altered.

Learn more in Dual Secure Elements in Trezor Safe 7.

Is device authentication mandatory?

If you only use Trezor Suite with official Trezor devices, do not turn off this check. This feature is a security measure designed to protect you from using a fake or compromised device.

Users may opt out of the device authentication process, but we strongly advise against it.

The authenticity check should only be disabled if you need to connect unofficial devices to Trezor Suite, such as DIY builds.

If you’re absolutely sure you want to turn off the Device Check feature, you can do so in the Settings menu in Trezor Suite.

Are there any privacy concerns associated with device authentication?

No. The device certificate is neither tracked nor stored anywhere. It is checked only by Trezor Suite and then immediately discarded. It is not sent anywhere, meaning your privacy is always preserved.

Security
;