Antwort auf: Kann die Seed-Phrase vom Trezor-Gerät extrahiert und über das Internet gesendet werden?
> under any circumstances (government forcing Trezor or court order or whatever) can Trezor company extract seed phrase of certain Trezor wallets and send it over internet to them or any entity
Yes
Trezor, Ledger, Coldcard, Bitbox, Keepkey, and likely any other HW wallet you name has the ability to capture the seed at initialization, or read it out of the secure element. Same goes for any OS and SW wallet combo including Tails and QubeOS.
There are no safe choices. Ledger’s claim was always dubious.
> This Secure Element (that only we have specs for) is a write only part (which only we can verify) and our firmware interaction with it (that is closed source) can never touch it.
Trezor talks about [why they picked STM32](https://blog.trezor.io/28d23f8949c6) instead of being legally bound to a microcontroller maker that forces all firmware to microcontroller interfaces to be hidden (closed source)
https://blog.trezor.io/28d23f8949c6
> I hope I get an answer from the co founder of Trezor and clarify it please.
He’s stated in the article above that STM32 is readable. What’s more, any seed setup mechanic will always go through firmware and, in closed source implementations, could always be cached.
Instead of waving their hands and declaring their magic box safe, they opened it up to the world to see and dared all to find bugs. And many have. And they have been fixed.
There is no safe solution. Either the firmware or OS will always know some secrets. I’d prefer to trust the dozen developers at Trezor to the 10,000 developers at Microsoft or the 5,000 developers at Canonical. You may choose differently.
My MUCH longer rant about opensourciness and why it helps, can be found here:
How Open-Sourciness Prevents the Ledger Seed Issue
byu/brianddk inTREZOR