When i was setting up my Trezor i noticed that i the firmware install doesn’t require confirmation on the device, is this only for the first install or can any device i connect the Trezor to install some firmware on it?
I also realised that I need to authorise the “is the Trezor genuine” check, is there any disclosure of information from the Trezor to the device that performs the authentication? Or why does this need to be authorised on the Trezor but the firmware installation doesn’t?
1 Like
yes, and only for a properly signed firmware by Trezor Company. Custom firmware will still pop up a confirmation screen.
Yes, the certificate used for authentication is unique per Trezor and could in theory be used to identify the same Trezor unit across computers.
The authentication process itself is offline and Trezor Suite does not send this data anywhere – but if there were no confirmation dialog, any malware could periodically ping the Trezor to find out its identity.
2 Likes
Thank you.
So all future firmware updates need confirmations from the device itself, even if there are from the update server and signed by Trezor?
I am asking for the following case:
The signing key and update server are compromised, and I know this because I checked a non-compromised communication channel that would hopefully warn me about this so that I can simply reject the malicious update?
Thank you, then its good that this needs verification.
But in generel i can use as many devices to verify the Trezor that i want without worrying? The certificate itself can’t be associated with something like my XPUB or other information right?
correct.
Not that this will help you much: the same people who control the signing keys probably also control the official comms channels.
By itself, the certificate is useless; it’s only (theoretical) value is being able to track the Trezor unit; if you told me your certificate id, I can’t do anything with that information from afar.
If you’re using the same seed all the time, it’s much easier for the host computer to ask for the xpub and track you that way. But the certificate will survive even if you erase the device and create a new seed on it.
2 Likes
Good
I think it is like you said in a conversation earlier today that its unlikely that all Trezor channels get compromised at the same time.
Thank you for the explaination.
Regarding the XPUB: Do it always get send to the Trezor server when i connect the device to Trezor Suite or only certain public keys if I request the balance for them?
It seems to my like all my accounts for all cryptos are auto request when i open Trezor Suite and i can’t find a option to change this to manually request adresses if i click on them.
I also found an interesting option to sign transactions without broadcasting them, but it doesn’t allow me to sign transactions when i don’t have enough crypto them (according to the state of TS), so i can’t make the Trezor Suite fully offline and broadcast only single transaction in some way.
Is there any option to use my wallet but avoid that all my adresses getting connected?