So there’s your **seed**, right? It is stored in the general-purpose MCU (main chip) of the Trezor. It’s the thing that is the source of all your keys. This is your family jewels. You don’t _ever_ want it leaked.
So we don’t want to store it just as it is. In normal conditions just “being in the chip” makes it inaccessible. But if a hacker manages to read the memory somehow, they could just get at the seed.
So you add a PIN, and encrypt the seed with the PIN. Now, any hacker who reads out the memory needs to brute-force the PIN, otherwise they can’t decrypt the seed phrase. That is nice — if your PIN is around 15 digits, the hacker basically can’t do it.
Well, but most people’s PINs are 4 to 6 digits, and that is also much nicer for usability.
So what happens is, the Secure Element contributes some data too. In gross oversimplification: you send the PIN to the secure element, it encrypts it by a key that only exists in the secure element, and returns a 256-bit secret. Then you use this secret, together with the original PIN, as the encryption key.
So if someone wanted to get your seed by brute-force, they would need to crack not just your PIN, but also the very secret encryption key that only lives in the Secure Element.
Which probably can’t be done at all, and definitely not for any reasonable amount of money.
(And if the attacker doesn’t _know_ the right PIN, they can ask the Secure Element to encrypt _something_ and they will get out _some result_, but it’s gonna be a wrong result that doesn’t decrypt your seed.)
The passphrase is a completely separate thing, and no, it is still the one “25th word” passphrase as before. There is no new SE-specific phrase.
And it goes like this: when you _finally_ after all that trouble decrypt the seed, then you can _add_ the passphrase _to the decrypted seed_.
This is actually the most secure thing of all, because the passphrase is never saved anywhere. Even if an attacker manages to grab your seed somehow, they don’t know the passphrase, and without it, they can’t get to your wallet.