The purpose of this article is to give a detailed account of the software specifications and security features used by Trezor Model T (show for Trezor One).
The software used in Trezor devices has always been open-source in order to be fully auditable. Everybody can look at the code used in Trezor devices and verify its integrity, look for vulnerabilities, or come up with improvements and integrations.
We made Trezor fully transparent to eliminate the inherent need for trust and to share as much of our knowledge and ideas with the broader community. See SatoshiLabs Security Philosophy Manifesto if you wish to read more about our principles and motivations.
There are multiple layers of code ensuring the legitimacy and safety of operations executed by your device.
The boardloader is device's write protected embedded code. Its function is to load and check the integrity and signatures of the bootloader. The primary purpose for write protecting the boardloader is to make it the immutable portion that can defend against code-based attacks (e.g., BadUSB), and bugs which could reprogram any/all of the embedded code. It assures that only embedded code with verified signatures runs on the device (and that the intended code is run, and not skipped). The write protection also provides some defense against attacks where the attacker has physical control of the device. The boardloader cannot be updated, modified, or removed.
Boardloader Key points: embedded; unmodifiable; loads the bootloader and checks its integrity
The bootloader is a simple program designed to install, update, and check the firmware loaded on the Trezor device. The bootloader checks the integrity and signatures of the firmware and runs it if everything is OK. This examination occurs every time you power the device. If the bootloader detects an unofficial firmware, it displays a noticeable warning on the device screen.
If the bootloader detects a pressed finger on the display or absence of the firmware on the device, it starts in a firmware update mode (also referred to as "the bootloader mode"), allowing a firmware update via USB.
Bootloader Key points: uploads, updates, and checks the integrity of the firmware; is updatable; signatures checked by the bootloader and Trezor Wallet
The firmware is the program which operates your device. Its code executes most functions and features you use. Firmware is also crucially important in making the operations secure. Firmware can be updated directly from Trezor Wallet via USB and always requires the physical confirmation (tapping the touchscreen).
When updating the firmware, the bootloader erases the memory on the device and only restores it after it verifies the signatures on the firmware. Downgrading the firmware erases the memory. Firmware Key points: operates the device; checked by the bootloader and Trezor Wallet; regularly updated
The Trezor device implements several safety measures protecting the device against unauthorized physical access.
Homescreen - Surprisingly useful
While adding a nice personal touch to your device, the homescreen also serves an important function. Having a custom and unique picture helps the user immediately recognize the device as soon as it powers on, thus serving as the first-line defense against having the device replaced my malicious third parties.
Changing the homescreen requires PIN entry and cannot be completed without it. The same characteristics apply to the device label. See Security Best practices for more information.
PIN - protecting the device
Trezor doesn't have a keyboard but even if you enter the PIN on the computer directly, you're perfectly safe. Trezor's PIN mechanism is protected against key-loggers, so using it even in internet cafes means no risk for you. PIN is a number that you set when you first run Trezor. It protects Trezor against being used by unauthorized persons. We have invented a secure way of entering the PIN so it can’t be key-logged and misused.
Passphrase - protecting the seed
The passphrase protection is the crown jewel of Trezor's security design. Unlike PIN, which is completely device-dependant and can be changed or disabled with no effect on your accounts, the passphrase is bound to your seed.
By using a completely custom phrase, you can add more entropy to the seed loaded in the wallet. This builds an entirely new and hidden wallet on top of your seed. The passphrase is not recorded anywhere on the device; thus it is wholly untrackable and unbreakable.
The passphrase can consist of any character from ASCII charset and can be up to 50 characters long if entered in the browser (patience is the limit when entered on the device).
Refer to the Passphrase article and blog article Hide your Trezor wallets with multiple passphrases for more details.
Seed - this is your money
Recovery seed is the ultimate backup of Recovery seed