The vulnerability described below affects the supply chain of TREZOR One devices primarily. If your TREZOR One is already initialized and set up, then you are likely not affected. If you just purchased your TREZOR One device, make sure that you install/update the latest firmware version before using it.
TREZOR comes with tamper-evident seals, ensuring that you are the first person to open the package. When purchasing from TREZOR Shop or any of our resellers, if your package arrived unscathed, your TREZOR One is safe.
The newest firmware verifies the authenticity of the bootloader in the device. The bootloader checks the signature of the firmware. If both are genuine, your device will not display a warning, and therefore your TREZOR is safe to use.