WalletScrutiny on Nostr: Trezor wallets are always sold without firmware. If it has a firmware, it probably is ...
Trezor wallets are always sold without firmware. If it has a firmware, it probably is not new and might have been tampered with. If it apparently has no firmware, it might still be tampered with but that's another story.
When installing/updating the firmware, verifiability is key! Trezor is fully open source and this sophisticated modified hardware would have turned into a useful tool for its user, had he updated to a genuine version but for that, some checks have to be possible:
1. The firmware has to be built from public source code so its code can be audited. Trezor is open source.
2. The firmware has to be **reproducible** so the firmware is provably built from the public source code. Trezor is reproducible.
3. The device has to show the cryptographic fingerprint of the about to be installed firmware so the user can make sure he is installing the correct firmware. A version number is not enough! Trezor did this, recently failed to do this but closed an issue about this recently so we are not sure about the situation.
4. The newly installed version has to contain visible changes that a hacker can't trivially anticipate. Showing an incremented version number is **not enough**.
When installing/updating the firmware, verifiability is key! Trezor is fully open source and this sophisticated modified hardware would have turned into a useful tool for its user, had he updated to a genuine version but for that, some checks have to be possible:
1. The firmware has to be built from public source code so its code can be audited. Trezor is open source.
2. The firmware has to be **reproducible** so the firmware is provably built from the public source code. Trezor is reproducible.
3. The device has to show the cryptographic fingerprint of the about to be installed firmware so the user can make sure he is installing the correct firmware. A version number is not enough! Trezor did this, recently failed to do this but closed an issue about this recently so we are not sure about the situation.
4. The newly installed version has to contain visible changes that a hacker can't trivially anticipate. Showing an incremented version number is **not enough**.