Oddbean

Verifying marketing claims is hard. Too hard for the average consumer. We need tools for that. I had built "opinions" for wallet products but sadly it's not getting used much. I had hoped for people to obliterate hardware wallets among other products and get big tips for doing so but meh, not much going on. If you have an idea how to punish stupid marketing claims in a decentralized way, please share. Sadly stupid claims regularly become accepted standards. Think about "lactose free" meaning there is the same amount of lactose as in other milk but also an enzyme to eliminate one type of undesired effects of that type of sugar but it leads people to think that they could cut carbs by drinking lactose free. WTH? Light bulbs were sold by their wattage but now, LEDs can't compete with a 100W bulb if it provides the same amount of lumen which nobody was told about before, so they just print 100W on a 15W LED and laser pointers are sold with ridiculous power ratings making these ratings completely pointless. Sure, wallet providers do the same. Almost all wallet providers are guilty of claiming that theirs is the safest. What does that even mean? And yes, "secure element" has "secure" in the name but is just a marketing term of a supplier of one of your chips and doesn't make your wallet magically secure.

doing something you are unfamiliar with is fine but when it comes to securing millions in funds… you need to do research. and be honest where you fall short too much time is wasted on marketing and the likes: eye candy over functionality, security taking a backseat (“resolved” by adding one or two IoT SEs with a lower bar for security compared to even a credit card, made by manufacturers that do not have a track record for high security SEs) and exaggerated marketing claims (“most secure”, “only airgapped wallet”)

and false “verifiability” in HWWs, as their designs also mean it makes verification impossible (SE code) or requiring somewhat costly tools to work around security measures (MCU) having NDAd secure elements is arguably better for security than “verifiability” as in both cases the manufacturer could slide in a backdoor but one means you usually end up opting for worse parts

My take - the take I had adopted for @WalletScrutiny - is that a "secure element" does not get in the way of verifiability iff it does never handle the private key material. It may contribute "true randomness" and it can be used for a key encryption key but the parts that actually touch the keys must be public source and binaries reproducible and the device itself has to show the actual hash of the binary you are trying to install prior to installation.

still, a pointless attempt. coldcard for example has a dedicated privileged flash segment (the “boot ROM” which is not ROM at all) that handles retrieving the key and could store the PIN/root key in its small flash segment it is not truly verifiable without ripping out the chip and faulting it

the goals of security and verifiability are inherently conflicting as to verify you need a chip that anyone can check the content of, but for security you want a chip that no one can see the content of the MCU may have open source code but the moment it is compromised it could log your PIN on next attempt

That is why I came to like the combination of SE and MCU where the SE is oblivious to what the MCU stores but the MCU stores all secrets with a key only the SE knows. What's wrong with that? Now the auditor can treat the SE as a black box that yields a key encryption key only if provided with a secret but bricks itself if the secret cannot be provided in x attempts. You say, Coldcard could do something shady in their not-a-ROM boot ROM? But that's MCU side, right? So can we audit it? Or are you talking about the hardware not being what they claim it is?