Trezor has launched its latest hardware wallet, the Safe 7, featuring a fully open-source secure element and post-quantum firmware signing.
Unveiled at a launch event in Prague, the device reflects Trezor’s long-standing push for transparency in an industry that typically relies on closed, NDA-protected hardware components.
The company said the Safe 7 integrates a new chip, Tropic01, developed by semiconductor startup Tropic Square, which Trezor co-founded in 2020. Unlike most commercial secure elements from vendors such as STMicroelectronics or Infineon, Tropic01’s design and firmware are fully auditable and available for public testing. Researchers can buy and analyze the chip without signing non-disclosure agreements, a condition that has traditionally limited external scrutiny of wallet hardware.
Tomas Susanka, Trezor CTO hailed this a major shift in the industry, he said “No one is going to lie to you about its security.You don’t have to trust me on that. You can now verify.”
For years, every wallet provider has used proprietary firmware and NDA-bound silicon; Trezor’s public critique of that approach dates back to its early days. The company said its earlier experiments with commercial chips revealed vulnerabilities that manufacturers were unwilling to disclose publicly. The firm claimed this experience pushed it to design its own hardware. Trezor claims the change allows for “verifiable security” rather than vendor-assured protection.
Breaking down Safe 7’s architecture
The new device also features a dual-chip architecture, pairing Tropic01 with a secondary NDA-free element to improve tamper resistance. It includes hardware-level limits on PIN attempts, automatic data erasure on detected intrusion, and wireless connectivity secured through a proprietary open protocol layered over Bluetooth.
Perhaps the most notable shift is the wallet’s post-quantum bootloader, signed with algorithms resistant to future quantum-computer attacks. Most wallets, including those from institutional-grade custodians, have yet to implement similar safeguards. Trezor said the change allows firmware updates to remain verifiable even if current public-key systems become obsolete.
Preparing for the Quantum Era
In a forward-looking twist, Safe 7’s bootloader, the component responsible for firmware updates, is signed with a post-quantum cryptographic algorithm, making it resistant to future quantum decryption methods.
Trezor acknowledged that Bitcoin and most cryptocurrencies aren’t yet quantum-proof but argued that wallet security must “act before the threat materializes.”
Why it matters
By opening the chip’s design and challenging the secrecy of secure hardware, Trezor is effectively forcing a transparency debate in the hardware wallet industry.
For years, manufacturers have relied on proprietary secure elements chips whose inner workings users and even independent auditors can’t examine. Trezor’s public rejection of that model marks one of the most radical pivots in consumer crypto security since hardware wallets first appeared.
For users, the implications extend beyond technology. As crypto custody models evolve with ETFs, institutional vaults, and account abstraction competing for convenience, open hardware advocates argue that verifiable self-custody remains the only way to guarantee independence from intermediaries.
The Safe 7 is priced at $249, with shipping expected later this year.
Also read: How a Govt Collapse Inspired the Biggest Wallet Company
