Secure element is a tamper-resistant microcontroller designed to store cryptographic keys and perform cryptographic operations in a sandbox that the rest of the device — including the main CPU — cannot peer into. It is the physical component that lets a hardware wallet claim "the private key never leaves the device" with a straight face. The hardware-security analogue of "this room is sealed" rather than "this software promises not to read this variable."
The two architectures you'll see
Closed-source secure elements. ST33K1M5 (used by Ledger), Infineon SLE 78 (used by OneKey), Optiga Trust M (used by Trezor Safe series). These are commercial chips with certified tamper resistance — typically Common Criteria EAL5+ or EAL6+ — sold under NDA. The strength is decades of certified production. The criticism is that you trust the manufacturer's documentation; you cannot audit the silicon yourself.
General-purpose microcontrollers without dedicated SE. Older Trezor models (Model T, One) and Coldcard Mk4 historically used the Microchip ATECC608, an open-design security chip with EAL5 certification. The Trezor Safe series switched to Optiga Trust M; Coldcard stuck with the more open chip. Argued by their proponents to be the more transparent design; certified by a lower EAL level than the Ledger ST33K1M5.
What the EAL number actually means
Common Criteria EAL — Evaluation Assurance Level — is a 1-to-7 scale of how rigorously a security target was verified. EAL5+ means "semi-formally designed and tested." EAL6+ means "semi-formally verified design and tested." Most banking smart cards target EAL4+ or EAL5+. The difference between EAL5+ and EAL6+ is real but smaller than the marketing makes it sound — both are very far above "no certification."
What matters operationally: an EAL5+ chip resists invasive physical attacks (decapsulation, side-channel analysis) at a cost level that places attackers in the "well-funded nation-state" category, not the "Telegram thief" category. For a US-resident retail holder, that's the relevant threshold.
The Ledger Recover episode
In May 2023, Ledger announced "Ledger Recover" — an optional service that uses Shamir Secret Sharing across three custodians to back up the seed phrase. The community uproar wasn't about the service; it was about the implication that the firmware can extract the seed from the secure element to share it. Ledger clarified that the extraction only happens for users who explicitly opt in, but the episode shifted some holders to Trezor's "fully open firmware on a less-certified chip" model. Both are defensible positions; pick based on your threat model.
What this means for your custody plan
Any hardware wallet from the major brands — Ledger, Trezor, OneKey, Keystone, Coldcard — has a secure element rated against attacks the typical US-resident threat model will never see. The difference between EAL5+ and EAL6+ matters less than whether you bought from the official store, ran the factory reset on arrival, and never typed the seed into a connected device.
Further reading: Hardware wallet, Hardware wallet comparison.