Hardware Wallet Security in 2026: Secure Elements Compared
EAL5+, EAL6+, EAL7. Open source vs closed source firmware. Air gapped vs USB vs NFC. A technical breakdown of every major secure element certification and what it actually means for your private keys.
Secure element certifications appear on every hardware wallet marketing page but rarely get explained. EAL5+, EAL6+, EAL7 are levels of the Common Criteria (CC) evaluation framework - a standardized process for independently assessing security hardware. The level tells you how rigorously the device was evaluated against attack scenarios, not whether the device is absolutely unbreakable. Here's what the numbers mean and how current hardware wallets compare.
What Common Criteria Actually Measures
Common Criteria (ISO/IEC 15408) is an international standard for evaluating IT security products. The evaluation is conducted by accredited third-party labs. The Evaluation Assurance Level (EAL) runs from EAL1 (lowest) to EAL7 (highest). The level describes the depth of testing - higher levels require more formal verification, more independent testing, and more documentation.
A critical distinction: CC evaluates the chip itself against a defined set of attack scenarios called a Protection Profile. The most relevant profiles for hardware wallets are those covering smart card ICs and security controllers (PP-0084, PP-0117). The evaluation says “this chip resisted these specific attacks in this lab environment” - it doesn't guarantee the chip can't be broken by a novel attack or that the firmware running on it is secure.
The “+” in EAL5+ and EAL6+ indicates the chip met the base level with augmentations - additional requirements beyond the standard level definition. EAL5+ is the most common certification for hardware wallet secure elements and represents a meaningful but not the highest possible bar.
Secure Element Chips Used in Current Hardware Wallets
Most hardware wallets use chips from one of a small number of manufacturers. The actual silicon matters more than the wallet brand in determining how resistant the device is to physical extraction attacks.
Infineon SLx 9670
Certified CC EAL6+. Used in the Ledger Nano S Plus, Ledger Stax, and Ledger Flex. Infineon's SLx family is designed for payment card and government ID applications. EAL6+ with the PP-0117 protection profile indicates high resistance to hardware attacks including fault injection and side-channel analysis. Ledger's firmware running on this chip remains proprietary - you cannot audit what the OS does with the chip's capabilities.
ST33K / ST33G1M2
STMicroelectronics chips used in Ledger Nano X (ST33J2M0). Certified CC EAL5+. Older generation than the SLx series but still represents a meaningful hardware security baseline. The Nano X pairing of this SE chip with a separate nRF52 Bluetooth MCU introduces additional attack surface at the inter-chip communication layer.
Microchip ATECC608B
Used in Trezor Safe 3. CC EAL6+ certified. Handles key storage and cryptographic operations. Trezor's architecture pairs this with a general-purpose MCU (STM32) - the SE stores the key, and the MCU handles the UI and signing logic. This dual-chip approach is different from Ledger's single SE design. All Trezor firmware is fully open source (trezor.io/learn/a/open-source-at-trezor).
NGRAVE Custom Secure Element
NGRAVE ZERO holds EAL7 certification - the highest CC level commercially available for consumer hardware. EAL7 requires formal mathematical verification of security properties in addition to physical testing. Only a small number of chips in the world hold this certification. The chip was designed in partnership with IMEC, the Belgian semiconductor research institute. EAL7 exceeds everything else in the hardware wallet market by a significant margin.
Hardware Wallet Security Comparison (2026)
| Device | SE Chip | EAL | Open Source | Interface |
|---|---|---|---|---|
| Ledger Nano X | ST33J2M0 | EAL5+ | Closed firmware | USB + Bluetooth |
| Ledger Nano S Plus | SLx 9670 | EAL6+ | Closed firmware | USB only |
| Ledger Stax | SLx 9670 | EAL6+ | Closed firmware | USB + Bluetooth + NFC |
| Trezor Safe 5 | EFR32 + ATECC608B | EAL6+ | Fully open source | USB only |
| Trezor Safe 3 | STM32 + ATECC608B | EAL6+ | Fully open source | USB only |
| Keystone 3 Pro | 3x MCU (no SE) | No CC cert | Open source firmware | Air-gapped (QR) |
| ELLIPAL Titan 2.0 | Allwinner A40i | No CC cert | Closed firmware | Air-gapped (QR) |
| NGRAVE ZERO | Custom (IMEC) | EAL7 | Closed firmware | Air-gapped (QR) |
| GridPlus Lattice1 | ATECC608A | EAL6+ | Open source firmware | USB + WiFi |
Open Source vs Closed Source Firmware
A secure element certification evaluates the chip in isolation. The firmware running on top of it is a separate concern. A chip can be EAL7 certified while running firmware that has a serious bug or backdoor - the certification says nothing about the software.
Open source firmware (Trezor, Keystone, GridPlus) allows anyone to read, audit, and compile the code. Vulnerabilities found by external researchers have resulted in patches on all these platforms. Closed source firmware (Ledger, ELLIPAL, NGRAVE) cannot be independently audited. You are trusting the manufacturer's security claims without verification.
This is not a clear-cut win for open source. Open source firmware can also be forked and modified to create malicious versions of wallet software. The security model differs: open source relies on public scrutiny to catch bugs, closed source relies on the manufacturer's internal security practices. Both have failed in documented incidents.
Air-Gapped Communication: What It Changes
USB-connected hardware wallets create a data channel between your computer and the device. Even with a certified secure element handling key operations, the USB interface introduces potential attack surface: USB descriptor attacks, BadUSB-style firmware replacement attempts, and data exfiltration through side channels.
QR-code-only devices (Keystone, ELLIPAL, NGRAVE) eliminate this attack surface entirely. The signing device has no ports. A transaction leaves the computer as a QR code, gets scanned by the device, signed internally, and returns to the computer as a signed QR code. There is no persistent data channel between the two devices. This changes the physical attack model significantly, even if it adds friction.
EAL Rating vs Real-World Security
Passphrase Protection: The 25th Word
Most hardware wallets support BIP39 passphrase - an additional word or phrase appended to your 24-word seed. This is sometimes called the “25th word.” The passphrase creates an entirely separate wallet. Without the passphrase, the seed phrase opens the decoy wallet. With it, the full wallet opens. This provides meaningful protection against physical coercion scenarios: you can disclose the seed phrase and a duress PIN/passphrase while keeping your main funds inaccessible.
The passphrase is not stored on the device. If you forget it, there is no recovery. Document it separately from your seed phrase, in a different physical location, using the same media care (metal backup) as the seed phrase itself.
Practical Selection Guide