There are different ways to solve this.
In my opinion, the first is that the device firmware must be open source so everyone can verify it and reproduce builds, ensuring users get the correct firmware. Without this, any of the other solutions are probably worthless.
In addition, Trezor firmware generates signing nonces deterministically using RFC 6979, which is one of the mitigations.
karliatto
npub1fc…peavj
2026-03-23 09:03:27 UTC
in reply to nevent1q…fnxs
Author Public Key
npub1fcthj78n5re7dcyrva89gmvgz0z6g2v5rakr65shxemyvjwwdjzqcpeavjPublished at
2026-03-23 09:03:27 UTCEvent JSON
{
"id": "3a8844b61341afb847b5569fb5a0997d7affc7d3dcaa85fe5c09279241cb6197",
"pubkey": "4e177978f3a0f3e6e083674e546d8813c5a429941f6c3d521736764649ce6c84",
"created_at": 1774256607,
"kind": 1,
"tags": [
[
"e",
"7b3cf866c9e4428937dd7ff6298de1cdcc4e30aa7962f5b2db755e7711ca6f1f",
"wss://relay.primal.net/",
"root",
"1ddbc53cebd32ef8b20efe5af2df54e0465edcbbfe047fa0b9d7a0d659fdeea4"
],
[
"p",
"56172b53f730750b40e63c501b16068dd96a245e7f0551675c0fec9817ee96e0"
],
[
"p",
"e88a691e98d9987c964521dff60025f60700378a4879180dcbbb4a5027850411"
],
[
"p",
"d42b8986e655bd36efeb2837c1d9a31f3f8eef688c8d313d25c79b7c840889c4"
],
[
"p",
"1ddbc53cebd32ef8b20efe5af2df54e0465edcbbfe047fa0b9d7a0d659fdeea4"
]
],
"content": "There are different ways to solve this.\n\nIn my opinion, the first is that the device firmware must be open source so everyone can verify it and reproduce builds, ensuring users get the correct firmware. Without this, any of the other solutions are probably worthless.\n\nIn addition, Trezor firmware generates signing nonces deterministically using RFC 6979, which is one of the mitigations.",
"sig": "2e013992b44d8f9d6bb06e1d493b05c074d0d0e53ac40c473baf0676155006cfa22dfd54c29d49dc35bffc09bff1aeae4568fb55c94bfd3ce786c546b5447751"
}