Hardcore Hardware Security Requires a Step Back In Time

Foundation strives to build ultra-secure hardware with an open source security model. This is especially important for hardware wallets, which are used to store sizable amounts of Bitcoin and cryptocurrencies.

Today’s devices are largely designed for a pre-Bitcoin world. They are proprietary, opaque, and closed source. They are not designed to protect Bitcoin’s immutable transactions.

Take an iPhone, for example. An iPhone’s software is closed source – it runs firmware and an operating system made by Apple. There is no public code on Github. Security researchers or savvy individuals cannot audit any of the code running on the device. 

Likewise, an iPhone’s hardware is closed source – its circuit board designs, list of components (commonly called the “BOM” or bill of materials), and details of component functionality are proprietary and confidential. Sure, it’s possible to conduct a tear-down and attempt to determine how an iPhone works, how the circuitry is designed, and what components it uses. But the information gleaned from such an effort is limited at best.

Does Apple encrypt your iMessages? Does it safely upload your data to iCloud? Are apps sufficiently isolated to protect you from viruses and exploits? With closed source hardware like an iPhone running a closed source operating system, it is impossible to answer these questions. Instead, we are forced to trust Apple completely with our digital lives.

In a pre-Bitcoin world, this did not matter. The worst-case scenario was that an attacker stole your personal data, bought a few items with your credit card, and Venmo’d away a few thousand dollars. You then reset your passwords, called your credit card company, submitted a support ticket with Venmo – and resumed life as usual.

In a Bitcoin world, if your money is stolen then it is gone. There is no recourse. 

Today’s devices are built on a closed-source security model that is not transferable to a Bitcoin world. At Foundation Devices, we are dedicated to building ultra-secure hardware with an open source security model.

Unlike most hardware companies today, Foundation Devices:

  1. Minimizes the use of black-box silicon – chips whose functions are unknown and are often bundled with common components like screens and touch panels.
  2. Purchases chips and components only from reputable suppliers and distributors.
  3. Reduces attack surfaces as much as possible.
  4. Assembles our devices under close supervision in the USA.
  5. Releases our hardware and software as open source.

In order to build secure hardware for a Bitcoin world, we sometimes need to take a step back in time. Many common components today are not designed for hardcore security, transparency, auditability, and openness. When designing Passport, our Bitcoin hardware wallet, we made the conscious decision to avoid the following:

  • High resolution displays which contain black-box silicon that could collect data or display false information.
  • Capacitive touch panels which contain black-box silicon that could record user inputs or hijack the device.
  • Lithium ion batteries which contain black-box silicon that could help attackers exploit power-related vulnerabilities.
  • Bluetooth which increases attack surface and has consistent vulnerabilities.
  • USB which increases attack surface, such as this Ledger vulnerability.

This means that Passport uses a physical keypad, monochrome display, AAA batteries, and QR codes for communication. It somewhat resembles a Nokia phone! But it provides an excellent user experience, great design, and – most important – strong, open source security. 

Most touch panels contain black-box silicon. See the chip on the data cable.

If you are looking to purchase a hardware wallet, be wary of devices that use touch screens and contain Bluetooth. Be especially wary of closed source hardware. Ask the manufacturer – who makes the touch screen and where is it produced? Is the hardware and firmware open source? Does the wallet include Bluetooth or other forms of wireless communications?

Foundation Devices believes it is important that hardware wallet makers, above all, prioritize security. Here’s how we think about security for Passport:

  1. If it can be visually inspected, it’s the best. This is why we use a Memory Display over a high resolution OLED or TFT display, and why we use a physical keypad over a touch panel.
  2. Minimize the use of black-box silicon and purchase all chips from reputable suppliers. Our suppliers include ST Microelectronics, Microchip, Omnivision, Analog Devices, and ON Semiconductor. Passport does not contain components from sketchy Chinese OEMs.
  3. Crucial components should be made ourselves. Rather than relying on a proprietary true random number generator (TRNG), we implemented an open source TRNG called an Avalanche Noise Source that uses commodity components (thanks bunnie!).

Over time, as Bitcoin grows and we sell more devices, we will design open source touch screens, more secure wireless communication protocols, and open and auditable chips. We look forward to making this a reality as we build Foundation Devices!

Interested in learning more about hardware security? We recommend this talk by bunnie, renowned hardware hacker and creator of the Betrusted project.

Preorder

Preorder the Passport Founder’s Edition today, limited to 1000 units!

$299.00Add to cart

Foundation Devices Launches Preorders for Passport and Raises Pre-Seed Round

In late July, we introduced Passport – a new Bitcoin hardware wallet that is more elegant, ultra-secure, and open source. Today, Foundation Devices is excited to announce that:

  1. Passport is now available to preorder, with a Founder’s Edition limited to 1000 units.
  2. Foundation Devices has raised a pre-seed funding round from notable investors.
About Passport

Foundation Devices is building the open source hardware foundation for Bitcoin and the sovereign Internet, starting with a hardware wallet called Passport. We intend Passport to appeal to a broad audience of Bitcoiners – whether you are an expert user accustomed to hardware wallets or a new user currently storing your coins on an exchange.

Passport provides a radically simplified, zen-like user experience. Foundation Devices is working hard to eliminate the hardware wallet learning curve with a streamlined setup process, intuitive interface, and familiar navigation.

With numerous high-quality multisig software wallets entering the market, it is more important than ever that we have a hardware wallet that is easy to use and welcoming to new users. Passport is our attempt to build the “iPod” of hardware wallets.

Preorder Details

Passport is priced at $299 and includes 2x industrial grade microSD cards, 2x AAA batteries, and free shipping within the USA. Founder’s Edition is limited to 1000 units and includes an exclusive back cover design, special packaging, and a surprise gift.

Our official estimated shipment date for Passport is March 31, 2021 – but we are aiming to deliver Passport in time for the December holidays. Foundation Devices has already placed orders for long-lead time components and will finish ordering all components in the next several days. Due to COVID’s continuous impacts on global supply chains, we have chosen to be more conservative.

Please note that this is not crowdfunding – Foundation Devices already has the funds required to pay for the full production of Founder’s Edition devices. If you change your mind before Passport ships, cancel your order at any time and receive a full refund. If you stack too many sats and overdraw your bank account, we will do our best to refund you same-day! (Yes, this actually happened.)

To ensure your privacy, Foundation Devices self-hosts our website and checkout flow using WordPress and WooCommerce. Payments by credit card occur via Stripe and payments by Bitcoin occur via our self-hosted BTCPay server. We are especially proud of our beautiful BTCPay checkout design; thank you @artdesignbySF for your great work.

Open Source

Passport will be the only hardware wallet on the market – and one of the only consumer hardware devices in existence – that meets the definition of Open Source Hardware according to the Open Source Hardware Association (OSHWA).

Passport’s hardware designs will be open under CERN-OHL-S v2 and firmware under GPLv3. While other hardware wallets have open source firmware, none include hardware designs that are legally considered open source. They (1) omit design files, (2) use inappropriate licenses like GPL or Creative Commons, (3) restrict commercial use, and/or (4) lack detailed component documentation, specifically in the Bill of Materials (“BOM”).

We are a corporate sponsor of OSHWA and will be submitting Passport for official certification. All future hardware that Foundation Devices makes will be open sourced under the appropriate licenses and certified by OSHWA.

We will be publicly posting our hardware and firmware to Github later this Fall, after completing validation of our next round of prototypes.

Assembled in the USA

Foundation Devices believes in the importance of local manufacturing and more robust global supply chains. Most of today’s devices are assembled in China, a communist regime that heavily censors the Internet, surveils its citizens, and seeks to undermine citizens’ privacy and sovereignty. This creates numerous geopolitical and security issues, especially with the rise of Bitcoin. Our devices will soon be safeguarding trillions of dollars of value – it is imperative that we trust our hardware manufacturers.

We therefore chose to assemble Passport locally, in the USA, and purchase all of our components from American companies and distributors. While many components still originate from Asia, the critical parts – such as the screen, processor, secure element, and camera – all originate from highly reputable suppliers. And circuit board assembly, device assembly, provisioning, and testing all take place in the USA. The Foundation Devices team will be on-the-ground at the factory during production.

To our knowledge, Passport is the only hardware wallet assembled in the USA. For advanced users, it may be prudent to add Passport to your multisig setup in order to defend against potential supply chain vulnerabilities.

Progress

We’ve been hard at work over the last five months designing Passport, prototyping, and preparing for production. Here’s an overview of our progress to-date:

Enclosure

We completed the design of the enclosure and are currently prototyping via 3D printing. We have placed orders for long-lead time enclosure components, including the keypad assembly and copper-plated zinc alloy casted part.

Circuit Boards

We completed design of the circuit boards and have completed two prototype revisions. We will be ordering our third revision of prototype boards in the next several days. Novel features include:

  • Camera for scanning QR codes.
  • AAA battery power.
  • Avalanche noise source, an open source true random number generator that uses standard components (no black-box silicon).
  • Sharp Memory LCD, which has circuitry etched directly into glass for easy visual inspection, and unlike most displays includes no black-box silicon.

Firmware

We forked Coldcard’s open source firmware (licensed as GPLv3) and have made numerous changes. We anticipate finishing v1 firmware by end of November. We intend to contribute relevant improvements back to Coldcard. Changes include:

  • A new UI with simple navigation via a navpad and dedicated select buttons.
  • Changes to all copy and radical simplification of menu structure.
  • Ability to scan QR codes and transmit PSBTs via QR codes.
  • Code reorganization to comply with Micropython best practices.
  • Implemented new device drivers for Passport components including camera, screen and keypad.
  • New keypad controller to allow for more advanced input, such as long-presses.
  • Ultra-fast keypad responsiveness.

We ported Blockchain Commons’ UR Standard (for data transmission via multi QR codes) to Python. This can be seen on our Github.

We created a font converter to generate python code from BDF fonts. This can be seen on our Github.

Funding

Foundation Devices recently raised a pre-seed round to fund development and production of Passport. Thank you to our investors for enabling us to build a hardware company that believes in open source, sovereignty, and privacy.

Individuals

  • Brett Gibson of Initialized Capital
  • James McAvity of Cormint
  • Louis Liu of Mimesis Capital
  • Stephen Cole
  • Thomas Pacchia of HODL Capital
  • Tomer Federman of Federman Capital
  • and more
Next Steps

Learn more about Passport and preorder your Founder’s Edition below, limited to 1000 units!

Read through the FAQs and contact us at hello@foundationdevices.com with any questions.

Preorder

Preorder the Passport Founder’s Edition today, limited to 1000 units!

$299.00Add to cart

Shopping Cart
Your cart is empty
Calculate Shipping
Apply Coupon