If you've spent time comparing hardware wallets, you've seen EAL ratings used as selling points. The EAL6+ secure element implies the highest security standard achievable. The ratings are real, the certification process is rigorous, and the chips that carry these labels have genuinely been tested to demanding standards.
But EAL certification is also one of the most consistently misunderstood concepts in hardware wallet marketing. It is regularly presented and commonly interpreted as a near-absolute security guarantee, but it is not.
This article walks through the EAL framework from the ground up, examines what the evaluation process at EAL5+ and EAL6+ actually involves, names the specific chips used in hardware wallets and their certified levels, and then works through each of the three structural limitations that the certification does not address.
EAL certification tells you the depth and rigor of the security evaluation a chip underwent. It does not tell you that the chip cannot be defeated. These are different statements, and conflating them leads to a false sense of security.
What is Common Criteria?
Common Criteria (formally: Common Criteria for Information Technology Security Evaluation, ISO/IEC 15408) is an international framework for evaluating the security of IT products. It was established in 1999 to harmonize the fragmented landscape of country-specific security evaluation schemes.
Today, over 30 countries participate in the Common Criteria Recognition Arrangement (CCRA), and a CC certificate is the globally recognized standard for independently assessed product security.
Target of Evaluation
The framework operates around a core concept: the Target of Evaluation, or TOE. The TOE is the specific product or component being evaluated. For secure elements, the TOE is typically the chip itself, including its hardware architecture, embedded operating system, and the cryptographic library it runs.
The TOE's manufacturer submits a Security Target document, a formal specification of what the product is designed to protect, the threats it should resist, the security functions it implements, and the assumptions under which those functions are valid.
Certificate issuance
An accredited independent evaluation lab then tests the product against those claims, at the depth and rigor corresponding to the claimed EAL level. If the product meets its Security Target at the claimed level, a national certification body issues the certificate.
A critical implication of this structure: the evaluation tests the product against its own Security Target, i.e., what the manufacturer said it would do. A product that claims modest protections and delivers them can achieve the same EAL as one that claims broad protections and delivers them.
EAL measures evaluation rigor, not the ambition or completeness of the security design. This is a deliberate design that enables CC to be applied across a wide range of products.
Brief overview of the EAL scale
Common Criteria defines seven Evaluation Assurance Levels, EAL1 through EAL7. Each level represents a more demanding set of assurance requirements; primarily in terms of how thoroughly the product's design is documented, analyzed, and tested, and how sophisticated the assumed attacker is.
Higher EAL levels do not automatically produce more secure products. They produce more thoroughly evaluated products.
A product with narrow but correctly implemented security functions that has been evaluated to EAL6 is not more secure in a real-world application than a product with broader security functions evaluated to EAL4. It entirely depends on what each Security Target covers.
Level
Official name
What it means
Typical use
Attacker assumption
EAL1
Functionally tested
Basic testing to ensure the product does what it claims
Non-critical products
No structured attacker
EAL2
Structurally tested
Developer testing + limited independent review
Low-risk commercial
Opportunistic attacker
EAL3
Methodically tested
Systematic testing with secure dev lifecycle evidence
Commercial with security needs
Moderately skilled
EAL4
Methodically designed, tested, and reviewed
Full design docs + independent penetration testing
Full formal mathematical proof of security properties
Military, classified systems only
Nation-state adversary
For hardware wallets and secure elements, EAL5+ and EAL6+ are the relevant levels. EAL4 is the standard for enterprise software such as operating systems and firewalls. EAL7, the highest level, is in practice limited to tightly scoped military and classified systems.
The "+" suffix indicates augmentation: additional requirements beyond the base level that were included in the evaluation. For secure elements, the most important augmentation is typically AVA_VAN.5. It is the highest level of vulnerability analysis, requiring evaluators to attempt attacks using the most sophisticated techniques available to an adversary with very high attack potential.
What EAL5+ and EAL6+ involve
The difference between EAL5 and EAL6 lies in the depth of design verification needed and the sophistication of the assumed attacker. Both levels require penetration testing by independent evaluators trying to break the chip.
EAL5+: Semi-formally verified design and tested
At EAL5+, manufacturers must provide semi-formal design documentation. This is a structured, mathematical representation of the chip's security architecture that goes beyond the documentation required at lower levels.
Independent evaluators analyze these designs for weaknesses and conduct penetration tests, mirroring the approach of a high-attack-potential adversary; someone with significant technical knowledge, resources, motivation, and ample time to study the chip.
The ST33J2M0, the STMicroelectronics secure element used in the Ledger Nano X, holds EAL5+ certification. It's a standard for chips used in banking applications, payment terminals, and most contact smart cards.
EAL6+: Semi-formally verified design and tested (extended)
EAL6+ adds significant requirements over EAL5+. The design verification must be more comprehensive, covering a wider range of the chip's internal modules and their interactions.
Vulnerability analysis is extended to include a broader range of attack scenarios. The assumed attacker rises to "very high attack potential" with state-of-the-art techniques, extended analysis time, and sophisticated equipment, including fault-injection and invasive chip-analysis capabilities.
EAL6+ is the standard for products deployed in environments where significant resources might be directed at a single target: secure elements in government passports, banking HSMs, and security-sensitive consumer hardware.
A chip certified at EAL6+ has been subjected to attack attempts by trained security researchers with professional-grade equipment, and those attacks failed within the scope of the evaluation.
The ST33K1M5 (used in the Ledger Nano S Plus, Stax, and Flex), Samsung Semiconductors (specifically the S3D350 family found in Tangem Wallets), NXP SE050/SE051 family, NXP P60/SmartMX2 series, and Infineon SLE78/OPTIGA family all carry EAL6+ certification. These are the chips found in hardware wallets at the higher end of the security spectrum.
EAL certification is the strongest available independent assurance that a chip has been seriously tested against serious attack techniques. But it has three inherent structural limitations.
Limitation 1: The evaluation scope problem
Every EAL evaluation is bound by its Target of Evaluation, which is often the chip alone. Anything outside this is explicitly excluded from the evaluation, leading to direct practical consequences.
Even within the chip, only specific security functions are being evaluated. For example, a chip evaluated for resistance to power analysis attacks on RSA key operations has been certified for that specific function.
If the implementation of a different cryptographic operation, say, an ECDSA signing routine added later, is not explicitly covered in the Security Target, it does not carry the same evaluated assurance.
Limitation 2: The snapshot problem
An EAL certificate is issued at a point in time, for a specific version of the product, in a specific configuration. The certificate does not expire automatically when new attack techniques are discovered or when a vulnerability is found in the evaluated product.
This creates a gap between the certificate date and the device's current security posture. Seminal work from the University of Cambridge Computer Laboratory by Skorobogatov and Anderson demonstrated as far back as 2002 that optical fault injection attacks on secure microcontrollers and smartcards could be carried out with equipment costing under $40; a finding that sent tremors through the smartcard industry and forced manufacturers to rethink countermeasures in chips that already held certifications.
Limitation 3: the threat model gap
At EAL6+, the assumed attacker has a very high attack potential. This means significant technical sophistication, access to professional equipment, extended time, and motivation to succeed.
This threat model is rigorous by any commercial security standard. But it does not automatically cover every attacker a device might face, and it excludes classified techniques.
The evaluation lab uses publicly known techniques. Intelligence agencies with access to classified research capabilities may have attack techniques that were not applied during evaluation.
EAL6+ means: a competent, well-resourced, independently accredited evaluator attempted to defeat this chip using the best publicly available techniques, against the security functions defined in the Security Target, and could not. It is simply not the same as "this chip cannot be defeated."
What EAL5+/6+ certification guarantees
What EAL5+/6+ certification does NOT guarantee
The chip was evaluated by an accredited independent lab
That the chip is impossible to defeat
Evaluators attempted physical and side-channel attacks and could not extract keys within scope
That the evaluation covered every possible attack
The chip's design was formally reviewed to the depth required at the certified level
That the firmware, companion app, or supply chain meets the same standard
The Security Target document defines what was tested and under what conditions
That the certification applies to any configuration other than the exact evaluated one
The chip meets the standard for resistance to high attack-potential adversaries
That higher EAL always means better real-world security. Different Security Targets evaluate different things
Conclusion
EAL ratings are a useful signal; one signal among several, each of which has a bounded scope.
Understand what the firmware architecture actually is; immutable firmware closes the update pipeline attack surface that the chip's EAL certificate cannot address.
