Location of the security element on Xiaomi Redmi: full analysis

Xiaomi and Redmi smartphone owners often face reports of a โ€œsecurity elementโ€ โ€” especially when trying to use contactless payment or access banking applications โ€” that can be interpreted in two ways: both the TEE (Trusted Execution Environment) software module and the physical component on the device board. Understanding exactly where this element is located and how it functions is necessary to properly diagnose Mi Pay or Google Pay problems.

In most modern models, such as the Redmi Note 10 or Xiaomi 13, the security element is integrated directly into the main system-on-a-chip (SoC). This means that you will not find a separate chip that can be removed or replaced. It is critical to understand that a software failure in this component often requires a complete reset, not physical intervention. However, in rare cases, it can be about proximity or illumination sensors, which the system mistakenly classifies as a safety problem when stuck.

Next, we will take a detailed look at the software paths to access security settings, the physical location of components on the motherboard and methods for eliminating errors associated with device verification. You will learn how to check the SE (Secure Element) status through the engineering menu and why the unlocked bootloader blocks the operation of payment systems.

The MIUI and HyperOS security architecture

Xiaomiโ€™s operating shells are built on Android, where transaction security is handled by an isolated runtime environment. In user terms, this is often displayed as the โ€œSecurity Elementโ€ in NFC settings. The location of this virtual key store depends on the MIUI version and the processor model. Snapdragon chips use QSEE technology, while MediaTek uses the TrustZone analogue.

The user can check the status of this component through the system menu. โ†’ Connection and sharing โ†’ NFC โ†’ The location of the security element. Here, the system will tell you to select an emulator: HCE Wallet or SIM-Choosing the right emulator often solves the problem of broken payment, as a banking application may require a specific path to access protected memory.

โš ๏ธ Note: Change the settings of the security element to ยซSIM-card without the support of your operator will cause contactless payment to be completely inoperable. SIM-card is super-status SIM or similar certificate.

It is worth noting that in the new versions of HyperOS, the security management interface has been redesigned. Now you can see the status of secure storage in the "Security" app under "Virus Scanner" or "Optimization" section. The system automatically checks the integrity of the bootloader and the availability of root rights. If the bootloader is unlocked, the security element is software blocked by banks, even if it is physically healthy.

๐Ÿ“Š Where do you prefer to store your payment data?
Nana SIM-map
In the Memory of the Phone (HCE)
I only use cash.
I don't have NFC.

Physical location of components on the motherboard

In hardware repair terms, the โ€œsecurity elementโ€ isnโ€™t always an abstraction: In older Redmi smartphones (like the Redmi 4X or Note 3 series), the NFC chip could be located separately from the main processor. In modern devices like the Redmi Note 12 or Xiaomi 12T, the NFC module is integrated into a single communication unit next to the antenna.

Physically, the antenna module and its associated controller are often at the top of the motherboard or on a plume connecting the board to the back cover. When you open the case, you can see a copper coil โ€” this is the NFC antenna. The controller that controls secure data exchange is located in close proximity, often under a metal screen to protect against electromagnetic interference.

  • ๐Ÿ“ Basic board: In flagship models, a security chip is soldered next to the processor to minimize delays when encrypting data.
  • ๐Ÿ“ Dynamic plume: In some budget models Redmi antenna module is placed on a separate plume, going to the top speaker.
  • ๐Ÿ“ Under the back cover: In glass-body devices, the antenna can be glued directly onto the inside of the glass.

Damage to the plume or oxidation of contacts in the area of the antenna can cause the phone to stop seeing cards. In service centers, when diagnosing "no safety element", the integrity of the connection between the main board and the NFC module is first checked. Often the problem is solved by replacing the plume or soldering the antenna contact.

What does a security chip look like?
Visually, this is a tiny black chip measuring about 2x2 mm with the manufacturer's marking (NXP, Samsung or Broadcom), it is impossible to replace it yourself without a soldering station and a circuit.

Diagnostics through engineering menu and hidden codes

To test the safety modules in Xiaomi smartphones, they have special diagnostic codes that allow you to enter the engineering menu, which displays the status of all sensors and communication modules, and this is the most accurate way to determine whether the system sees the hardware component.

To get into the test menu, open the standard "caller" and dial the combination ##6484##. The CIT menu will open. Here you need to find the "NFC" or "NFC Test." When you click on it, you will run the check: the system will ask you to bring the card to the back, if the test is successful, then the physical security element is good and communication with the processor is available.

Additional codes for diagnosis:
#4636## - Testing menu (battery information, usage statistics)


*#06# - Checking IMID and serial numbers


#225## - Calendar information (indirectly checks system services)

If it's on the menu CIT test NFC If it doesn't pass or it's missing, it could indicate a software driver conflict or a physical malfunction. In some cases, resetting the network settings helps. โ†’ Connection and sharing โ†’ Resetting Wi-Fi, mobile networks and Bluetooth, which won't delete your personal files, but will return network settings to factory settings.

โ˜‘๏ธ Diagnostics NFC module

Done: 0 / 6

The Impact of Unlocked Booter on Safety

One of the most common reasons for reporting security bugs is an unlocked bootloader, which enthusiasts often unlock to install custom firmware or obtain root rights, but this breaks the TrustZone trust chain, which Google banking apps and services perceive as potentially dangerous.

When the bootloader is unlocked, the system marks the Verified Boot partition as "Yellow" or "Unlocked."In this state, the encryption keys stored in the security element may become unavailable for applications with high security requirements. Google Pay ceases to work completely, and some Xiaomi banking applications may refuse to run.

Loader statusMi Pay/Google Pay WorkAccess to banking applicationsStatus SE
Locked (Locked)It's stable.Full accessActive.
Unlocked (Unlocked)It's not working.Blocking or restrictionsHidden/Blocked
Custom recoveryIt's not working.LockdownUnavailable.
Root-right (Magisk)Requires cover-upRequires customizationPartial access

There are ways to circumvent these restrictions, such as using Magisk Hide or Shamiko modules that mask root rights. However, this is an arms race: banks are constantly updating detection methods, and you can not guarantee eternal payment on an unlocked device. For the average user who cares about stability, it is recommended to keep the bootloader locked.

โš ๏ธ Attention: Re-locking the bootloader on a device with a modified software part (castom firmware) can lead to the "brickling" of the phone.

Problems with proximity sensors and false positives

Sometimes users confuse the "safety element" with the approximation sensor, especially when the screen goes out during a conversation or does not light up when lifted to the ear.In the Xiaomi interface, these concepts are separated, but failures in the calibration of the sensors can cause system errors that the user interprets as security problems.

The proximity sensor on Redmi is usually located at the top of the screen, often hidden under glass next to the speaker, and the contamination of this area, the presence of a thick protective film or poor-quality protective glass can block the infrared beam, the system perceives this as a constant approach of the object and blocks the screen, which looks like a glitch.

  • ๐Ÿงผ Clean: Wipe the top of the screen with a soft cloth, paying attention to the speaker area.
  • ๐Ÿ›ก๏ธ Protective glass: Make sure the glass does not have a black frame overriding the sensor.
  • ๐Ÿ”ง Calibration: Use code ##64663## to enter the sensor test and perform calibration.

If the sensor is stuck or damaged, the screen may not respond to touch in certain areas or constantly go out. In such cases, it helps to temporarily turn off the proximity sensor in the call settings, but this is inconvenient for constant conversations. Hardware replacement of the sensor is rarely required, often software recalibration is enough.

๐Ÿ’ก

To quickly check the proximity sensor, close the top of the screen with your palm during an incoming call. The screen should go out. If this does not happen, the sensor is contaminated or defective.

Resetting and restoring security settings

If a software failure causes the phone to stop seeing the security element, an effective method may be to reset network settings and NFC applications.This will not delete your photos or contacts, but will return the configuration of communication modules to their original state.

To perform the reset, go to Settings โ†’ Applications โ†’ All Apps. Click on the three dots in the upper right corner and select Show System Processes. Search the list for Secure Element, go to its properties and select Clear โ†’ All Data.

As a last resort, if nothing works, you need a full factory reset. Before you do that, make sure to back up your data to your Mi Cloud account or your computer. Once you reset, the phone will look like new, and you'll have to re-assign your cards to Google Wallet or Mi Pay.

๐Ÿ’ก

In 80% of cases, the problem with the security element is solved by cleaning the cache of the Safe Element application or switching the emulator in the NFC settings.

Why does the phone say โ€œNo security element foundโ€?
This message means that the operating system cannot communicate with the secure chip, for reasons such as driver failure after the update, physical damage to the NFC plume, unlocked bootloader, or third-party software conflict.
Can the security element in the service be replaced?
In modern Xiaomi smartphones, the security chip is soldered on a board or integrated into a processor, and replacing it is economically inexpedient and technically difficult, usually changing the entire NFC module or motherboard as a whole.
Does removing the back cover affect safety?
Removing the lid itself doesn't affect the software part, but if the NFC antenna plume is damaged or the contacts are oxidized during dismantling, contactless payment will stop working.
Does Mi Pay work on a re-interfaced phone?
On global firmware with a locked bootloader, yes. On Chinese firmware or custom build (LineageOS, etc.), payment systems are not guaranteed and require complex configuration through Magisk.