no, it was possible until a mandatory upgrade. and it was only possible when someone had physical access to your trezor.
all good.
I think the answer he is looking for is as follows. From my current understanding of the vulnerability and the upgrade:
IF (you have upgraded the firmware to the latest) AND (someone gets physical access to your Trezor) THEN:
If they try to install ANY new firmware including old versions, their own hacking code, etc. they no longer have access to the secrets in SRAM because the latest firmware destroys all secrets in SRAM if and when ANY new code is loaded (including all future firmware updates). Obviously the secrets are still kept in a safe and secure non volatile location, they are just destroyed in SRAM in order to prevent this very attack vector.
Now, his question might have been as as follows:
If someone manages to get physical access to my updated Trezor and then uploads an older version of the firmware (destroying the secrets in SRAM per the new code) is there any possibility that the old code will still put the secrets into SRAM even though the attacker does not have the PIN? If so then, of course they can then upload a hack and get the secrets.
My assumption is that the old code accidentally left the secrets in SRAM during a code update but did not load them into SRAM until the PIN was correctly entered. If so, then all is good.
Can TREZOR verify my statements above to be all true?