I find some points unclear in their FAQ. For example, how does the passphrase work? They only say that it sits "on top of the PIN". So am I supposed to write it in the computer's keyboard? Also, in their sentence "[...] we have implemented a safe way of entering PIN, so no keylogger can be used to spy on your PIN" there is no information. I finally found in reddit a video showing how the PIN input works (but not yet the passphrase).
We are working on a better documentation for the users, so here you go:
Multi-passphrase encryption (hidden volumes)
Security researchers have a habit of coming up with spicy names for simple attacks. One such attack is referred to as the $5 wrench attack.
If you have your passphrase memorized and you havent written it down anywhere, attackers with physical access to your TREZOR may still be able to extract the passphrase with a $5 wrench. In order to mitigate this risk it is possible to set up your TREZOR multiple times with multiple passphrases. The goal is to have one spoof setup that only holds a few bitcoins or bitcents and one real setup that holds your fortune.
In order to do this all you need to do is setup your TREZOR with a passphrase, then unplug and replug your TREZOR and enter a different passphrase. Heres an example:
I setup my TREZOR with the passphrase lonelypumpkins and load a large number of bitcoins onto my device. I unplug/replug my TREZOR and enter the passphrase funnyspirit. I then send a few bitcents to the funnyspirit account. When the thugs come and steal my TREZOR, I can now safely tell them that my passphrase is funnyspirit. They will be able to steel a few bitcents from me, but they wont be able to get at my fortune or even determine that a second passphrase exists.
PIN entry in TREZOR will be explained as well. Meanwhile to get an idea you can watch a video done by molecular https://www.youtube.com/watch?v=vMUfDKfsMFI