Skip to main content

Device Authenticity Verification

Trezor Suite includes built-in device authenticity verification to ensure users have genuine Trezor hardware and detect potential tampering.

Overview

Device authenticity checks protect against:

Counterfeit Devices

Detect fake Trezor devices

Supply Chain Attacks

Identify tampered devices

Firmware Modifications

Verify official firmware

Bootloader Integrity

Confirm authentic bootloader

Verification Methods

Multiple layers of authenticity verification:

1. Bootloader Verification

Checks bootloader authenticity: 
interface BootloaderCheck {
  // Official bootloader hash
  expectedHash: string;
  
  // Device-reported hash
  actualHash: string;
  
  // Verification result
  valid: boolean;
  
  // Bootloader version
  version: string;
}
Bootloader is locked during manufacturing and cannot be modified without bricking the device.

2. Firmware Signature

Verifies firmware is officially signed:
1

Read Firmware

Extract firmware from device
2

Check Signatures

Verify cryptographic signatures
3

Validate Keys

Confirm signatures from official Trezor keys
4

Report Result

Display verification status to user

3. Device Certificate

T2T1 and newer models include device certificate: 
interface DeviceCertificate {
  // Unique device identifier
  deviceId: string;
  
  // Certificate signed by Trezor
  signature: Buffer;
  
  // Public key for verification
  publicKey: Buffer;
  
  // Certificate validity
  valid: boolean;
  
  // Issue date
  issuedAt: Date;
}

4. Secure Element (T2B1, T3)

Newest models with secure element:
  • Attestation: Cryptographic proof from secure chip
  • Unique keys: Each device has unique attestation key
  • Certificate chain: Verifiable back to manufacturer root
  • Tamper detection: Secure element detects physical attacks

Verification Flow

Automatic Checks

Suite automatically verifies on device connection: 
// Triggered on device connection
const verifyDevice = async (device: Device) => {
  const results = {
    bootloader: await verifyBootloader(device),
    firmware: await verifyFirmware(device),
    certificate: await verifyCertificate(device),
    secureElement: await verifySecureElement(device),
  };
  
  // Overall authenticity assessment
  const isAuthentic = 
    results.bootloader.valid &&
    results.firmware.valid &&
    (results.certificate?.valid ?? true) &&
    (results.secureElement?.valid ?? true);
  
  return {
    authentic: isAuthentic,
    details: results,
    timestamp: Date.now(),
  };
};

Manual Verification

Users can manually trigger verification:
  1. Go to Device Settings
  2. Click “Check device authenticity”
  3. Wait for verification process
  4. Review detailed results

Verification Results

Status Indicators

Device is authentic
  • All checks passed
  • Official Trezor device
  • No signs of tampering
  • Safe to use

Detailed Report

Comprehensive verification report: 
interface AuthenticityReport {
  // Overall result
  status: 'authentic' | 'warning' | 'failed';
  
  // Individual check results
  checks: {
    bootloader: CheckResult;
    firmware: CheckResult;
    certificate?: CheckResult;
    secureElement?: CheckResult;
  };
  
  // Device information
  device: {
    model: string;
    firmwareVersion: string;
    bootloaderVersion: string;
    serialNumber?: string;
  };
  
  // Verification metadata
  timestamp: number;
  suiteVersion: string;
}

interface CheckResult {
  name: string;
  status: 'pass' | 'fail' | 'unknown';
  message: string;
  details?: any;
}

Physical Security Checks

Before connecting device:
  • Check holographic sticker on packaging
  • Should be intact and not tampered
  • Unique holographic pattern
  • Difficult to replicate
  • Original sealed packaging
  • No signs of opening/resealing
  • Official Trezor branding
  • Include authentic documentation
  • Compare with official photos
  • Check build quality
  • Verify button/screen placement
  • Inspect for unusual modifications
  • Buy from official Trezor Shop or authorized resellers
  • Avoid third-party marketplaces
  • Never buy pre-owned devices
  • Verify reseller authorization

Bootloader Mode Verification

Bootloader mode shows authenticity info:

T2T1 Bootloader Screen

┌────────────────┐
│ TREZOR        │
│                │
│ Bootloader     │
│ 2.1.0          │
│                │
│ Vendor: trezor │
│ VendorHash OK  │
│ FirmwareHash OK│
└────────────────┘
  • VendorHash OK: Bootloader verifies firmware vendor
  • FirmwareHash OK: Bootloader verifies firmware integrity

Warning Screen

If verification fails, bootloader shows warning: 
⚠️ UNOFFICIAL FIRMWARE

This firmware is not from Trezor.
Installing unofficial firmware could
compromise your device security.

Proceed with caution.

Firmware Installation Security

Official Firmware Only

Suite only installs official firmware: 
const validateFirmware = async (firmware: Buffer) => {
  // Check firmware signatures
  const signatures = extractSignatures(firmware);
  
  // Verify against official public keys
  const validSignatures = signatures.filter(sig => 
    OFFICIAL_KEYS.some(key => verifySignature(firmware, sig, key))
  );
  
  // Require minimum valid signatures (m-of-n)
  const REQUIRED_SIGNATURES = 2;
  
  if (validSignatures.length < REQUIRED_SIGNATURES) {
    throw new Error('Firmware not officially signed');
  }
  
  return true;
};

Signature Scheme

Multi-signature verification:
  • M-of-N signatures: Require multiple valid signatures
  • Different keys: Held by different Trezor developers
  • Threshold: Typically 2-of-3 or 3-of-5
  • Revocation: Compromised keys can be revoked

Implementation Details

Device Authenticity Package

// Shared package for device verification
import { verifyDevice } from '@trezor/device-authenticity';

const result = await verifyDevice({
  device,
  timestamp: Date.now(),
  checkAll: true,
});

if (!result.authentic) {
  showAuthenticityWarning(result);
}

Suite Common Integration

// Location: suite-common/device-authenticity/

export interface DeviceAuthenticityCheck {
  performCheck(device: Device): Promise<AuthenticityResult>;
  verifyBootloader(device: Device): Promise<BootloaderResult>;
  verifyFirmware(device: Device): Promise<FirmwareResult>;
  verifyCertificate(device: Device): Promise<CertificateResult>;
}

Warning UI

When verification fails, Suite displays prominent warning:

Warning Modal

<AuthenticityWarning
  severity="high"
  title="Device Authenticity Could Not Be Verified"
  message="This device may not be a genuine Trezor. Using counterfeit devices could result in loss of funds."
  actions={[
    {
      label: 'Contact Support',
      onClick: openSupport,
      variant: 'primary',
    },
    {
      label: 'See Details',
      onClick: showDetails,
      variant: 'secondary',
    },
    {
      label: 'Continue Anyway',
      onClick: continueWithWarning,
      variant: 'tertiary',
      warning: true,
    },
  ]}
/>
Persistent warning if user continues: 
<Banner
  variant="critical"
  dismissible={false}
>
  <Translation id="TR_DEVICE_NOT_AUTHENTIC" />
  <Link to="/device/authenticity">
    <Translation id="TR_LEARN_MORE" />
  </Link>
</Banner>

Support Integration

Help users with failed verification:

Contact Support

Direct support access: 
const contactSupport = (report: AuthenticityReport) => {
  const supportData = {
    type: 'device_authenticity',
    report: sanitizeReport(report),
    suiteVersion: VERSION,
    platform: PLATFORM,
  };
  
  // Open support form with pre-filled data
  window.open(
    `https://trezor.io/support/technical/issue?` +
    `data=${encodeURIComponent(JSON.stringify(supportData))}`
  );
};

Documentation

Links to help articles:
  • How to verify device authenticity
  • What to do if verification fails
  • How to identify counterfeit devices
  • Where to buy authentic Trezor devices

Best Practices

For Users

  • Buy only from official sources
  • Check physical security features
  • Verify device on first connection
  • Report suspicious devices
  • Never ignore authenticity warnings

For Developers

  • Always verify before allowing usage
  • Implement comprehensive checks
  • Clear warning messages
  • Log verification results
  • Provide support contact

Troubleshooting

Rare false positives possible:
  • Update Suite to latest version
  • Update device firmware
  • Try different USB cable/port
  • Contact support with verification report
Some scenarios:
  • Very old firmware versions
  • Device in wrong mode
  • Communication issues
  • Try firmware update first
Normal duration:
  • Simple checks: 1-2 seconds
  • Full verification: 5-10 seconds
  • If longer, check USB connection

Security Implications

Risks of Counterfeit Devices

Using counterfeit or tampered devices can result in:
  • Complete loss of funds: Modified firmware could steal keys
  • Privacy compromise: Transaction monitoring
  • Malware infection: Compromised recovery process
  • No support: Trezor cannot help with counterfeit devices

Protection Measures

Authenticity verification provides:
  1. Early detection: Identifies counterfeit before use
  2. User education: Explains risks clearly
  3. Support path: Direct channel to Trezor support
  4. Continuous monitoring: Re-verification on updates

Build docs developers (and LLMs) love

Get started for freeTalk to us