Encrypted mass storage support

Trezor Model T has an SD card slot. It can be used as additional secret used when unlocking the device however I believe a much more useful feature would be if Trezor could act as an USB card reader which transparently encrypts data read from and written to the card.

For comparison see IronKey devices which are USB thumb drive which need to be unlocked before data on them can be accessed.

The way it would work is that Trezor would present to the host additional USB mass storage interface. Once Trezor is unlocked via a PIN, it would signal that a card was inserted and allow host to start reading data to and from the card. Critically, ability to communicate with the card would need to remain active even after timeout.

There are multiple issues with that, the most practically-oriented being that Trezor is a very slow device. It runs on USB 1.1, so with a theoretical maximum speed of 12 Mbps – barely acceptable for an Internet connection these days, borderline unusable as a flash drive. Even if you can achieve that transfer speed (half-duplex, mind you), it’s unclear if Trezor’s CPU could encrypt and decrypt data that fast. I would be surprised if one could achieve half the speed, my personal conservative guess is 1 Mbps.

At that point, the transfers to and from this mass storage device would be so slow as to make using multiple-gigabyte SD cards impractical.

1 Like