Hardcore Hardware Security Requires a Step Back In Time

Foundation strives to build ultra-secure hardware with an open source security model. This is especially important for hardware wallets, which are used to store sizable amounts of Bitcoin and cryptocurrencies.

Today’s devices are largely designed for a pre-Bitcoin world. They are proprietary, opaque, and closed source. They are not designed to protect Bitcoin’s immutable transactions.

Take an iPhone, for example. An iPhone’s software is closed source – it runs firmware and an operating system made by Apple. There is no public code on Github. Security researchers or savvy individuals cannot audit any of the code running on the device. 

Likewise, an iPhone’s hardware is closed source – its circuit board designs, list of components (commonly called the “BOM” or bill of materials), and details of component functionality are proprietary and confidential. Sure, it’s possible to conduct a tear-down and attempt to determine how an iPhone works, how the circuitry is designed, and what components it uses. But the information gleaned from such an effort is limited at best.

Does Apple encrypt your iMessages? Does it safely upload your data to iCloud? Are apps sufficiently isolated to protect you from viruses and exploits? With closed source hardware like an iPhone running a closed source operating system, it is impossible to answer these questions. Instead, we are forced to trust Apple completely with our digital lives.

In a pre-Bitcoin world, this did not matter. The worst-case scenario was that an attacker stole your personal data, bought a few items with your credit card, and Venmo’d away a few thousand dollars. You then reset your passwords, called your credit card company, submitted a support ticket with Venmo – and resumed life as usual.

In a Bitcoin world, if your money is stolen then it is gone. There is no recourse. 

Today’s devices are built on a closed-source security model that is not transferable to a Bitcoin world. At Foundation Devices, we are dedicated to building ultra-secure hardware with an open source security model.

Unlike most hardware companies today, Foundation Devices:

  1. Minimizes the use of black-box silicon – chips whose functions are unknown and are often bundled with common components like screens and touch panels.
  2. Purchases chips and components only from reputable suppliers and distributors.
  3. Reduces attack surfaces as much as possible.
  4. Assembles our devices under close supervision in the USA.
  5. Releases our hardware and software as open source.

In order to build secure hardware for a Bitcoin world, we sometimes need to take a step back in time. Many common components today are not designed for hardcore security, transparency, auditability, and openness. When designing Passport, our Bitcoin hardware wallet, we made the conscious decision to avoid the following:

  • High resolution displays which contain black-box silicon that could collect data or display false information.
  • Capacitive touch panels which contain black-box silicon that could record user inputs or hijack the device.
  • Lithium ion batteries which contain black-box silicon that could help attackers exploit power-related vulnerabilities.
  • Bluetooth which increases attack surface and has consistent vulnerabilities.
  • USB which increases attack surface, such as this Ledger vulnerability.

This means that Passport uses a physical keypad, monochrome display, AAA batteries, and QR codes for communication. It somewhat resembles a Nokia phone! But it provides an excellent user experience, great design, and – most important – strong, open source security. 

Most touch panels contain black-box silicon. See the chip on the data cable.

If you are looking to purchase a hardware wallet, be wary of devices that use touch screens and contain Bluetooth. Be especially wary of closed source hardware. Ask the manufacturer – who makes the touch screen and where is it produced? Is the hardware and firmware open source? Does the wallet include Bluetooth or other forms of wireless communications?

Foundation Devices believes it is important that hardware wallet makers, above all, prioritize security. Here’s how we think about security for Passport:

  1. If it can be visually inspected, it’s the best. This is why we use a Memory Display over a high resolution OLED or TFT display, and why we use a physical keypad over a touch panel.
  2. Minimize the use of black-box silicon and purchase all chips from reputable suppliers. Our suppliers include ST Microelectronics, Microchip, Omnivision, Analog Devices, and ON Semiconductor. Passport does not contain components from sketchy Chinese OEMs.
  3. Crucial components should be made ourselves. Rather than relying on a proprietary true random number generator (TRNG), we implemented an open source TRNG called an Avalanche Noise Source that uses commodity components (thanks bunnie!).

Over time, as Bitcoin grows and we sell more devices, we will design open source touch screens, more secure wireless communication protocols, and open and auditable chips. We look forward to making this a reality as we build Foundation Devices!

Interested in learning more about hardware security? We recommend this talk by bunnie, renowned hardware hacker and creator of the Betrusted project.

Preorder

Preorder the Passport Founder’s Edition today, limited to 1000 units!

$299.00Add to cart

Foundation Devices Launches Preorders for Passport and Raises Pre-Seed Round

In late July, we introduced Passport – a new Bitcoin hardware wallet that is more elegant, ultra-secure, and open source. Today, Foundation Devices is excited to announce that:

  1. Passport is now available to preorder, with a Founder’s Edition limited to 1000 units.
  2. Foundation Devices has raised a pre-seed funding round from notable investors.
About Passport

Foundation Devices is building the open source hardware foundation for Bitcoin and the sovereign Internet, starting with a hardware wallet called Passport. We intend Passport to appeal to a broad audience of Bitcoiners – whether you are an expert user accustomed to hardware wallets or a new user currently storing your coins on an exchange.

Passport provides a radically simplified, zen-like user experience. Foundation Devices is working hard to eliminate the hardware wallet learning curve with a streamlined setup process, intuitive interface, and familiar navigation.

With numerous high-quality multisig software wallets entering the market, it is more important than ever that we have a hardware wallet that is easy to use and welcoming to new users. Passport is our attempt to build the “iPod” of hardware wallets.

Preorder Details

Passport is priced at $299 and includes 2x industrial grade microSD cards, 2x AAA batteries, and free shipping within the USA. Founder’s Edition is limited to 1000 units and includes an exclusive back cover design, special packaging, and a surprise gift.

Our official estimated shipment date for Passport is March 31, 2021 – but we are aiming to deliver Passport in time for the December holidays. Foundation Devices has already placed orders for long-lead time components and will finish ordering all components in the next several days. Due to COVID’s continuous impacts on global supply chains, we have chosen to be more conservative.

Please note that this is not crowdfunding – Foundation Devices already has the funds required to pay for the full production of Founder’s Edition devices. If you change your mind before Passport ships, cancel your order at any time and receive a full refund. If you stack too many sats and overdraw your bank account, we will do our best to refund you same-day! (Yes, this actually happened.)

To ensure your privacy, Foundation Devices self-hosts our website and checkout flow using WordPress and WooCommerce. Payments by credit card occur via Stripe and payments by Bitcoin occur via our self-hosted BTCPay server. We are especially proud of our beautiful BTCPay checkout design; thank you @artdesignbySF for your great work.

Open Source

Passport will be the only hardware wallet on the market – and one of the only consumer hardware devices in existence – that meets the definition of Open Source Hardware according to the Open Source Hardware Association (OSHWA).

Passport’s hardware designs will be open under CERN-OHL-S v2 and firmware under GPLv3. While other hardware wallets have open source firmware, none include hardware designs that are legally considered open source. They (1) omit design files, (2) use inappropriate licenses like GPL or Creative Commons, (3) restrict commercial use, and/or (4) lack detailed component documentation, specifically in the Bill of Materials (“BOM”).

We are a corporate sponsor of OSHWA and will be submitting Passport for official certification. All future hardware that Foundation Devices makes will be open sourced under the appropriate licenses and certified by OSHWA.

We will be publicly posting our hardware and firmware to Github later this Fall, after completing validation of our next round of prototypes.

Assembled in the USA

Foundation Devices believes in the importance of local manufacturing and more robust global supply chains. Most of today’s devices are assembled in China, a communist regime that heavily censors the Internet, surveils its citizens, and seeks to undermine citizens’ privacy and sovereignty. This creates numerous geopolitical and security issues, especially with the rise of Bitcoin. Our devices will soon be safeguarding trillions of dollars of value – it is imperative that we trust our hardware manufacturers.

We therefore chose to assemble Passport locally, in the USA, and purchase all of our components from American companies and distributors. While many components still originate from Asia, the critical parts – such as the screen, processor, secure element, and camera – all originate from highly reputable suppliers. And circuit board assembly, device assembly, provisioning, and testing all take place in the USA. The Foundation Devices team will be on-the-ground at the factory during production.

To our knowledge, Passport is the only hardware wallet assembled in the USA. For advanced users, it may be prudent to add Passport to your multisig setup in order to defend against potential supply chain vulnerabilities.

Progress

We’ve been hard at work over the last five months designing Passport, prototyping, and preparing for production. Here’s an overview of our progress to-date:

Enclosure

We completed the design of the enclosure and are currently prototyping via 3D printing. We have placed orders for long-lead time enclosure components, including the keypad assembly and copper-plated zinc alloy casted part.

Circuit Boards

We completed design of the circuit boards and have completed two prototype revisions. We will be ordering our third revision of prototype boards in the next several days. Novel features include:

  • Camera for scanning QR codes.
  • AAA battery power.
  • Avalanche noise source, an open source true random number generator that uses standard components (no black-box silicon).
  • Sharp Memory LCD, which has circuitry etched directly into glass for easy visual inspection, and unlike most displays includes no black-box silicon.

Firmware

We forked Coldcard’s open source firmware (licensed as GPLv3) and have made numerous changes. We anticipate finishing v1 firmware by end of November. We intend to contribute relevant improvements back to Coldcard. Changes include:

  • A new UI with simple navigation via a navpad and dedicated select buttons.
  • Changes to all copy and radical simplification of menu structure.
  • Ability to scan QR codes and transmit PSBTs via QR codes.
  • Code reorganization to comply with Micropython best practices.
  • Implemented new device drivers for Passport components including camera, screen and keypad.
  • New keypad controller to allow for more advanced input, such as long-presses.
  • Ultra-fast keypad responsiveness.

We ported Blockchain Commons’ UR Standard (for data transmission via multi QR codes) to Python. This can be seen on our Github.

We created a font converter to generate python code from BDF fonts. This can be seen on our Github.

Funding

Foundation Devices recently raised a pre-seed round to fund development and production of Passport. Thank you to our investors for enabling us to build a hardware company that believes in open source, sovereignty, and privacy.

Individuals

  • Brett Gibson of Initialized Capital
  • James McAvity of Cormint
  • Louis Liu of Mimesis Capital
  • Stephen Cole
  • Thomas Pacchia of HODL Capital
  • Tomer Federman of Federman Capital
  • and more
Next Steps

Learn more about Passport and preorder your Founder’s Edition below, limited to 1000 units!

Read through the FAQs and contact us at hello@foundationdevices.com with any questions.

Preorder

Preorder the Passport Founder’s Edition today, limited to 1000 units!

$299.00Add to cart

Introducing Passport: an Elegant and Secure Bitcoin hardware wallet

Bitcoin passing $11k signals a new bull market, with incredibly exciting times ahead for Bitcoiners as we prepare to welcome a new flood of users into the ecosystem. But we must ask ourselves – how will new Bitcoiners store their coins? Will they use Coinbase, who already holds almost 1 million Bitcoin? Or will they embrace sovereignty, privacy, and ownership by self-custodying their own Bitcoin? 

Foundation Devices believes that today’s hardware wallets make the wrong security and design tradeoffs. They’ve worked for us early Bitcoiners so far because we are willing to deal with difficult interfaces, metal seed backups, safety deposit boxes, Shamir’s Secret Sharing, and so much more. But they won’t work for the new wave of incoming Bitcoiners as we reach mass-adoption by the end of this decade.

Bitcoin needs a hardware foundation that is beautifully designed, easy to use, and open source. Most of today’s hardware, including Ledger wallets, are closed source. As Bitcoin’s market cap grows to the trillions, so do the incentives for attackers to compromise closed-source hardware. We must rebuild today’s hardware stack to be open source, auditable, and verifiable – from the chips to the circuit boards to the firmware and beyond.

Foundation is taking our first step on this journey by introducing an elegant, secure, and open source hardware wallet named Passport. We are thrilled to officially announce Passport today, and are accepting reservations for our first edition batch of 1000 units. 

So what makes Passport special? Passport is designed to be elegant; something every Bitcoiner would be proud to carry. We use high quality materials like soft-touch plastic and copper-plated zinc alloy. At 4 inches long x 1.5 inches wide x 0.8 inches thin, Passport is comfortable to hold and use.

Passport’s interface is intuitive and familiar, with a simple navigation pad and physical alphanumeric keypad. There’s no need to learn how to navigate the menus and enter PIN numbers and passphrases – you already know how to use Passport. 

To sign transactions, simply insert a microSD card or scan a QR code. Wallets like Bluewallet already support multi-QR transmission, and Passport is compatible with any software wallet that supports PSBTs over microSD or QR. 

Passport is open source and uses the same high-level security architecture and firmware base as Coldcard, with a Microchip secure element and STM processor. The circuit board designs and firmware will be published on Github in the coming weeks, with hardware licensed under CERN’s Open Hardware License V2 and firmware under GPL3. No unknown code will run on the device.

Completely airgapped, Passport is powered by two AAA batteries and includes no USB port, Bluetooth, or wireless communications of any kind. Passport has numerous security features, such as security lights and an avalanche noise source for entropy. And Passport uses more trustable components, like a screen with circuitry etched directly into glass, which allows for easy inspection at production.

Foundation Devices, headquartered in Boston, is focused on building open hardware for Bitcoin and the sovereign Internet. We will proudly assemble Passport in the USA.

We cannot wait to tell you more about Passport in the coming weeks! Passport will launch for preorders in August and will ship by late December. We have already received over 500 email reservations for our first edition batch. 

Learn more about Passport and reserve yours below!

And feel free to check out the FAQs and contact us at hello@foundationdevices.com with any questions.

Preorder

Preorder the Passport Founder’s Edition today, limited to 1000 units!

$299.00Add to cart

Bitcoin and a revolution in American manufacturing

Foundation Devices is proudly headquartered in Boston, the birthplace of the American Revolution. The USA was established 244 years ago on the belief that all individuals deserve life, liberty, and the pursuit of happiness. Bitcoin captures these same ideals, providing sound money that lowers our time preference, allowing us to accumulate savings and invest in our future. 

At Foundation, our mission echoes these values:

Foundation Devices strives to empower humankind – to make Bitcoin and decentralized tech accessible to each and every individual in order to build a new era of sovereignty, ownership, and privacy. Our products are the foundation of a better, sovereign Internet.

Foundation will push for a new American Revolution – a revolution in American manufacturing. 

Before Bitcoin, American manufacturing of electronic devices added cost without adding proportional value. For example, a phone manufactured in the USA is not necessarily more useful or higher quality than a phone manufactured in China. Buyers in the USA might be excited to pay more for the phone because it’s “Made in the USA,” but there is no functional benefit to making the phone locally.

Bitcoin changes this. With immutable transactions on the Bitcoin blockchain, there is no recourse if funds are stolen. There’s no bank to reverse the transaction, no credit card company to issue a refund, no FDIC insurance to protect institutions against loss. Bitcoin devices must securely store private keys and safeguard against numerous attack vectors. This turns traditional hardware security models upside down.

Currently most electronic devices originate from China. You may be comfortable with the risks of having your phone made in China. But what about your Bitcoin hardware wallet?

We are at the beginning of a slow transition to sovereignty and privacy. Bitcoin wallets will replace bank accounts. Private keys will replace passwords. Money, identity, and data will be controlled by individuals instead of institutions.

In this new paradigm, we need more trustable hardware. We need components from reputable suppliers and tight control over supply chains. We need to be physically present on the factory floor and ideally own our own manufacturing facilities. We need open source, auditable designs. And we need to build our hardware in jurisdictions which stand for basic human rights and freedoms.

Yes, in America our unalienable rights are regularly being put to the test, recently with a Coronavirus-fueled government push for greater surveillance capabilities and a ban on end-to-end encryption. But Foundation is optimistic that Americans will prevail. Groups like the EFF are vigorously fighting for our freedoms – and countless individuals and organizations will continue to speak out. 

Foundation will assemble our devices in the USA. We say “Assembled in the USA” rather than “Made in the USA” because most components originate from Asia. This is sadly the state of the hardware industry; almost nothing is made in America anymore. To mitigate this, Foundation is purchasing key components – such as the processor, secure element, and screen – from reputable suppliers that are headquartered outside of China (specifically STMicroelectronics, Microchip, and Sharp). And we are buying all our components through American distributors like Arrow who have high quality standards and strong supply chain oversight.

So what exactly are we doing in America?

  1. We are headquarted in America and pay American taxes.
  2. We design our products in America.
  3. We prototype our products in America, using equipment from American companies like Formlabs and American quick-turn prototyping facilities.
  4. We purchase components exclusively from American distributors or suppliers.
  5. We assemble our circuit boards in America.
  6. We assemble and test our devices in America.
  7. We package and ship our devices in America.
  8. We conduct regulatory testing at American facilities.
  9. We work with an American industrial design firm.

Foundation will strive to continuously onshore our supply chain. This will increase our costs, as American labor is more expensive, but the benefits are significant and it will enable us to build more trustable devices. We believe our customers will be willing to pay a modest premium for sovereign hardware made in the USA.

We have a lot of work to do. It’s not enough for key components to originate from outside of China. We need to bring semiconductor production back to the USA so that critical chips can be produced domestically. We need more efficient processes for plastic and metal production so that we can build enclosures locally. And we need to competitively produce common circuit board components, such as resistors and capacitors, in America. Tariffs will help us, as well as other government incentive programs. Foundation will be leading the charge!

Our first product, a Bitcoin hardware wallet called Passport, will be assembled in the USA. We’ll be publishing more info about Passport over the coming weeks. Pre-orders will open later this summer for shipping later this year.

Preorder

Preorder the Passport Founder’s Edition today, limited to 1000 units!

$299.00Add to cart

Evaluating the security and trustability of hardware wallets

As Bitcoin appreciates in value, it is more important than ever that we encourage users to withdraw their coins from exchanges and store them securely. For the average user, storing sizable quantities of Bitcoin requires a hardware wallet.

But how do we evaluate the security and trustability of the numerous hardware wallets available on the market today?

Foundation is concerned with new entrants making false claims with regard to open source security models and trustability. We believe it is imperative that our industry self-regulates and follows a clear set of disclosure criteria – so that hardware wallet buyers can make well-informed purchasing decisions.

In this post, we propose a set of criteria with which to evaluate hardware wallets. To avoid bias, this post does not attempt to rank the security or trustability of any specific hardware wallet, and all company and product names have been redacted in quotations.

Proposed Criteria:

  1. Open or Closed Security Model
  2. Trustable Components
  3. Trustable Supply Chain
  4. Present vs. Future Capabilities
  5. Honest Claims
  6. Security Certifications
  7. Bitcoin PSBT Support

Read on for more details!

Open or Closed Security Model

Hardware wallet producers must disclose whether their security model is open or closed source. There is no middle ground. If parts of the design are secret – such as undisclosed portions of the circuit schematics, redacted component information, or closed source code – then the hardware wallet is closed source.

Foundation has recently observed bizzare open source claims from hardware wallet producers. For example, one claimed to have “pioneered the hardware wallet industry’s first open source secure element firmware” – while not disclosing that the device’s operating system is closed source!

This same producer claims that their “hardware wallet application layer, device schematic (circuit diagram), and bill of materials (BOM) are also open source” – but does not mention that their schematics are omitting certain information and that their BOM does not include details of the secure element chip.

Another popular producer rightfully states that the apps running on its hardware wallets are open source, but fails to mention that the device firmware itself is closed source.

This is important because most consumers take open source claims at face value. If they are told that a hardware wallet is open source, they expect that experts in the Bitcoin community are able to research and verify the hardware and software running on the wallet. We must provide consumers with accurate information and empower them to make informed purchasing decisions.

Furthermore, it takes a great deal of time and effort to open source hardware products. Producers must provide proper documentation, comments, and build instructions for firmware. Circuit schematics must be legible, self-explanatory, and properly formatted. Electrical designs must be exported to the correct file formats. Bills of materials must detail every component. Datasheets for each component must be provided when possible.

If our industry becomes comfortable with a degraded definition of open source hardware, then we reduce the incentive for producers to be honest and forthcoming. We risk “open source” becoming a buzzword that every hardware wallet producer slaps onto their marketing material in order to sell more units.

For more detailed guidance, we strongly encourage open source hardware wallet producers to comply with OSHWA criteria and open source all hardware under CERN’s Open Hardware License (OHL). This covers many edge cases, such as components on the BOM requiring manufacturer NDAs for datasheet access.

Foundation is currently unaware of any hardware wallet that meets OSHWA criteria and is open sourced under CERN OHL or a similar open hardware license.

Trustable Components

A hardware wallet must be ultra-secure. Therefore, hardware wallet producers must carefully select components that can be trusted. Since hardware today can not be fully trustless, as we must rely on third party components and global supply chains, Foundation refers to trustworthy components as “trustable.”

Below are common hardware wallet components and potential concerns.

  • Screen
    Does the screen include an integrated processor running closed source firmware? Most modern high resolution displays are running black-blox silicon. Is the supply chain opaque? Most AMOLED and E-Ink displays have highly proprietary supply chains. What company manufactures the screen – is it an OEM off Alibaba or a more reputable company like Sharp?
  • Touch Panel
    If using a touch panel instead of a physical keypad or buttons, does it contain an integrated processor running closed source firmware? Most high-quality multitouch surfaces include an embedded CPU.
  • Processor (also referred to as MCU)
    What company manufactures the processor? Is it a small China-based producer or a more reputable company like NXP, STM, or Microchip?
  • Secure Element
    Is the secure element a “dumb” device that cannot execute code, or is it running firmware and an operating system? Does the hardware wallet producer know what firmware is running on the secure element, and do they open source that firmware? Is the secure element a black box? What company manufactures the secure element – a small China-based producer or a more reputable company like NXP, STM, or Microchip?
  • Camera
    Does the camera include an integrated processor running closed source firmware? Most cameras do. If so, does the hardware wallet sanitize the input from the camera, and can the hardware wallet producer demonstrate this by open sourcing the code?
  • Lithium Ion Battery
    Does the battery contain an integrated processor running closed source firmware? Some hardware wallet attack vectors include monitoring the power consumption during usage. What company manufactures the battery?

Foundation is heavily inspired by the work of bunnie, a well known open source hardware expert. Read more about trustable hardware on his blog.

Trustable Supply Chain

Hardware supply chains are complex, and it is rare to see vertically integrated hardware producers. Most hardware companies rely on contract manufacturers, and all hardware companies rely on component supply chains that originate in China. So that buyers can make an informed purchasing decision, Foundation believes that hardware wallet producers must disclose the following:

  1. Suppliers of key components such as the screen, touch panel, secure element, camera, and battery. This should be done even if the hardware wallet is closed source, as it is trivial to identify this information with a tear-down.
  2. Name and location of third party engineering firms that contributed to hardware wallet design. For example, buyers need to know if a US-based wallet producer outsourced electrical engineering work to a firm in China.
  3. Location of contract manufacturer(s). While it is prudent to keep manufacturer names confidential for security reasons, it is important to know the general location of manufacturing. For example, buyers need to know if a European wallet producer outsourced manufacturing to China.

Present vs. Future Capabilities

Hardware wallet producers will improve their products over time, both by adding new features and responding to bug reports and vulnerabilities. We know that it is tempting to rush a hardware wallet to market in order to generate revenue as soon as possible, but producers must understand that they are selling important security devices. The industry must judge hardware wallet producers on the capabilities of their devices today – not based on future roadmaps.

We’ve recently observed new hardware wallet entrants promise to open source components of their designs in the future, or add critical features like PSBT support in a future release.

In a Twitter DM with one hardware wallet producer, I asked in regard to a mobile companion app:

So you’re comfortable letting your customers use the app, but won’t release the code?

They replied:

We are comfortable letting users use the app. We just think doing code audit before open source it is a responsible way compared to directly open source it.

This is mind-boggling to me, as the company admitted that it feels comfortable having users download a closed-source, unaudited companion app and use it to secure their cryptocurrency. Our industry must judge hardware wallet producers by the present capabilities of their devices, and push back hard on any company that states “we will do X in the future.”

Honest Claims

Foundation has observed numerous false claims by hardware wallet producers with regard to device security and capabilities. Most consumers do not have the expertise to determine whether claims are truth or fiction. Therefore, the community must hold hardware wallet producers accountable and call out any false or exagerated claims.

Below are some claims we’ve recently observed:

Hackers simply cannot even attempt to steal your crypto

The first Bitcoin wallet to secure against physical attacks

The combination of multi-layer and multi-sig protections creates the most physically secure storage wallet every created

Thanks to its innovative key generation and recovery system, you will always be safe from any attack

The WORLD’S FIRST Multicurrency, Non-electronic Hardware Wallet

[Wallet] adopts an industry-first 2-Factor Key Generation (2FKG) process for the production and private key generation for our physical wallets. The 2FKG process ensures the highest safety standards for your cryptocurrency assets.

Anti-Tamper: Theft are not an issue as [Wallet] is protected from physical attacks.

The Cold Wallet, not just a hardware wallet. Air-Gapped. Anti-Tamper. Trustless Trust

The [Wallet] is built around the most secure type of chip on the market, ensuring optimal security for your crypto.

The Best Security…[Wallet] offers the best level of protection: your key remains protected in a certified secure chip.

Many of these claims are complete lunacy (“Hackers simply cannot even attempt to steal your crypto”), but many buyers of hardware wallets will take these claims at face value. Others are more nuanced (“built around the most secure type of chip on the market”), but are attempting to state opinion as fact.

Hardware wallet producers must understand that they are not selling toaster ovens or calculators – they are selling important security devices that are designed to safeguard large amounts of cryptocurrency. Hardware wallets are imperfect. Hardware security is imperfect. There will always be vulnerabilities. Producers must make honest claims.

Security Certifications

Some hardware wallets producers advertise security certifications like EAL5. There is nothing inherently wrong with security certifications, but we must recognize their shortcomings.

  1. Component producers pay certification organizations to certify their products. It’s important to understand this incentive structure.
  2. Certification processes do not cover every attack vector; components are placed through a predefined process with predefined scenarios.
  3. Certifications are not a replacement for independent reviews.

We as an industry cannot allow hardware wallet producers to hide behind security certifications. For example, a recently launched hardware wallet producer described its product as follows:

A 100% offline, anti-tampered cryptocurrency hardware wallet and the only one in the world with the highest security certification for its secure firmware (EAL7)

I emailed the company asking for further clarification on whether the firmware was open, and was told:

We’ll make a lot of the code available on github etc, but our secure firmware which has earned the highest security certification in the world (EAL7, as per press release tomorrow), will be closed sourced (as well as the secure element). We hope to go more towards the open source end gradually.

This is massively misleading for average consumers who do not understand how security certifications work. We cannot allow new hardware wallet producers to hide behind certifications as an alternative to making their devices open source and auditable.

Bitcoin PSBT Support

As a bonus, Foundation believes that hardware wallets that support Bitcoin should clearly disclose whether or not they support partially signed Bitcoin transactions (PSBT). PSBT is a standard format for Bitcoin transactions which, among other things, makes it easy to create multisig setups across different hardware and software wallets.

Hardware wallets producers that do not support PSBTs are perpetuating walled-garden ecosystems, discouraging Bitcoin innovation, and drastically increasing the difficulty for software wallet developers to integrate with new hardware wallets.

Conclusion

Foundation hopes that this post is a starting point in a larger conversation around hardware wallet requirements in the Bitcoin and cryptocurrency industry. We must self-regulate in order to provide consumers with the most secure possible products in order to safeguard their assets.

Preorder

Preorder the Passport Founder’s Edition today, limited to 1000 units!

$299.00Add to cart

Bitcoin and the Sovereign Internet need open hardware.

Our entire world is based on trust. We trust that our banks will safeguard our deposits; we trust that companies will keep our personal data private; we trust that governments will keep us safe. 

But is this sustainable? Over the past decades our trust in critical institutions has slowly eroded. Irresponsible banking practices plunged us into repeated economic crises. Facebook and Google collect our personal data at an unprecedented scale, while repeatedly failing to implement sufficient safeguards against data breaches and leaks. And now, as the COVID-19 crisis progresses, our governments are working with tech companies to expand mass-surveillance capabilities. 

The solution is clearly a sovereign Internet and financial system built on Bitcoin and other sovereign technologies. Bitcoin allows us to opt out of the existing system, transacting peer-to-peer without trusted third parties. 

Open source makes Bitcoin possible. Without open source, there would be no way to independently verify that Bitcoin has a maximum supply of 21 million coins; there would be no way to understand how it functions. Without Bitcoin’s open source code, we would be forced to trust third parties. Open source is the bedrock of our emerging sovereign Internet.

At Foundation Devices, we strongly believe that open source software alone is insufficient – open software must run on open hardware. And while we’ve seen immense progress in the FOSS movement and Bitcoin, we’ve seen little progress in open hardware. 

Hardware today is a web of proprietary intellectual property, non-disclosure agreements, and security-via-opaqueness. Want to know more about how that hardware wallet keeping your Bitcoin safe? Sign that NDA and learn about that EAL5+ security certification and proprietary operating system! 

Ledger Nano X product page

This opaque hardware security model may be fine for your passport or credit card. But with the rise of Bitcoin and cryptocurriencies, for the first time ever real money can be stolen without any recourse. No bank or credit card company can reverse a Bitcoin transaction. No government will provide your Bitcoin wallet with FDIC insurance.

If an employee at Ledger adds a vulnerability to the proprietary, closed source firmware running on the STMicroelectronics (STM) security chip, your funds could be stolen. If a security researcher discovers a vulnerability in the STM security chip, you will not be notified without signing an NDA. If a government works with STM to insert a backdoor into their security chip, you will never know. 

With Bitcoin’s market cap at around $160B, there are minimal incentives for our institutions to misbehave. But what about at a $1T market cap? $10T? The incentives continue to grow, and it is inevitable that companies and governments will attempt to compromise Bitcoin hardware in this decade.

And what about when every device is transacting with Bitcoin, sending machine-to-machine micropayments? What happens when our entire economy is built on Bitcoin? Every device – from cellphones to laundry machines – becomes a hardware wallet. 

Closed, trusted hardware security models no longer work in a Bitcoin world!

So what do we do? We build open source hardware. We start by designing products with more trustable components, assembled in a more trustable USA-based facility. We produce open source, legible circuit schematics using a respected license like CERN’s Open Hardware License. We publish all firmware as open source under MIT or GPL3 licenses. We clearly identify the components that require trust, such as the processor and secure element, and we work to source or build our own components that are more open and trustable.

In addition to emphasizing open source, we deliver great design and UX. We make open hardware with mass-consumer appeal. We prove that open hardware can be beautiful, intuitive, approachable. We demonstrate that open hardware can sell! 

We start with a hardware wallet and move to other critical products. We build the open hardware foundation for Bitcoin and the sovereign Internet.

Preorder

Preorder the Passport Founder’s Edition today, limited to 1000 units!

$299.00Add to cart

Introducing Foundation Devices: a new Bitcoin hardware company

We believe Bitcoin and decentralized technologies will empower the individual, leading to a better world where people control their own data and their own money. This is the dream for our industry; this is the reason why so many of us have chosen to start or join Bitcoin companies. We seek to eliminate the need for trusted third parties – like banks, cloud providers, and even governments – in order to make our systems more efficient and more accessible. And we seek to move power away from central points of failure to the edge; to the people.

As we build our industry from the ground up, we must remember this principle. We must build products and services that enable individual sovereignty.

We are concerned that today’s most mature Bitcoin and decentralized tech companies are the most centralized and opaque. Coinbase provides a custodial exchange. Blockchain.com provides a hosted wallet. Bitmain is a web of secrecy. Our industry’s biggest players provide trusted exchanges, trusted wallets, trusted mining pools, trusted lending services, trusted nodes – and even trusted hardware wallets! (Yes Ledger, we are referring to you.)

Have we forgotten the point of it all? Have we forgotten why we are all here?

So many of the Bitcoin products and services that successfully enable sovereignty – like Electrum, Wasabi, Samourai, Nodl, and Coldcard – are fantastic offerings that lack consumer-oriented UX. While we love and use these products, they will never “cross the chasm” to the land of mass consumer adoption.

We worry that as Bitcoin and decentralized tech reach the next phase of adoption, the vast majority of consumers will become dependent on centralized providers. We will have succeeded at creating a different financial system with different intermediaries. But we will have failed at empowering the individual and building a new Internet.

This is why we started Foundation – to make beautifully designed, open source hardware for Bitcoin and the decentralized Internet. To bring great design and UX to hardware wallets, nodes, and more. To allow mass consumers to securely use and store Bitcoin while maintaining their sovereignty. To help our industry cross the chasm while staying true to our founding ideals.

We call this open hardware. And we are excited to bring it to the world.

Our Mission

Foundation Devices strives to empower humankind – to make Bitcoin and decentralized tech accessible to each and every individual in order to build a new era of sovereignty, ownership, and privacy. Our products are the foundation of a better, sovereign Internet.

Our Values
  • Foundation offers best-in-class security and privacy via openness. No walled gardens; no closed source engineering. We are the antithesis of existing tech companies.
  • Foundation products are beautiful, intuitive, and approachable. Bitcoin and decentralized tech already have a steep learning curve; our products do not.
  • Foundation gives sovereignty to individuals and businesses. We empower you to take ownership and control of your money and your data.
  • Foundation products reflect our optimism about the future. We are building a better Internet based on a better form of money. Our products feel positive, aspirational, and a bit sci-fi.
Next Steps

This summer, Foundation will launch a new Bitcoin hardware wallet that provides the same security model as Coldcard while offering a beautiful, intuitive hardware and UI design. From day one our hardware wallet will be compatible with popular desktop and mobile applications. We will open source all circuit schematics, design files, and firmware – and we will assemble exclusively in the USA.

Over the next several weeks Foundation will release blog posts discussing the importance of open source hardware, diving into hardware challenges faced by our industry, and providing more details about our upcoming hardware wallet.

Preorder

Preorder the Passport Founder’s Edition today, limited to 1000 units!

$299.00Add to cart

Shopping Cart
Your cart is empty
Calculate Shipping
Apply Coupon