The purpose of this article is to give a detailed account of the software specifications and security features used by the Trezor Model One, Trezor Model T and Trezor Safe 3.
The software used in Trezor devices has always been open-source to be fully auditable. Everybody can look at the code used in Trezor devices and verify its integrity, look for vulnerabilities, or come up with improvements and integrations.
We made Trezor fully transparent to eliminate the inherent need for trust and to share as much of our knowledge and ideas with the broader community.
See the SatoshiLabs Security Philosophy Manifesto if you wish to read more about our principles and motivations.
You can verify and build the software used in the Trezor devices. See the source code at Trezor GitHub:
- Trezor Model One
- Trezor Model T
- Trezor Safe 3
You can also refer to our Developers guide.
Trezor Model One
Operating systems
There are multiple layers of code ensuring the legitimacy and safety of operations executed by your device.
Bootloader
The bootloader is a simple program designed to install, update, and check the firmware loaded on the Trezor device. The bootloader checks the integrity and signatures of the firmware and runs it if everything is OK. This examination occurs every time you power the device. If the bootloader detects an unofficial firmware, it displays a noticeable warning on the device screen.
If the bootloader detects both buttons being pressed or absence of the firmware on the device, it starts in a firmware update mode (also referred to as "the bootloader mode"), allowing a firmware update via USB.
Bootloader key points: uploads, updates, and checks the integrity of the firmware; is updatable; signatures checked by the bootloader.
Firmware
The firmware is the program which operates your device. Its code executes most functions and features you use. Firmware is also crucially important in making the operations secure. Firmware can be updated directly from Trezor Suite via USB and always requires physical confirmation on the device itself.
When updating the firmware, the bootloader erases the memory on the device and only restores it after it verifies the signatures on the firmware. Downgrading the firmware erases the memory.
Firmware key points: operates the device; checked by the bootloader; regularly updated.
It is recommended to keep the device updated with the latest firmware version. Updating the firmware is the only way to counter some of the known security exploits.
Authorization
Physical access
The Trezor device implements several safety measures protecting the device against unauthorized physical access.
Homescreen - surprisingly useful
While adding a nice personal touch to your device, the homescreen also serves an important function. Having a custom and unique picture helps the user immediately recognize the device as soon as it powers on, thus serving as the first-line defense against having the device replaced my malicious third parties.
Changing the home screen requires PIN entry and cannot be completed without it. The same characteristics apply to the device label.
PIN - protecting the device
Even if you enter the PIN on the computer directly, you're perfectly safe. The Trezor PIN mechanism is protected against key-loggers, so using it even in internet cafes means no risk for you. PIN is a number that you set when you first initialize your Trezor device. It protects the device against being used by unauthorized persons.
Passphrase - protecting the seed
Passphrase protection is the crown jewel of Trezor security design. Unlike the PIN, which is completely device-dependent and can be changed or disabled with no effect on your accounts, the passphrase is bound to your seed.
By using a completely custom phrase, you can add more entropy to the seed loaded in the wallet. This builds an entirely new, hidden wallet 'on top' of your seed. The passphrase is not recorded anywhere on the device; thus it can't be tracked and is unbreakable.
More on the Trezor blog: Passphrase - the ultimate protection for your accounts
Recovery seed phrase: this is your money
Recovery seed is the ultimate backup of all private keys and associated data used and protected by your device.
Refresh your knowledge of recovery seed phrases
Trezor Model T
Operating systems
There are multiple layers of code ensuring the legitimacy and safety of operations executed by your device.
Boardloader
The boardloader is the write-protected, embedded-immutable code of the device. Its function is to load and check the integrity and signatures of the bootloader. The primary purpose for write protecting the boardloader is to make it the immutable portion that can defend against code-based attacks (e.g., BadUSB), and bugs which could reprogram any/all of the embedded code. It assures that only embedded code with verified signatures runs on the device (and that the intended code is run, and not skipped). The boardloader cannot be updated, modified, or removed.
Boardloader key points: embedded; unmodifiable; loads the bootloader and checks its integrity.
Bootloader
The bootloader is a simple program designed to install, update, and check the firmware loaded on the Trezor device. The bootloader checks the integrity and signatures of the firmware and runs it if everything is OK. This examination occurs every time you power the device. If the bootloader detects an unofficial firmware, it displays a warning on the device screen.
If the bootloader detects a pressed finger on the display or absence of the firmware on the device, it starts in a firmware update mode (also referred to as "bootloader mode"), allowing a firmware update via USB.
Bootloader key points: uploads, updates, and checks the integrity of the firmware; is updatable; signatures checked by the bootloader.
Firmware
The firmware is the program which operates your device. Its code executes most functions and features you use. Firmware is also crucially important in making the operations secure. Firmware can be updated directly from Trezor Suite via USB and always requires the physical confirmation on the device itself.
When updating the firmware, the bootloader erases the memory on the device and only restores it after it verifies the signatures on the firmware. Downgrading the firmware erases the memory.
Firmware key points: operates the device; checked by the bootloader; regularly updated.
It is recommended to keep the device updated with the latest firmware version. Updating the firmware is the only way to counter some of the known security exploits.
Authorization
Physical access
The Trezor device implements several safety measures protecting the device against unauthorized physical access.
Homescreen - surprisingly useful
While adding a nice personal touch to your device, the homescreen also serves an important function. Having a custom and unique picture helps the user immediately recognize the device as soon as it powers on, thus serving as the first-line defense against having the device replaced my malicious third parties.
Changing the home screen requires PIN entry and cannot be completed without it. The same characteristics apply to the device label.
PIN - protecting the device
Even if you enter the PIN on the computer directly, you're perfectly safe. The Trezor PIN mechanism is protected against key-loggers, so using it even in internet cafes means no risk for you. PIN is a number that you set when you first initialize your Trezor device. It protects the device against being used by unauthorized persons.
Passphrase - protecting the seed
Passphrase protection is the crown jewel of Trezor security design. Unlike the PIN, which is completely device-dependent and can be changed or disabled with no effect on your accounts, the passphrase is bound to your seed.
By using a completely custom phrase, you can add more entropy to the seed loaded in the wallet. This builds an entirely new, hidden wallet 'on top' of your seed. The passphrase is not recorded anywhere on the device; thus it can't be tracked and is unbreakable.
More on the Trezor blog: Passphrase - the ultimate protection for your accounts
Recovery seed phrase: this is your money
Recovery seed is the ultimate backup of all private keys and associated data used and protected by your device.
Refresh your knowledge of recovery seed phrases
Trezor Safe 3
Operating systems
There are multiple layers of code ensuring the legitimacy and safety of operations executed by your device.
Bootloader
The bootloader is a simple program designed to install, update, and check the firmware loaded on the Trezor device. The bootloader checks the integrity and signatures of the firmware and runs it if everything is OK. This examination occurs every time you power the device. If the bootloader detects an unofficial firmware, it displays a warning on the device screen.
If the bootloader detects both butons being pressed or absence of the firmware on the device, it starts in a firmware update mode (also referred to as "bootloader mode"), allowing a firmware update via USB.
Bootloader key points: uploads, updates, and checks the integrity of the firmware; is updatable; signatures checked by the bootloader.
Firmware
The firmware is the program which operates your device. Its code executes most functions and features you use. Firmware is also crucially important in making the operations secure. Firmware can be updated directly from Trezor Suite via USB and always requires physical confirmation on the device itself.
When updating the firmware, the bootloader erases the memory on the device and only restores it after it verifies the signatures on the firmware. Downgrading the firmware erases the memory.
Firmware key points: operates the device; checked by the bootloader; regularly updated.
It is recommended to keep the device updated with the latest firmware version. Updating the firmware is the only way to counter some of the known security exploits.
Authorization
Physical access
The Trezor device implements several safety measures protecting the device against unauthorized physical access. Notably, Trezor Safe 3 has a dedicated Secure Element–the OPTIGATM Trust M (V3). In effect, it is a chip designed to protect highly sensitive information from software and hardware attacks.
Learn more about Secure Element in Trezor Safe 3
Homescreen - surprisingly useful
While adding a nice personal touch to your device, the homescreen also serves an important function. Having a custom and unique picture helps the user immediately recognize the device as soon as it powers on, thus serving as the first-line defense against having the device replaced my malicious third parties.
Changing the home screen requires PIN entry and cannot be completed without it. The same characteristics apply to the device label.
PIN - protecting the device
Even if you enter the PIN on the computer directly, you're perfectly safe. The Trezor PIN mechanism is protected against key-loggers, so using it even in internet cafes means no risk for you. PIN is a number that you set when you first initialize your Trezor device. It protects the device against being used by unauthorized persons.
Passphrase - protecting the seed
Passphrase protection is the crown jewel of Trezor security design. Unlike the PIN, which is completely device-dependent and can be changed or disabled with no effect on your accounts, the passphrase is bound to your seed.
By using a completely custom phrase, you can add more entropy to the seed loaded in the wallet. This builds an entirely new, hidden wallet 'on top' of your seed. The passphrase is not recorded anywhere on the device; thus it can't be tracked and is unbreakable.
More on the Trezor blog: Passphrase - the ultimate protection for your accounts
Recovery seed phrase: this is your money
Recovery seed is the ultimate backup of all private keys and associated data used and protected by your device.
Refresh your knowledge of recovery seed phrases
