A Trezor is a mini computer keeping access to the seed contained to an isolated component with on-device display / confirmation. It's wrong to expect that an attacker with physical access won't be able to extract the seed. That remains true with an obfuscated secure element too.
Conversation
The BIP39 passphrase feature (passphrase appended to the seed phrase before key derivation) is the fundamental defense against an attacker gaining physical access. Trezor Model T has a much better implementation than the original by supporting on-device entry of the passphrase.
1
2
11
An attacker with physical access can extract data stored on a device. Secure elements can make data extraction more expensive but it's still possible. The benefit of dedicated hardware wallets is isolating access to the seed/passphrase for orders of magnitude less attack surface.
2
1
8
Quote Tweet
The passphrase feature works by appending the passphrase to the seed phrase which is used as the input for key derivation. It doesn't encrypt the seed with it but rather appends it to the seed phrase to derive a different key / wallet. It doesn't store it or any outputs from it.
1
1
2
Quote Tweet
Replying to @DanielMicay
It's important to keep in mind that the seed is not just on the device. There's at least one physical backup of the seed, generally written down with pencil and paper, and an attacker could obtain that rather than the hardware wallet. The hardware wallet is for using the seed.