Building a Secure OS from the Ground Up: KeyOS
Creating a secure operating system from scratch is no small feat, but it’s precisely what we set out to do with KeyOS, the operating system powering our new Personal Security Platform, Passport Prime. During two years of intensive work, our engineering team built KeyOS to redefine what’s possible for secure, modular, and open-platform devices.
Here’s the KeyOS journey:
KeyOS is a next-generation microkernel operating system written in Rust. It’s a major leap forward from legacy operating systems like Ledger’s BOLOS, which runs in a closed-source smart card environment.
So, what’s a microkernel, and why does it matter?
A microkernel is a highly efficient and modular foundation for a secure operating system. Unlike monolithic kernels, microkernels focus on running only the most essential functions, while everything else operates in isolated “user space.” This design provides key advantages for a Personal Security Platform like Passport Prime:
1. Enhanced resilient and modularity: Each process is self-contained, reducing the risk of system-wide vulnerabilities.
2. Process isolation: Apps run in their own secure sandboxes, ensuring that even malicious or buggy apps can’t compromise other parts of the system.
3. Message-passing communication: Processes interact only through secure, managed message-passing, reducing attack surfaces.
This architecture allows Passport Prime to securely support multiple apps running side-by-side while KeyOS manages permissions and ensures airtight security.
Building KeyOS: A Two-Year Journey
KeyOS is completely open source and built on the kernel of the remarkable Xous project, from which we also incorporate their ‘avalanche noise source’ technology directly into our Passport hardware wallet. For those unfamiliar, Xous was created by hardware hacker Bunnie and his collaborator Xobs as part of the Precursor and Betrusted initiative, a crowdfunded effort to build an open-source, secure communications platform with a microkernel OS written in Rust.
We started with the Xous kernel and a few key services and ported it from RISC-V to ARM architecture, customized it for Passport Prime, and implemented drivers for every component of the device. Our team also added modern graphics support and developed core apps that leverage the power of KeyOS, and we are proud to be ranked as the #5 and #6 contributors to Xous on GitHub. Think of KeyOS vs. Xous the same way as Ubuntu vs. Linux kernel. KeyOS is essentially the first distro of Xous.
Breaking the Performance Barrier
Most security devices force users to compromise. You either get:
1. Modern hardware with high-resolution, color touchscreens, or
2. Secure hardware with subpar performance
KeyOS breaks this trade-off. Running on a 500 MHz security processor, Passport Prime delivers smartphone-like responsiveness in a highly secure environment.
Unlike other devices, which rely on slow, off-the-shelf components and bloated software and operating systems (like Android), we built everything in-house:
1. The operating system
2. The drivers
3. The apps
This bare-metal, vertically integrated approach unlocks unparalleled speed and ease of use on Passport Prime. It’s a true breakthrough for security hardware.
Enabling Third-Party Apps
One of the most exciting aspects of KeyOS is its potential as a developer platform. Developers will be able to permissionlessly create and distribute apps for Passport Prime.
We’re building an SDK, comprehensive documentation, and an app catalog to make this process as seamless as possible. Our first integration is with Cake Wallet, the popular privacy wallet.
Why this is game-changing
1. Flexibility: Developers can bypass the restrictive APIs of other devices and build apps that match their vision. They can bring their logo and familiar UI right into KeyOS.
2. Security: All apps are sand-boxed with hardened, derived child seeds, ensuring your funds are always safe even if an app is compromised.
3. Transparency: Apps distributed through our Envoy app catalog must be open source and have reproducible builds, so users can verify what they’re running on Passport Prime.
With the Cake Wallet app, Passport Prime will support privacy wallets, offering a best-in-class cold storage experience. Users of Monero will finally have a great experience securing their assets in cold storage.
Join the Developer Community
We’re inviting all Bitcoin, privacy, security, and cryptocurrency developers to build apps for Passport Prime. Passport Prime offers an open, flexible platform to bring your ideas to life.
Interested developers can sign up on our website to get started. Apps will be distributed through the Envoy app and a dedicated app catalog, making installation and updates effortless. Developers can also distribute apps directly to their users if desired.
The Future of Passport Prime
KeyOS represents a new standard in security, performance, and expandability for hardware wallets. By combining a cutting-edge microkernel design with open-source principles, we’re not just building a secure device but creating a platform for innovation.
Stay tuned for more updates as we continue to expand the possibilities of KeyOS and Passport Prime. Whether you’re a user or a developer, we can’t wait to see what you’ll build.
Explore More:
Discover all the details about Passport Prime on our website, and watch our official launch keynote video to see our vision for secure, open-platform innovation in action.