top | item 35955784

(no title)

>Trezor Suite will only accept the device if the installed firmware is correctly signed by SatoshiLabs.

...?

Although I'll concede that I'm now wondering what's preventing compromised hardware from faking this part too. A complex malware could even receive firmware updates, dump them in an unused partition, and report to the connected host that it promises that it's definitely running that firmware, right? Hmmm.

discuss

lxgr|2 years ago

Yes, it could absolutely do that.

The only way around that would be for Trezor to ship their devices with some sort of attestation function (e.g. a private signing key to which they publish the public key, or sign it via a PKI and include a certificate) and validating that, not just the statement "I promise to be running the authentic firmware", a hash over the firmware, a complete firmware dump or anything else not involving a challenge-response or uncloneable function of some sort.

ReactiveJelly|2 years ago

Similar problem to Trusted Platform Module / Secure Boot, right?

In that case the golden keys can leak, but it's better than nothing.

unknown|2 years ago

[deleted]