SECURITY

Security is our foundation.

Foundation products are built for verification: open source hardware and software, published security models, independent audits, reproducible build checks, and private disclosure paths.

View security audits Our GitHub

PRODUCT SECURITY MODELS

Security models you can inspect.

Foundation publishes security models and source materials so customers, researchers, and builders can evaluate the assumptions behind each device.

Passport CoreAir-gapped Bitcoin hardware with a published model for threat assumptions, firmware protections, and hardware security boundaries.View security model Passport PrimeHuman Authority Hardware running KeyOS, built around sandboxed apps, dedicated security chips, trusted display, and physical approval.View KeyOS source

INDEPENDENT SECURITY AUDITS

Reviewed by outside security researchers.

These audit files are hosted by the new Hydrogen site, so they remain available after the legacy WordPress site is retired.

Keylabs / 2025Passport Prime Security AuditIndependent hardware security review for Passport Prime.Open PDF Foundation / 2025Passport Prime Audit ResponseFoundation response and remediation notes for the Passport Prime audit.Open PDF Keylabs / 2021Passport Core Security AuditIndependent security audit for Passport Core hardware and firmware.Open PDF Foundation / 2021Passport Core Audit ResponseFoundation response and remediation notes for the Passport Core audit.Open PDF

REPRODUCIBILITY

Built to be verified.

Open source is not just a promise. Passport firmware can be checked against independently reproduced builds and public source code.

WalletScrutinyPassport Founder's EditionIndependent reproducible-build review for the original Passport hardware wallet.View review WalletScrutinyPassport Core Batch 2Independent reproducible-build review for second-generation Passport hardware.View review

SECURITY RESOURCES

Report issues, verify releases, inspect the code.

Security works best when the path is obvious: private disclosure for vulnerabilities, public repositories for source review, and signed release materials for firmware verification.

Responsible disclosureIf you believe you have found a vulnerability, report it privately and avoid posting details publicly until we can investigate.View policy PGP keysDownload Foundation public keys for GitHub signing, Envoy releases, security disclosures, and private email contact.View PGP keys Firmware verificationVerify Passport Prime firmware source and release signatures with Foundation documentation before installing updates.View verification docs Open source repositoriesReview Foundation hardware, firmware, app, and KeyOS repositories directly on GitHub.Open GitHub

HAVE QUESTIONS ABOUT SECURITY?

Send security reports privately.

Use the form below for private security disclosure. Please do not include seed phrases, private keys, or wallet passwords.