Skip to main content

Monthly Archives: December 2024

Building KeyOS!

Posted on December 19, 2024 - 11:34 am by

Building a Secure OS from the Ground Up: KeyOS

Creating a secure operating system from scratch is no small feat, but it’s precisely what we set out to do with KeyOS, the operating system powering our new Personal Security Platform, Passport Prime. During two years of intensive work, our engineering team built KeyOS to redefine what’s possible for secure, modular, and open-platform devices.

Here’s the KeyOS journey:

KeyOS is a next-generation microkernel operating system written in Rust. It’s a major leap forward from legacy operating systems like Ledger’s BOLOS, which runs in a closed-source smart card environment.

So, what’s a microkernel, and why does it matter?

A microkernel is a highly efficient and modular foundation for a secure operating system. Unlike monolithic kernels, microkernels focus on running only the most essential functions, while everything else operates in isolated “user space.” This design provides key advantages for a Personal Security Platform like Passport Prime:

1. Enhanced resilient and modularity: Each process is self-contained, reducing the risk of system-wide vulnerabilities.

2. Process isolation: Apps run in their own secure sandboxes, ensuring that even malicious or buggy apps can’t compromise other parts of the system.

3. Message-passing communication: Processes interact only through secure, managed message-passing, reducing attack surfaces.

This architecture allows Passport Prime to securely support multiple apps running side-by-side while KeyOS manages permissions and ensures airtight security.

Building KeyOS: A Two-Year Journey

KeyOS is completely open source and built on the kernel of the remarkable Xous project, from which we also incorporate their ‘avalanche noise source’ technology directly into our Passport hardware wallet. For those unfamiliar, Xous was created by hardware hacker Bunnie and his collaborator Xobs as part of the Precursor and Betrusted initiative, a crowdfunded effort to build an open-source, secure communications platform with a microkernel OS written in Rust.

We started with the Xous kernel and a few key services and ported it from RISC-V to ARM architecture, customized it for Passport Prime, and implemented drivers for every component of the device. Our team also added modern graphics support and developed core apps that leverage the power of KeyOS, and we are proud to be ranked as the #5 and #6 contributors to Xous on GitHub. Think of KeyOS vs. Xous the same way as Ubuntu vs. Linux kernel. KeyOS is essentially the first distro of Xous.

Breaking the Performance Barrier

Most security devices force users to compromise. You either get:

1. Modern hardware with high-resolution, color touchscreens, or

2. Secure hardware with subpar performance

KeyOS breaks this trade-off. Running on a 500 MHz security processor, Passport Prime delivers smartphone-like responsiveness in a highly secure environment.

Unlike other devices, which rely on slow, off-the-shelf components and bloated software and operating systems (like Android), we built everything in-house:

1. The operating system

2. The drivers

3. The apps

This bare-metal, vertically integrated approach unlocks unparalleled speed and ease of use on Passport Prime. It’s a true breakthrough for security hardware.

Enabling Third-Party Apps

One of the most exciting aspects of KeyOS is its potential as a developer platform. Developers will be able to permissionlessly create and distribute apps for Passport Prime.

We’re building an SDK, comprehensive documentation, and an app catalog to make this process as seamless as possible. Our first integration is with Cake Wallet, the popular privacy wallet.

Why this is game-changing

1. Flexibility: Developers can bypass the restrictive APIs of other devices and build apps that match their vision. They can bring their logo and familiar UI right into KeyOS.

2. Security: All apps are sand-boxed with hardened, derived child seeds, ensuring your funds are always safe even if an app is compromised.

3. Transparency: Apps distributed through our Envoy app catalog must be open source and have reproducible builds, so users can verify what they’re running on Passport Prime.

With the Cake Wallet app, Passport Prime will support privacy wallets, offering a best-in-class cold storage experience. Users of Monero will finally have a great experience securing their assets in cold storage.

Join the Developer Community

We’re inviting all Bitcoin, privacy, security, and cryptocurrency developers to build apps for Passport Prime. Passport Prime offers an open, flexible platform to bring your ideas to life.

Interested developers can sign up on our website to get started. Apps will be distributed through the Envoy app and a dedicated app catalog, making installation and updates effortless. Developers can also distribute apps directly to their users if desired.

The Future of Passport Prime

KeyOS represents a new standard in security, performance, and expandability for hardware wallets. By combining a cutting-edge microkernel design with open-source principles, we’re not just building a secure device but creating a platform for innovation.

Stay tuned for more updates as we continue to expand the possibilities of KeyOS and Passport Prime. Whether you’re a user or a developer, we can’t wait to see what you’ll build.

 

Explore More:
Discover all the details about Passport Prime on our website, and watch our official launch keynote video to see our vision for secure, open-platform innovation in action.

 

 

Introducing Passport Prime!

Posted on December 18, 2024 - 12:30 pm by

We are beyond excited to introduce the newest member of the Foundation family: Passport Prime, the world’s first Personal Security Platform. Designed to secure not only your Bitcoin but your entire digital life. Passport Prime is more than just a hardware wallet – it’s a Swiss army knife for your personal security.

Need a quick 20-minute rundown of the announcement? Check out the recent keynote from our CEO, Zach, on our website.

Passport Prime empowers you to secure your entire digital life – with one device. We have much to cover, so let’s dive in and see what Prime can do!

FEATURES

Bitcoin Wallet

Passport Prime offers the same robust Bitcoin hardware wallet capabilities as our gen-2 Passport. It supports all of the popular Bitcoin software wallets you have come to know and love. Prime offers a best-in-class multisig experience alongside numerous power-user features like passphrases and temporary seeds.

Multi-Factor Authentication

With its 2FA Codes app, Prime enables you to store your most important 6-digit 2FA codes in a secure, offline environment. For even stronger multi-factor authentication, Passport Prime replaces all of your Yubikeys with the Security Keys app. You can create multiple security keys for use with NFC or USB.

Secure File Storage

Passport Prime also replaces your encrypted flash drive. With its 50 GB of included capacity, Prime can secure your most important files. A killer feature in the File Browser app is called Airlock – when you plug Passport Prime into your phone or computer, it will only provide access to the files in your Airlock, ensuring the privacy of your data.

Seed Vault 

Passport Prime helps you organize and bring together all your seed words in one place – the Seed Vault app. You can instantly create new seeds, temporarily load seeds, and even store your existing seeds.

But wait, there’s more…

Those features are just the beginning, thanks to KeyOS, Passport Prime’s custom operating system, the possibilities for what you can achieve with Prime are practically endless.

KEYOS

What is KeyOS?

KeyOS is a next-gen microkernel operating system written in Rust. KeyOS offers a highly modular, yet locked-down environment where apps run side-by-side in their own sandboxes, while the OS manages permissions. This is how we are going to enable third party apps, and grow Passport Prime into a robust developer platform!

Developer Platform

From ~ mid-2025 developers will be able to build third party apps to run on KeyOS! But you won’t have to ask Foundation for permission. KeyOS will offer an open developer platform, meaning developers will be able to list their own apps in our App Catalog.

We are super excited to announce our friends at Cake Wallet will be producing the first ever third-party KeyOS app! Cake is a popular privacy-oriented cryptocurrency wallet with around 500,000 users and has support for Bitcoin, Monero and many others.

 

 

Do you have a favorite app you think could benefit from the extra security Passport Prime can offer? Help us spread the word! We’d love to work with other teams to bring enable your Prime to secure even more of your digital life.

SECURE, YET SIMPLE

Setting up Passport Prime with Envoy could not be easier. You’ll be guided every step of the way. Thanks to Passport Prime’s seamless communications with Envoy via our secure QuantumLink Bluetooth, you can go from zero to a secure digital life in minutes.

NFC Backups

KeyOS uses a 2-of-3 Shamir Secret Sharing configuration to split your seed into three pieces – two stored on cards, and the third stored on your Envoy mobile app. With our optional Magic Backups, your app data and settings are encrypted and sent to the Foundation servers via Envoy. No username, no passwords, no email address and crucially, no seed words ever leaving your device.

If you ever need to replace your Passport Prime, simply connect it to Envoy and tap one of your two KeyCards – that’s it!

QuantamLink Bluetooth

Passport Prime contains a dedicated Bluetooth chip, separate from the security processor running KeyOS. This Bluetooth chip can only send and receive messages that are already encrypted using quantum-resistant tech. Once connected, interactions with Envoy are effortless and happen almost instantly.

 

EXTRA DETAILS

Here’s a quick list of extra info you might be excited to learn:

1. Passport Prime ships in two beautiful colorways, Arctic Copper and Midnight Bronze

2. Passport Prime ships with everything you need in a single box.

3. Passport Prime hardware and software will be open source at launch.

4. Passport Prime is proudly assembled in the USA.

You can learn a lot about Passport Prime on our new product details page.