Understanding Trezor Model T Restoration in Bootloader Mode

Hello Trezor support team and community. I have a question: In the bootloader, where do I find the option to restore the Trezor Model T? I’ve noticed that when performing this action, the operating system is wiped clean, and the bootloader gives me the choice to reinstall the latest version or opt for the Bitcoin operating system only.

With that in mind, I would like to clarify whether this action results in the deletion of the device’s seed, and if possible, obtain information about the names of the memory areas that store the seed.

Happy to see that you already found the option and no longer need guidance for it :slight_smile:

Just a nit: it’s Trezor Suite giving you this choice.
Bootloader is the software component running on your Trezor. When Trezor is in factory state, the bootloader is just displaying a welcome message, and waiting for you to perform an action through Suite.


The seed is stored in sector 4 (memory region 0x08010000 - 0x0801FFFF) and/or sector 16 (memory region 0x08110000 - 0x0811FFFF), depending on usage. See the full documentation here.

Now, I am very curious as to what are you going to do with this information…?


Is this statement correct? After formatting the device, there is no possibility of data recovery since all data is completely erased. I am asking this question because in cases of physical attacks, it is unlikely that someone can find the seed or traces of it, as even the operating system has been eliminated. The only thing that remains on the Trezor after formatting is the bootloader. Therefore, if someone manages to physically access the Trezor, it will not be possible to perform a memory dump or attacks to check for traces.

Both Trezor data and firmware is stored in the integrated NOR-flash memory of the STM32 MCU.
This memory cannot be unplugged and independently accessed outside the MCU, unless you are going to physically modify the chip itself – which, of course, brings some risk of damaging the data you’re after in the first place.

Trezor does not have a filesystem (nor an operating system), so what you incorrectly call “formatting” is in fact complete data erasure. In the erase operation, the sector contents are fully overwritten with 1 bits. There isn’t any wear leveling or other trickery involved that would cause the data to “remain somewhere else”.

With current technology, it is unclear whether it is even possible to retrieve the values of overwritten bits. Even if yes, it is highly cost-prohibitive to attempt to do so, and unclear whether the data could be recovered with enough accuracy to even be able to brute-force the encryption.

In human speak: your cryptocurrency savings are not nearly enough to cover the cost of stealing them in this manner.

Mind you, the exact same erasure of your user data happens when you use the “Wipe device” feature, without involving the bootloader factory reset. Once you hold the “wipe” button, the data is gone with no way to get it back.

Thank you very much for the details in your response. I’m increasingly feeling good about having a Trezor.