The TrezorThe Trezor is a relatively simple device that is powered by a micro-usb connector. It has a very simple injection molded plastic case with two plastic buttons and an LCD screen. Interestingly, the plastic case is joined together with what appears to be cyanoacrylate or super glue.
The Trezor uses a standard STM32F205 as the only microcontroller which creates a large hardware-based attack surface. This is a very common standard ARM Cortex M3 32-bit processor. This is not considered one of ST’s secure MCUs nor is it any sort of secure enclave. This general purpose MCU is where the private keys are generated and stored. Due to these reasons, the Trezor does not have a common criteria security certification.
The Ledger Nano SThe Ledger Nano S is also powered by a micro-usb, has two user input buttons, and an on-board screen. The biggest difference between the Trezor and the Ledger is the Ledger has two microcontrollers instead of just one. The first microcontroller is the STM32F042K and the second microcontroller is the ST31H320. The STM32F042K is very similar to the STM32F205 used in the Trezor with the notable exception that it has an internal rather than external clock. More interestingly, the Ledger has a proper bank grade ST31H320 secure enclave where the wallet’s private keys are stored. The ST31H320 finds itself already used in many other applications including banking, identification, and pay TV. Further, it meets EAL6+ common criteria security standards. The combined ST31/STM32 architecture has a lower but commendable EAL5+ certification. In addition to securely storing private keys, the secure enclave is able to store a device key which provides a high degree of assurance that the ledger device is not counterfeit and has not been compromised in the supply chain.
https://blog.gridplus.io/hardware-wallet-vulnerabilities-f20688361b88