Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Re: Secure Element in Hardware Wallets
by
rondolfo
on 10/11/2023, 20:10:44 UTC
Quote from: dkbit98 on December 28, 2020, 12:12:23 PM

I see many people talking about Secure Element in hardware wallet like some mythical creature that will protect us from all evil, but in reality Secure Element is just a chip or microcontroller used in a similar way like in SIM cards, SDcards, IDs, Payment Cards or Phones, and they can potentially be exploited by malicious firmware updates.
In Hardware wallets they are used as second chip for storing private keys and seed words.

What are the benefits of Secure Element in Hardware Wallets?

- Seed words never leave device but they stay in Secure Element
- Secure updates
- Generating 'random' numbers
- No tempering

Secure Elements can be open source (can be verified and confirmed) or closed source (any firmware can be used including malicious), certified or not certified.

Current state of Secure Elements is Hardware wallets:

Name
Open Source
Secure Element
SE Model + Microcontroller
Evaluation Assurance Level
YES
YES
Infineon OPTIGA Trust M + Cortex M4 ARM
N/A
YES
No
N/A + STM32F2/STM32F4
N/A
YES
NO
N/A + STM32
N/A
YES
NO
N/A
N/A
NO (MIT+CC)
YES
ATECC608B or ATECC608A + STM32L496RGT6
outdated chip 608A
NO (MIT+CC)
YES
ATECC608B+Maxim DS28C36B + STM32L4S5VIT6
N/A
YES
YES
ATECC608B + ATSAMD51J20A
N/A
YES
YES
ATECC608B + STM32H753
N/A
NO
YES
ST31H320 + STM32F042K6
EAL5+
NO
YES
ST33J2M0 + STM32WB55
EAL5+
NO
YES
ST33K1M5C + STM32...
EAL5+
NO
YES
ST33K1M5 + ?
EAL5+
NO
YES
NXP P60
EAL5+
NO
YES
Unknown chip
EAL5+
NO (soon Y)
YES
NXP P5CD081
EAL5+
NO (soon Y)
YES
NXP J3R110
EAL6+
NO
YES
Infineon ?
EAL6+
NO
YES
ST31H320 A03
EAL5+
NO
YES
Infineon Optiga Trust-P
EAL5+
NO
YES
Infineon CC ?
EAL5+
N/A
YES
unknown built-in SE + STM32MP157C
EAL7+




Ledger has just changed its website stating that LNS PLUS models are EAL6+ certified



[/td][/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
NO
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
Samsung SecureCore microchip ?
[/td][td]▮[/td]
[td]
EAL6+
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
NO
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
Military-grade CC security chip ?
[/td][td]▮[/td]
[td]
EAL6+
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
NO
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
Unknown chip
[/td][td]▮[/td]
[td]
EAL4+
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
N/A
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
Infineon SLE78
[/td][td]▮[/td]
[td]
EAL6+
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
NO
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
NXP ? + ARM Cortex M4
[/td][td]▮[/td]
[td]
EAL6+
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
HSC32I1
[/td][td]▮[/td]
[td]
EAL6+*/EAL 4+
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
ATECC608A
[/td][td]▮[/td]
[td]
outdated chip
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
ATECC608A
[/td][td]▮[/td]
[td]
outdated chip
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
Infineon ?
[/td][td]▮[/td]
[td]
EAL6+
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
probably MAX36010-BSN-T
[/td][td]▮[/td]
[td]
EAL5+
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
ARM Cortex-M0
[/td][td]▮[/td]
[td]
EAL5+
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
ATECC608B + Maxim DS28S60 (+ Maxim MAX32520)
[/td][td]▮[/td]
[td]
EAL?
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
N/A
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
NXP MCU + ?
[/td][td]▮[/td]
[td]
N/A
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
NXP J3H145 and NXP J3R110
[/td][td]▮[/td]
[td]
EAL6+
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
NO
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
ATECC608A
[/td][td]▮[/td]
[td]
outdated chip
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
NO
[/td][td]▮[/td]
[td]
N/A + STM32F205VG
[/td][td]▮[/td]
[td]
N/A
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
ATECC608A+NXP JCOP3 and ARM Cortex-M
[/td][td]▮[/td]
[td]
EAL5+ outdated chip 608A
[/td][td]▮[/td]
[/tr]
[tr]
[td][/td][td]▮[/td]
[td][/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
YES
[/td][td]▮[/td]
[td]
nRF5340
[/td][td]▮[/td]
[td]
N/A
[/td][td]▮[/td]
[/tr]
[/table]
Note that older hardware wallets models Passport, ColdCard, Onekey may have outdated chip version ATECC608A!

Credits and thanks @SFR10 for making this wonderful table

Let's see some examples how Hardware Wallets got exploited before in presentation Exploiting Hardware Wallet’s Secure Element by Riscure and Sergei Volokitin.

If you can choose, then always go for Open Source.


*EAL = Evaluation Assurance Level

Quote
EAL1 - functionally tested
EAL2 - structurally tested
EAL3 - methodically tested and checked
EAL4 - methodically designed, tested, and reviewed
EAL5 - semi-formally designed and tested
EAL6 - semi-formally verified design and tested
EAL7 - formally verified design and tested

**Trezor is working on their own fully open source Secure Element chip and they started separate project for this purpose called Tropic Square.
- Cobo hardware wallet stopped production and renamed to Keystone with some changes in software and hardware.

CC = Commons Clause License
https://commonsclause.com/


- Seed Generation in Hardware Wallets
- Open Source Hardware Wallets
[/quote]