semisol - 3h
While developing an HWW, I have started to realize that 90% have no idea what they are actually doing and they think that adding a secure element is a silver bullet to all security issues
in a market where people don’t verify marketing claims anything can happen
doing something you are unfamiliar with is fine but when it comes to securing millions in funds… you need to do research. and be honest where you fall short too much time is wasted on marketing and the likes: eye candy over functionality, security taking a backseat (“resolved” by adding one or two IoT SEs with a lower bar for security compared to even a credit card, made by manufacturers that do not have a track record for high security SEs) and exaggerated marketing claims (“most secure”, “only airgapped wallet”)
semisol - 2h
and false “verifiability” in HWWs, as their designs also mean it makes verification impossible (SE code) or requiring somewhat costly tools to work around security measures (MCU) having NDAd secure elements is arguably better for security than “verifiability” as in both cases the manufacturer could slide in a backdoor but one means you usually end up opting for worse parts
I have sent some things over on Telegram
still, a pointless attempt. coldcard for example has a dedicated privileged flash segment (the “boot ROM” which is not ROM at all) that handles retrieving the key and could store the PIN/root key in its small flash segment it is not truly verifiable without ripping out the chip and faulting it
the goals of security and verifiability are inherently conflicting as to verify you need a chip that anyone can check the content of, but for security you want a chip that no one can see the content of the MCU may have open source code but the moment it is compromised it could log your PIN on next attempt