Skip to main content

Tag: passport core

From QR Air-Gapping to QuantumLink: What Comes Next

Posted on by

Passport Core pioneered modern QR-based air-gapped self-custody and helped bring offline signing into the mainstream. Today, we’re taking the next step forward with Passport Prime and QuantumLink, a new device and communication architecture designed to preserve the core security principles behind Passport Core, while unlocking an entirely new class of secure, real-time interactions.

As part of this transition, production of Passport Core is coming to an end, while full support for existing devices continues.

Pioneering the QR

Passport Core was built around a very specific idea: maximum security through QR-code air-gapping.

No cables. No Wi-Fi. No active connection of any kind.

Information is shared between Passport and your phone or computer via animated QR codes or by transferring files on a microSD card. From a security perspective, this model is excellent, and it remains one we strongly believe in.

Passport Core didn’t just adopt QR air-gapping; it helped define how modern QR-based signing works across wallets and devices today. When Passport Core launched, QR-based air-gapping wasn’t new, but it was rarely done well. We focused heavily on making the experience approachable by pairing strong security with an intuitive interface and thoughtfully designed hardware. We collaborated closely with open-source wallet teams and groups like Blockchain Commons to help advance shared standards, ensuring compatibility with the tools people already used.

The result was a QR air-gap that was both highly secure and usable.

But building and supporting QR air-gapped systems at scale also gave us a deep understanding of their practical limits, and also gave us a front-row seat to the model’s limitations.

The UX Constraints of QR Air-Gapping

With QR-based air-gapped workflows, devices operate asynchronously.

One device prepares data. Another device waits to scan it. The user manually coordinates the entire process.

For many users, especially those new to self-custody, this introduces friction and uncertainty:

  • Where do I begin the process?
  • Which device should I be using right now?
  • Did I miss a step?
  • How do I know when it’s complete?
  • How do I safely update the firmware?

Even with strong UX design, QR-based air-gapping inherently requires users to manage complex workflows between disconnected devices. This creates unavoidable cognitive overhead.

Beyond usability, the broader trajectory of Bitcoin and digital security is also evolving. New script constructions, emerging output types, and early work toward quantum-resistant cryptography point toward more expressive and interactive security models. These increasingly benefit from devices that can coordinate state, intent, and policy in real time, something QR-based systems naturally struggle to support without heavy user involvement.

Bridging the Gap with QuantumLink

QR air-gapping gave us a clear, security-first foundation, but it also locked the experience into a single way of working. For users willing to invest the time, that model can be extremely effective. For many others, the rigidity itself became the barrier.

That led us to a different question:

Can we combine the security properties of an air-gap with the convenience of wireless communication — without compromising security?

The answer is QuantumLink.

QuantumLink is a secure Bluetooth-based protocol designed from the ground up for Passport Prime. It is not generic wireless connectivity layered on top of a hardware wallet, but a purpose-built communication architecture that maintains the isolation properties central to air-gapped security, while also enabling real-time interaction.

Here’s what makes it different:

  • Dedicated hardware separation: Passport Prime includes a separate Bluetooth chip, fully isolated from the main security processor running KeyOS.
  • Quantum-resistant encryption: All communication uses modern cryptography, including CRYSTALS-Kyber key exchange and ChaCha20-Poly1305 encrypted messaging.
  • Untrusted wireless layer: The Bluetooth chip handles only encrypted data. It never has access to plaintext information.

This means Passport Prime can stay securely in sync with companion apps like Envoy, enabling real-time onboarding, transaction signing, firmware updates, and policy interactions, without exposing private data or weakening isolation.

Within KeyOS, every app runs inside its own isolated sandbox. Each app is issued its own per-app private keys, with no access to the device’s master key, no ability to influence the operating system, and communication between apps handled only through signed, encrypted OS-managed channels.

Physical confirmation is required for all sensitive actions, connections, and disclosures.

Even if a companion device or app were compromised, KeyOS’s architecture prevents it from affecting Passport Prime or accessing private keys.

Passport Prime also supports multiple interaction methods. Users can continue to leverage QR codes, NFC, or USB if they prefer, all within the same secure framework.

What This Means for Passport Core Users

Passport Core is no longer for sale – but it remains a fully supported, secure, air-gapped hardware wallet.

  • You can continue using it normally with Envoy and open-source wallets like Sparrow or Nunchuk
  • Its QR-based air-gap security model remains unchanged
  • We will continue providing security updates and usability improvements
  • All warranties are fully honored

Looking Ahead

Passport Core established QR-based air-gapped signing as a practical, open, and secure standard for self-custody.

The lessons learned from building it, both its strengths and its limits, help to shape Passport Prime.

For those who prefer strict air-gapping, later this year we’ll be exploring an “air-gap only” KeyOS configuration option for Passport Prime that completely disables the Bluetooth chip, allowing Prime to operate entirely without wireless communication.

If you have questions or want to discuss the transition further. You can reach us at [email protected] or join us in the Foundation community forum 

Thank you for sharing this journey with us.

— The Foundation Team

Passport Core Version 2.3.11 is Now Live!

Posted on by

We’re excited to announce that the latest version of Passport Core firmware – 2.3.11 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

WHAT’S CHANGED

With this minor version of Passport Core firmware, we’ve added the ability to connect to Bull Bitcoin wallet, updated Casa’s logo, and fixed a minor bug.

For more details on each of the changes, keep reading below!

NEW FEATURES

  • Added the Bull Wallet connection flow – Support for Bitcoin Bull Wallet withdrawals to Passport Core has now been added. This gives users a straightforward way to move Bitcoin from Bull Wallet into self-custody, with transaction signing handled on Passport Core.

    Bull Wallet serves as a reliable Bitcoin, Lightning and Liquid wallet for holding and spending sats, and now Passport Core can be connected to securely receive and sign for funds offline.

IMPROVEMENTS

  • Updated Casa logo

BUG FIXES

  • Fixed a minor issue where Passport Core would try to install Founder’s Edition software if the user manually provided the wrong update file. It would already fail, but we updated this behavior so it detects it and refuses to attempt the upgrade from the start.

VERIFYING, REPRODUCING, AND INSTALLING PASSPORT FIRMWARE

If you’d like to verify and install the latest version of Passport Core manually, you can follow our guide on the topic here: Firmware Update support page

If you’d like to take the additional step of testing the reproducibility of Passport Core firmware, you can follow our guide on the topic here: Reproducibility Guide.

Passport Version 2.3.9 is Now Live

Posted on by

The latest version of Passport firmware – 2.3.9 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

WHAT’S CHANGED

This is a bugfix release for Passport 2.3.8.

BUG FIXES

  • Fixed a bug that caused signing errors for some multisig users under specific spending conditions

  • Improved error handling

VERIFYING, REPRODUCING, AND INSTALLING PASSPORT FIRMWARE

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page

If you’d like to take the additional step of testing the reproducibility of Passport’s firmware, you can follow our guide on the topic here: Reproducibility Guide.

Passport Version 2.3.8 is Now Live!

Posted on by

We’re excited to announce that the latest version of Passport firmware – 2.3.8 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

WHAT’S CHANGED

For more details on each of the changes, keep reading below!

IMPROVEMENTS

  • Onboarding updated for Envoy 2.0 compatibility

  • Added a black splash screen for Stealth units

BUG FIXES

  • Fixed signing error when consolidating SegWit into Taproot addresses

  • Fixed a non-user-facing issue where the keypad test was not functional upon provisioning new devices in the factory

VERIFYING, REPRODUCING, AND INSTALLING PASSPORT FIRMWARE

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page

If you’d like to take the additional step of testing the reproducibility of Passport’s firmware, you can follow our guide on the topic here: Reproducibility Guide.

Passport is now Passport Core

Posted on by

Five years ago, we started Foundation to build tools that empower you to take full control of your wealth, security, and privacy. From day one, we knew that hardware wallets needed to evolve – self-custody should be easy to use, intuitive, open-source, and secure without compromises.

We introduced our first generation Passport hardware wallet in mid 2020 and have been building ever since. Today, with many thousands of users and a growing suite of devices, we are excited to announce that Passport is now called ‘Passport Core’ and will live alongside our upcoming Passport Prime. And – by overwhelming customer demand – we’re introducing an exclusive Stealth colorway for Passport Core!

Stealth colorway Passport Core is now available to order, and begins shipping in six weeks. Please note that the Classic colorway is sold out due to overwhelming demand.

Passport Founder’s Edition: A Bold First Step

As Bitcoin adoption surged, we asked an important question: how will people secure their coins? Will they trust third-party custodians, or will they embrace self-sovereignty?

In 2020, existing hardware wallets made too many compromises – closed-source firmware, frustrating user interfaces, and security models that weren’t designed for the next generation of Bitcoiners. We knew the future demanded something better.

That’s why we built Passport Founder’s Edition. An elegant, open-source hardware wallet designed with sovereignty in mind. This first batch quickly sold out, proving that people were ready for a superior alternative.

What Made Founder’s Edition Special?

  • Premium materials. A soft-touch plastic shell with a durable copper-plated zinc alloy frame.
  • Intuitive design. A large screen with physical navigation pads and an alphanumeric keypad for seamless operation.
  • Airgapped security. No USB, no Bluetooth, no wireless, only microSD and QR code transactions.
  • Fully open source. Built with transparency, leveraging a battle-tested security architecture.
  • Proudly assembled in the USA. Enabling us to be physically present to ensure security and quality standards.

The response was overwhelming, reinforcing our belief that Bitcoiners desired better tools. But this was just only the beginning.

Passport → Passport Core

As you know it today, Passport is now renamed to Passport Core. We believe it deserves its own identity as the #1-rated Bitcoin hardware wallet, offered alongside our newest Passport Prime device.

After the success of the Passport Founder’s Edition, we didn’t just sit back – we listened! We gathered feedback from early adopters and the broader Bitcoin community to understand what worked, what could be improved, and how we could refine Passport to make it even better.

One of the biggest challenges we faced was balancing top-tier security with accessibility. While the Founder’s Edition was a hit, we knew that continued Bitcoin adoption required a hardware wallet that was just as powerful, but even easier to use, more affordable, and more refined. So we introduced a second-generation Passport model originally referred to as Passport Batch 2.

Key Upgrades in Passport Core (previously ‘Batch 2’)

  • More accessible pricing. We optimized production without compromising security and updated the electromechanical design, making Passport available for just $199 at launch – bringing self-custody to even more people.
  • A refined, slimmer design. Nearly 20% thinner than Passport Founder’s Edition, improving ergonomics while maintaining its robust construction.
  • Upgraded power system. We replaced AAA batteries with a widely available, replaceable Nokia BL-5C lithium-ion battery for longer battery life and a more user-friendly experience.
  • Power-only USB-C charging. To preserve Passport’s air-gap while offering easier charging, we introduced a power-only USB-C port with no data connections.
  • A high-resolution color display. A vibrant IPS screen significantly enhances readability and QR code scanning in all lighting conditions.
  • Reinforced security. We kept our battle-tested STM processor and fully air-gapped design, and upgraded the secure element to the latest generation – ensuring the same uncompromising security.

We also reimagined the user experience. Passport Batch 2 introduced an updated interface designed to be simpler, more intuitive, and faster to navigate. This allowed users of all experience levels to seamlessly manage their Bitcoin without unnecessary complexity.

Introducing Passport Core in Stealth

The same security. The same seamless experience. But now, with a fresh new aesthetic.

Many of you have asked for more customization, and we’ve listened. While the Classic colorway remains as popular as ever, we’re excited to introduce a new look to meet our most frequent customer request!

Today, we’re officially announcing Passport Core in Stealth**,** a bold, refined new take on the hardware wallet you already trust. A sleek and modern design for those who prefer a more understated look.

Nothing about Passport Core security has changed, it’s still the same air-gapped, open-source, self-custody tool you trust. But now, you have the option to own a version that reflects your style.

Why Stealth?

As we ramped up production, demand for Passport Core remained incredibly strong, with the Classic colorway consistently selling out (we are sold out again today!). So, we decided to offer more choice, introducing the Stealth colorway as a new alternative for those who want a more discreet look.

  • Aesthetic preference. A new colorway that aligns with the preferences of the Bitcoiners who prefer subtle, sleek designs.
  • Same trusted security. Every security feature of Passport remains untouched, only the look has changed.
  • More ways to self-custody. Your Bitcoin, your keys, your choice, now in a new aesthetic.

Demand remains high, and we anticipate that the traditional Classic colorway will remain out of stock.

Passport Core: One Standard, Two Colorways

Today, many thousands of Passport Core devices are in the hands of Bitcoiners across the globe, protecting their wealth and securing their sovereignty. Your trust, feedback, and unwavering support have helped shape Passport Core into the best Bitcoin hardware wallet on the market. Now, with two distinct colorways, Classic and Stealth, you have even more choice in how you secure your Bitcoin. Whether you prefer the original design or a more low-profile, discreet aesthetic, Passport Core delivers the same uncompromising security and usability.

The Foundation Product Family: Built for Freedom

At Foundation, our mission is to build tools that empower people to reclaim their freedom. With more ways than ever to take control of your Bitcoin and entire digital life, our product family continues to grow.

Here’s how each of them plays a role in that journey.

Passport Core

The trusted Bitcoin hardware wallet that sets the standard for self-custody. Now available in two colorways Classicand Stealth, Passport Core is fully air-gapped, open-source, and assembled in the USA.

🔗 Learn more

Passport Prime

A first-of-its-kind personal security platform, Passport Prime goes beyond the hardware wallet. With 2FA, Bitcoin wallet, file storage, and more, Prime is designed to protect all aspects of your entire digital life.

🔗 Learn more

Envoy Mobile Wallet

Envoy is more than just a Bitcoin wallet, it’s the perfect companion to Passport Core & Prime. With an intuitive interface, seamless onboarding, and powerful privacy tools, it’s the easiest way to send, receive, and manage Bitcoin securely.

🔗 Learn more

Concierge Support

Self-custody can be intimidating, especially if you are new to Bitcoin. Concierge onboarding is a personalized 60-minute onboarding session for your Passport.

🔗 Learn More

With our Vault Concierge bundle, receive 3 Passport Core and 2 hours of expert guidance to create a 2-of-3 multisig vault in Sparrow, BlueWallet, or Nunchuk. No privacy leaks by sharing wallet info with trusted third parties. No subscriptions. Priority support.

🔗 Learn More

With three powerful products and our personalized onboarding support. Foundation is building a complete ecosystem for Bitcoin sovereignty and digital security.

Thank you for being part of this journey. 🧡

Passport Version 2.3.5 is Now Live

Posted on by

The latest version of Passport firmware – 2.3.5 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

WHAT’S CHANGED

After the release of firmware v2.3.4, a small number of users reported their updates getting stuck at “98% Verifying Signatures.” While this issue did not affect the functionality or security of the device, we took immediate action to investigate and resolve it. With the release of firmware v2.3.5, this problem has been fixed for those affected users.

We’ve already reached out directly to customers known to be experiencing this issue and provided simple steps to resolve it. However, if you encounter the same problem when updating your Passport firmware, our support team is ready to assist. Just get in touch, and we’ll guide you through the process of upgrading to the latest v2.3.5 version.

To prevent further occurrences, we’ve removed the affected firmware files (v2.3.2 and v2.3.4) from our GitHub repository. We apologize for any inconvenience this may have caused and sincerely thank our customers for their patience while we worked to fix the issue. Your feedback helps us continually improve, and we appreciate your support.

If you’re still experiencing issues or need further assistance, don’t hesitate to reach out. You can visit our Support Page , or contact our support team directly via Telegram.

 

BUG FIXES

  • Fixed an issue where upgrading from 2.3.2 or 2.3.4 was getting stuck at 98% completion.

  • Fixed a typo in the firmware update flow.

 

VERIFYING, REPRODUCING, AND INSTALLING PASSPORT FIRMWARE

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page

If you’d like to take the additional step of testing the reproducibility of Passport’s firmware, you can follow our guide on the topic here: Reproducibility Guide.

Passport version 2.3.4 is now live!

Posted on by

We’re excited to announce that the latest version of Passport firmware – 2.3.4 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

WHAT’S CHANGED

With this version of Passport’s firmware, we’ve worked closely with the Casa team on a number of small fixes to restore full compatibility with their excellent multisig service.

BUG FIXES

  • Casa users will now be able to properly perform health checks for their setups
  • ​Minor visual bugfixes involved in niche scenarios

    ​​

VERIFYING, REPRODUCING, AND INSTALLING PASSPORT FIRMWARE

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page

If you’d like to take the additional step of testing the reproducibility of Passport’s firmware, you can follow our guide on the topic here: Reproducibility Guide.

Passport version 2.3.2 is now live!

Posted on by

We’re excited to announce that the latest version of Passport firmware – 2.3.2 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

 

WHAT’S CHANGED

With this version of Passport’s firmware we’ve added one of the most requested features — ephemeral seed support! You can now easily use ephemeral seeds in several ways, directly on Passport. We’ve also added the ability to sign messages via QR code, and added a connection flow for Fully Noded.

For more details on each of the changes, keep reading below!

 

NEW FEATURES

  • Seeds can now be loaded temporarily in three ways:
    • Ephemeral seeds can be used instead of a permanent seed phrase. This is great for advanced users that do not want to permanently store any seeds on Passport. When turning on Passport you can scan in a SeedQR or manually enter a seed, then use Passport as you normally would to connect to wallet software and sign transactions. The seed will be forgotten when Passport is turned off.
    • Ephemeral seeds can also be used alongside a permanent seed phrase. Keep a main or ‘master’ seed phrase on Passport as normal, but also temporarily load a seed phrase from the ‘More’ page at any time. That temporary seed will be forgotten when you shut down Passport or you can manually remove it from the same menu. Once you’re done with the ephemeral seed, Passport will go back to using it’s primary seed just like before!
    • Ephemeral seeds can be loaded from Key Manager alongside a permanent seed phrase. Ever needed to help a friend or family member spend from the child key you created for them? Just head to the Key Manager page, select any seed from your list and load it temporarily.
    • Learn more about temporary seeds in our docs.

 

  • Passport can now be used to sign messages via QR code!

 

  • Added Fully Noded to Passport’s wallet connection options.
    • Fully Noded is an open source and feature packed iOS and Mac app designed to connect and remotely manage your Bitcoin node, Lightning channels and offline wallets. 
    • Learn more about Fully Noded.

 

IMPROVEMENTS

  • Improved the microSD signing flow by removing unnecessary options.
  • Expanded the suggested words to 10 in the import seed flow to capture edge cases where importing a seed using only four letters could sometimes not display the expected word.
  • Added Address Explorer to the Postmix extension.
  • Added the Theya single signature connection flow.
  • Updated the supported UR types to be in line with the Blockchain Commons standard.
  • Added a new warning screen if outdated or unrecognized UR types are scanned.
  • Additional firmware file state check before installation.
  • New wallets now default their multisig policy to “Ask to Import”.
  • The multisig wallet import question is now more streamlined and the decision point is clearer.
  • Improved some wording and updated some icons to make them more consistent across all the menus.

 

BUG FIXES

  • Fixed an issue where users could get stuck in a screen if an obscure flow path was followed in some multisig pairing flows.
  • Fixed an issue where trying to manually add account #0 would crash Passport.
  • Fixed a minor issue where Passport would remember the device name after the device was erased from Settings.
  • Fixed an issue where Passport would sometimes improperly create the QR displayed in the Casa extension.
  • Fixed a minor seed entry issue on restore.
  • Fixed an issue where trying to sign a taproot PSBT for an incorrect wallet would fail without showing the fingerprint required.
  • Fixed a visual bug where the found and required fingerprints in some error messages were switched.

 

VERIFYING, REPRODUCING, AND INSTALLING PASSPORT FIRMWARE

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page

If you’d like to take the additional step of testing the reproducibility of Passport’s firmware, you can follow our guide on the topic here: Reproducibility Guide

Passport version 2.3.1 is now live!

Posted on by

We’re excited to announce that the latest version of Passport firmware – 2.3.1 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

WHAT’S CHANGED

With this version of Passport’s firmware we’ve added connections to Theya, Zeus, and Coinbits, updated dependencies, and made reproducible builds more resilient to upstream changes.

For more details on each of the changes, keep reading below!

NEW FEATURES

  • Added Theya integration to Passport’s wallet connection options.
    • Passport users can now use their Passport directly in Theya’s fantastic new multisig service!
    • Learn more about Theya.
  • Added Zeus integration to Passport’s wallet connection options.
    • Zeus is a powerful open-source Lightning wallet, with the first direct hardware wallet integration in the space. Zeus v0.9.0 will allow you to directly open and close channels to and from Passport, without the need for any additional transactions to a hot wallet.
    • Learn more about Zeus.
  • Added Coinbits to Passport’s wallet connection options.
    • Coinbits is an all-in-one app and service to make it easier to buy, spend, and save Bitcoin. They have recently added hardware wallet support and are featuring Passport as their go-to recommendation!
    • Learn more about Coinbits.

IMPROVEMENTS

  • Updated dependencies, including rust-secp256k1.
  • Improved the way upgrade errors are handled.
    • Starting with v2.3.1, any upgrade failures will report an error indicating where the problem originated, instead of just freezing in the completion circle.
  • Updated all references to foundationdevices.com to our new site, Foundation.xyz.

BUG FIXES

  • Improved the resiliency of reproducible builds in Docker.
  • Fixed some false warnings being reported when compiling.

VERIFYING, REPRODUCING, AND INSTALLING PASSPORT FIRMWARE

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page

If you’d like to take the additional step of testing the reproducibility of Passport’s firmware, you can follow our guide on the topic here: Reproducibility Guide

Passport version 2.3.0 is now live!

Posted on by

We’re excited to announce that the latest version of Passport firmware – 2.3.0 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

WHAT’S CHANGED

We’re beyond thrilled to be able to release Passport firmware v2.3.0, including full Taproot support, revamped passphrase behavior, an all-new address explorer, master seed SeedQR export, 12-word seed phrase support, 12th/24th word generation for advanced users, and native OP_RETURN message viewing and signing.

This release is one of our largest to date and includes a massive amount of new features, improvements, and bug fixes.

For more details on each of the changes, keep reading below!

NEW FEATURES

  • Say hello to full Taproot support in Passport 🥕
    • Passport now has full support for sending and receiving using Taproot, making the combination of Envoy and Passport a powerful way to leverage the latest and greatest tech that Bitcoin has to offer.
    • Note: existing Passport users will need to re-pair Passport to add Taproot-specific accounts (Envoy will automatically prompt you to do this the first time you enable Taproot).
    • Envoy must be on v1.5.0 or greater to use Taproot in Envoy directly.
  • Passport now has full support for verifying and displaying OP_RETURN messages directly on-screen.
  • Account and multisig configuration displays have been reworked to make them contextual to the currently active wallet.
    • Previously additional accounts were displayed irrespective of there being a passphrase applied or not.
    • Now, you’ll only see the account(s) specific to the currently active wallet. For example, if you’ve only ever used account #2 named 'Savings' under the passphrase 123abc, then you’ll only see that account when the passphrase 123abc is active. The same also applies to multisig configurations.
  • You can now export Passport’s master seed phrase via SeedQR, if desired.
    • Please note that this contains your seed phrase in a QR format, and so should be treated just as carefully as your seed phrase itself! Don’t scan it with your camera app, save it in an image, etc.
    • Both Compact and standard SeedQR are supported.
    • You can find the SeedQR export when viewing your seed phrase by using the left-select button to open the SeedQR export menu.
  • We’ve added a brand new address explorer, allowing you to browse receive addresses directly on Passport and even display them as QR codes!
    • Note that since Passport is an air-gapped wallet, it cannot know which addresses have or have not been used, or what your balance is.
    • You can easily access the new address explorer under the “Manage Account” section of each account.
  • Passport now allows the creation of 12 word seed phrases, and defaults to 12 word seed phrases during onboarding.
    • Users can still choose 24 word seed phrases if desired.

    • We’ve gone in-depth in a past blog post on why, but 12 word seed phrases are more secure than necessary and easier to backup and recover than 24 word seed phrases. If you’re curious for more background, read our blog post:
  • Advanced users can now generate 11 or 23 words offline, import into Passport, and Passport will automatically calculate the checksum 12th or 24th word when importing the new seed.
    • Note that if a seed is generated outside of Passport, we cannot guarantee it was done securely! There have been many cases recently of users improperly generating a seed phrase (i.e. not providing enough randomness/entropy) and having funds stolen as soon as they send them to the new seed.
    • We always recommend allowing Passport to generate new seeds for you unless you are an advanced user that understands the risks with manual seed generation via dice rolls etc.
  • You can now set a custom name for your Passport!
    • This name will be displayed on boot, making it easier to distinguish between your various Passport devices.
    • This new setting can be found under Device > Device Name in settings.
  • You can now check the exact percentage of battery Passport has in the settings under Device > Battery.

IMPROVEMENTS

  • We’ve improved address display based on the Bitcoin Design guidelines, making it easier than ever to verify addresses on Passport!
  • Verifying addresses on Passport is now significantly faster.
  • Passport now only prompts a single/multisig wallet type choice when verifying addresses if there is a multisig config imported for the active wallet fingerprint.
  • Users can now optionally display the seed words on-screen when first setting up Passport and using encrypted backups.
  • Improved how headers are displayed when creating or importing seeds to better reflect which step of the process a user is on.
  • Added a prompt to users setting up Passport to ensure they are in a private or secure place before carrying out the setup process.
  • Removed an unnecessary prompt to select or delete firmware when going through the firmware update flow.
  • Removed unnecessary imports in the firmware compilation process, optimizing Passport firmware size.
  • Backups can now be restored from anywhere on a microSD card, not just from the “proper” backups folder.
  • Browsing files on microSD no longer has a 20 file limit.
  • Improved minor error message dialogues.
  • Auto-shutdown has been lengthened for the onboarding process to avoid accidental shutdowns during onboarding.
  • Improved the success icon when verifying addresses.
  • Verifying reproducible builds of Passport firmware is now possible without granting Docker root permissions.
  • Wasabi Wallet has been removed from the list of export options.

BUG FIXES

  • Fixed an incorrect warning dialogue when backing out of a manual encrypted backup.
  • Key Manager seed export no longer displays a setup screen that was there by mistake.
  • Fixed an issue where you couldn’t go back in the Predictive text explainers.
  • Fixed an issue where pressing back on SeedQR recovery screens would throw an error.
  • Fixed an issue where using the # character in an account name would break account name display.
  • Fixed a minor bottom menu selection display bug after exporting to SeedQR
  • Fixed a minor visual issue where the header would start scrolling in FE because it was too long.
  • Security words can only be enabled if you input the pin again correctly now.
    • Thanks to @backtopyramidone on Github for the report!
  • Improved the setup flow after resetting Passport to prevent a potential bug.

VERIFYING, REPRODUCING, AND INSTALLING PASSPORT FIRMWARE

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page

If you’d like to take the additional step of testing the reproducibility of Passport’s firmware, you can follow our guide on the topic here: Reproducibility Guide

Passport version 2.2.0 is now live!

Posted on by

We’re excited to announce that the latest version of Passport firmware – 2.2.0 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

WHAT’S CHANGED

With this version of Passport’s firmware we’ve added the ability to seamlessly switch back and forth between signing via QR and microSD, added the ability to restore from SeedQR, improved the user interface on Founder’s Edition, and added many quality of life improvements across the board. With the number of new features we included in 2.1.0, we took this release to focus on refining our unified firmware between Founder’s Edition and Batch 2, as well as paving the way for full Taproot support in 2.3.0.

For more details on each of the changes, keep reading below!

NEW FEATURES

  • Automatically detect when a transaction being signed via QR is very large and prompt the user with the option to sign via microSD instead.
    • When a transaction is very large signing via QR codes can take quite a long time. This change makes it much easier for users to switch to signing via microSD before going through the hassle of trying to sign an excessively large QR code.
  • You can now write a signed transaction out to microSD directly from the animated QR screen on Passport.
    • Changed your mind and want to use microSD for that transaction you just signed? Now you can do so all from the same screen without having to go through the process of signing again.
  • You can now import a SeedQR directly into Passport when restoring from seed.
    • Easily import a SeedQR from an existing wallet or restore from a SeedQR backup of Passport with a simple QR scan.

IMPROVEMENTS

  • Further improved signing of abnormally large transactions via both QR code and microSD.
  • Added an automatic encrypted microSD backup step when restoring Passport from a seed phrase.
  • Improved the spacing and alignment of text throughout the menu UI on Founder’s Edition to better account for the slightly different screen sizes.
  • Implemented secp256k1 support from rust-bitcoin, a requirement for full Taproot receive support in a future update.
  • We now create directories automatically on the microSD card as needed for storing partially-signed Bitcoin transactions (PSBTs), multisig configs, wallet configs, health checks, and Key manager.
    • This makes managing files much easier, especially when viewing the contents of your microSD card on a computer.
  • Passport now uses a 3-digit code for sorting backup files, ensuring that backups are easier to distinguish and sort.
    • Backups are now also sorted in reverse order, so you’ll always find your latest backup at the top when restoring or viewing existing backups!
  • Added additional context when setting a passphrase to ensure users understand that all passphrases are valid, and that Passport will clear passphrases upon shutdown.
  • Initial address verification for new accounts is now much faster.
  • Optimized fonts to free up some space in firmware.
  • Improved the Foundation icon when setting up a new Passport Founder’s Edition device.
  • Improved special character selection.
  • Upgraded to the latest version of foundation-rs, our open-source Rust library.
  • Removed unnecessary USB files, correcting a minor licensing display issue and simplifying compilation.
  • Improved copy and behavior of hiding and showing hidden keys in Key Manager.
  • Improved the behavior of the passphrase application flow when a user incorrectly enters a passphrase and notices the fingerprint does not match.
  • Improved copy on the account details screen regarding the derivation path.
  • Improved the way top icons are displayed on Founder’s Edition.
  • Improved battery level detection and display on Founder’s Edition.

BUG FIXES

  • Fixed a rare bug that wouldn’t properly display the message after a device is bricked after 21 failed PIN attempts.
  • Passport now properly displays an error when an unusable QR code is scanned that the user can close.
  • Passport now properly resumes saving a file if a microSD card is inserted at the “Missing microSD card” screen.
  • Fixed a display issue when canceling a transaction before signing.
  • Fixed a rare bug where big transactions would occasionally prevent Founder’s Edition from displaying the signed QR code transaction.
  • Fixed a minor display issue with specific, long-form error messages.
  • Fixed a minor issue when exporting to Sparrow under rare circumstances.

VERIFYING, REPRODUCING, AND INSTALLING PASSPORT FIRMWARE

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page

If you’d like to take the additional step of testing the reproducibility of Passport’s firmware, you can follow our guide on the topic here: Reproducibility Guide

How Passport protects your Bitcoin

Posted on by

Take a minute and ask yourself two simple questions: who or what are you trying to protect your Bitcoin from? How far are you willing to go to protect it?

These two questions are the root of a concept called “threat modeling”, and should be the basis for deciding what steps you take to secure your Bitcoin. Answering these two questions properly requires an understanding of what threats are out there to your Bitcoin and how they can be prevented.

In today’s blog post we’re going to walk through the most common threats to a Bitcoiner’s sats and break down how Passport helps to keep your savings safe.

Loss of funds

The threat: While this isn’t an intentional attack by a bad actor, it’s by far the most common way that people lose their Bitcoin. If proper backups aren’t kept, frequently tested, and broadly distributed, loss of funds is an ever present risk.

Losing your Bitcoin can certainly happen due to unforeseen events like house fires and floods, but it most often comes as a result of over-complicated setups and unplanned inheritance. It’s easy to want to always be on the cutting edge of security and wallet setups in the Bitcoin space, but it often pays to follow the old “KISS” (”keep it simple, stupid!”) adage when it comes to storing your Bitcoin!

Be sure that you thoroughly test the recovery process of whatever setup you do decide, and ensure that those you want to pass your Bitcoin on to can follow the recovery process without any additional help or input from you. It pays (in sats!) to be thorough and diligent when it comes to storing your Bitcoin.

An example: Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes | NY Times

How Passport protects you: Passport takes two major approaches to helping you preserve access to your Bitcoin: (1) providing users the necessary tools to write down their seed phrase and/or backup PIN code safely, and (2) providing encrypted microSD backups as the default option. Our goal with Passport backups is to prevent losing Passport from being a life altering event, instead equipping you to easily and safely restore funds anytime.

Encrypted backups in particular provide a uniquely powerful backup method, as you can easily distribute encrypted backup files broadly, be it your favorite cloud service, your password manager, or many different microSD cards or USB flash drives. As the backup file itself is encrypted, even if an attacker stumbles upon it they won’t be able to tell what it is, much less access the seed phrase within it without the associated backup PIN code. Then simply make multiple, geographically distributed copies of your backup PIN code (never together with your encrypted backup file!) and you’ll always have the ability to recover funds.

For the more traditional Bitcoiner, you can choose any number of backup methods for the seed phrase itself, including steel backups to ensure that fire and weather can’t harm your backups.

Learn more: Why we love encrypted microSD backups

Social engineering

The attack: The idea of social engineering is as old as time, but has become even more rampant in the digital age. When it comes to Bitcoin, often the largest risk to a user’s funds is someone online tricking them to install malicious firmware or enter their seed phrase directly into malicious software.

How Passport protects you: Passport prevents the installation of any firmware that is not signed by Foundation’s developer keys, ensuring that even if you get a malicious firmware file from an impostor site or fake support agent, there is no way for you to install the firmware onto your Passport.

When it comes to scams centered on tricking users to enter their seed phrase, while there is no technical way to prevent this (a user always needs to be able to access their seed phrase for backup purposes), Passport forces a user to go through several prompts warning them not to share or reveal their seed phrase to anyone else.

Malware on your computer or phone

The attack: Malicious software wallets are a constant, ongoing battle in the Bitcoin space and have claimed many sats from good Bitcoiners over the years. The common attack is to use advertisements on Google Search or use similar names on platforms like the Google Play Store to trick users into installing malicious versions of popular wallets.

An example: Electrum Bitcoin wallets under siege | Malwarebytes

How Passport protects you: One of the biggest benefits to a hardware wallet that utilizes an air-gapped design like Passport is that it is practically impossible for malware to steal funds in any way if the user is observant. Passport’s air-gapped design means that no matter what software wallet you’re using, you always have to scan in the transaction and verify the transaction details on Passport’s large, color screen before signing.

Even if the wallet attempts to provide Passport with a fake change address, a common and stealthy attack, Passport will check the change address and warn if it does not belong to your wallet. As the malware on your computer has no way to access Passport via USB or Bluetooth, it cannot infect Passport and make Passport display false transaction details, either. This is an immensely powerful defense and one that protects you against many different threats!

The next time you send a transaction, take a bit of extra time and be sure that you’re verifying the address and amount properly to protect your sats. In addition, make sure to bookmark the legitimate sites for your favorite Bitcoin wallets, never trust a random DM on Telegram, and verify software that you download whenever possible.

“Evil maid” attacks

The attack: An “evil maid” attack is a category of attacks encompassing any time an attacker gains physical access to a device that’s off. This can happen when you’re at home (i.e. someone you trust), when you’re traveling (i.e. an actual maid at a hotel), or when the device is in transit (i.e. checked baggage while flying). A whole new world of risk opens up as soon as an attacker has physical access to your Bitcoin wallet as they can perform a host of attacks.

The most common evil maid attack is to swap your Bitcoin wallet with a malicious wallet that records your PIN code and then recover the malicious device and use the captured PIN code to steal funds from your wallet.

How Passport protects you: Passport provides two main mechanisms to help protect yourself against a malicious device swap attack. Security words are easily enabled in Passport’s settings and make Passport show you two unique security words that can not be seen or replicated without knowledge of your PIN. You can learn more on how to use this feature in our documentation here.

The second defense is to check the boot count under Firmware in settings and compare with what you’d expect. While it’s a simple and less fool-proof check, it does add an additional layer of difficulty for any device swap.

Learn more: Security Code & Security Words

Physical theft

The attack: This one is quite straight forward, and involves an attacker simply stealing your Bitcoin wallet. Stealing your hardware wallet gives the attacker more time to attempt physical attacks or a PIN brute-force attack, though the fact that your wallet is missing can give you a chance to move funds if you have proper backups available.

An example: Kraken Identifies Critical Flaw in Trezor Hardware Wallets | Kraken

How Passport protects you: Passport has been built from the ground up to provide an extremely strong defense in the case of a stolen device. Passport’s security architecture leverages a secure element to best protect against physical attacks, making successful physical attacks that steal funds infeasible.

Passport’s secure element provides a strong hardware-based PIN code rate limiting, allowing only 21 attempts to enter the correct PIN before the device is intentionally bricked and no seed is able to be recovered from the device. The secure element also prevents an attacker with strong electronics expertise from being able to extract the seed from the processor or memory, as the secure element would also have to be compromised to retrieve a working private key.

Learn more: Maximum PIN Attempts

Supply chain attacks

The attack: Last but not least, we have supply chain attacks where an attacker intercepts the device before you receive it. The attacker could tamper with the hardware of the device and re-assemble it with some form of backdoor or transmission of the private key built in.

An example: Case study: fake hardware cryptowallet | Kaspersky

How Passport protects you: With Passport we’ve engineered a novel supply chain verification system that leverages the secure element on Passport. Every Passport device has a secret key locked away in the secure element that is used when you setup your Passport to perform a challenge-response check with our servers that will only be valid on devices we have provisioned directly at the factory that have not been tampered with.

If the secure element is tampered with in any way, or if a malicious device was swapped out for a legitimate one it would be unable to pass supply chain verification.

Learn more: Passport Supply Chain Validation

Conclusion

While seeing many of the potential threats to your Bitcoin can feel overwhelming, note that the vast majority of these threats are mitigated by simply using Passport as intended. Secure self-custody doesn’t have to be complex and daunting, though we do have to be vigilant and responsible when taking back control of our money via Bitcoin.

Announcing our Early Access Rewards program

Posted on by

One of the powerful use-cases that Bitcoin unlocked with it’s peer-to-peer nature is the ability to incentivize and reward contributions without any middlemen or hoops to jump through. This movement has come to be known as “value4value,” and has provided an immensely powerful new tool for content creators, Nostr users, and now community members. Today we’re excited to unveil a new program implementing the value4value philosophy into our existing beta testing process — Early Access Rewards.

tl;dr — Be the first to report any reproducible issue for Passport or Envoy beta releases and get a 10k Satoshi bounty in Bitcoin per issue reported!

Early Access Rewards Highlights

The premise of the Early Access Rewards program is quite simple: contribute meaningful bug reports for Envoy or Passport releases while they’re in open beta, and get rewarded for each individual contribution. No middleman, no lengthy ToS, no Foundation login or account necessary.

How to participate:

  1. Test the beta releases for Passport firmware or Envoy app.
  2. Report issues on Github.
  3. All issues (the first time they are reported) are eligible for the 10k Satoshi reward.
  4. Foundation team members will validate the issues for eligibility.
  5. Rewards sent directly to your provided Bitcoin address or Lightning invoice.

Join Early Access Rewards today

Want to earn sats for your important contributions to our open-source projects? Simply join our beta testers community room below and keep an eye out for beta release announcements. Once a release is announced, you can submit any issues you find via Github and earn 10k sats per validated issue.

Once you discover an issue with the beta release, submit it via Github using the following links with the “Bug Report” option. Note that this does require a Github account:

Join the community, help us improve, and get rewarded in Bitcoin for your valuable contributions! ????

The future of Early Access Rewards

We’re excited to see how well this program works to incentivize important feedback and contributions from our fantastic community, but we also have plans to expand the program in the future. We’re currently considering creating a hardware Early Access program to get our newest products in the hands of invaluable community members first, and top contributors to this Early Access Rewards program will be first in line.

We have multiple new products in the works, and we can’t wait to watch each of you help us to build and improve as we bring freedom tech to more and more people around the globe. As one of the top contributors to our Early Access Rewards program, you’ll get the chance to test our new products for free as a thank you for your contributions in exchange for feedback and bug reports.

The (not so) fine print

If you have more specific questions on how the program will work, you can read the detailed rules below. Have a question? Don’t hesitate to ask in the Community channel or email us at [email protected].

  1. Eligibility for Rewards: a. The first reporter of any reproducible issue for Passport or Envoy beta releases is eligible for a 10k Satoshi bounty, paid in Bitcoin. b. Issues must be reported only once, and once made public, they are no longer eligible for additional 10k Satoshi bounties.
  2. Reporting Process: a. All issues should be reported on Github in the appropriate repository:
  3. Reproducible Issues: a. Issues must be reproducible, meaning that Foundation team members can accurately recreate and validate the issue in the Envoy app or Passport firmware.
  4. Judgement and Reward: a. Foundation reserves the right to make the final judgment on whether issues are eligible for the 10k Satoshi reward. b. Once an issue is verified and confirmed as eligible, the reward will be sent to the reporter’s provided Bitcoin address or Lightning invoice.
  5. Rewards Distribution: a. The rewards will be distributed in Bitcoin (BTC). b. The amount of the reward will be 10,000 Satoshi for each eligible issue. c. All rewards will be paid out at the end of the beta period.
  6. Confidentiality: a. While issues will be made public upon reporting, beta testers should avoid sharing sensitive or personal information in public discussions about the issues.
  7. Compliance: a. All beta testers must comply with the rules and guidelines set by Foundation Devices during the beta testing period. b. Any violation of the rules may result in disqualification from the beta testing program and forfeiture of rewards.
  8. Changes to the Rules: a. Foundation Devices reserves the right to modify the rules or terminate the beta testing program at any time without prior notice.
  9. Disclaimer: a. Beta testers participate in the program at their own risk, and Foundation Devices shall not be liable for any damages or losses incurred during beta testing.

All your wallets, one backup

Posted on by

With the release of our latest update for Passport, we’ve empowered you to leverage your Passport for far more than just a cold storage wallet. The introduction of a new “Key Manager” extension enables two powerful new tools in child seeds and Nostr keys, both of which are derived directly from your Bitcoin seed on Passport and automatically backed up to microSD. All of your wallets under one backup.

As both of these features are entirely new to our products, we’ve set out in this blog post to explain how you can use them, detail some real world use-cases, and walk through how all of this is possible from a simple Bitcoin seed phrase.

BIP 85 done right

While the ability to create nearly infinite child wallets from a single master seed phrase has been around for a few years in BIP 85, the complicating factor has always been how to implement in a way that is intuitive and easy to use. In previous attempts at allowing users to generate child keys they’ve required manual index backups, had no ability to name the keys themselves to differentiate them, and have pushed the feature to only the most advanced Bitcoin users.

As one of our goals at Foundation is to bring Bitcoin self-custody down into the real-world and make it more approachable, we spent many hours working with our design team to make Key Manager accessible for even the least technical users. That work has culminated in an extension that takes one click to enable and then guides you through every aspect of key management, regardless of background or expertise.

Key Manager at a glance

Let’s get to the fun stuff — how does all of this actually play out when using Passport? All you have to do to unlock all of this new functionality in Passport is to enable the Key Manager extension from the settings menu. Just a few presses and you have a new card on your home screen that lets you create and manage BIP 85 child seeds and Nostr keys with a few clicks! View all your keys, distinguish them quickly by unique icons, and manage their names in seconds.

Once you have enabled Key Manager, creating a new key is incredibly straight forward. Simply navigate to the new Key Manager card on your home screen and select “New Key.” Choose how many words you want the seed to be and the new key is automatically saved via encrypted microSD backups. When you need to use the new child seed in another wallet, simply select “Export,” choose whichever format your favorite wallet supports, and import it. It’s that easy.

Using Key Manager in the real world

Still wondering how all of this can help you? Let’s walk through some real-world examples of ways that you can leverage child seeds to simplify and safeguard your Bitcoin journey. Once you’ve secured your Passport backup properly — either by encrypted microSD backups or manual seed backup — you can start creating child seeds for all kinds of uses without the additional headache of needing to back each of them up separately.

One of the most common and immediately useful ways to leverage child seeds is by using a child seed from Passport for your mobile wallet of choice. Simply turn on your Passport, navigate to the Key Manager page, create and name a new key, and then export as a QR or seed words and setup your mobile wallet. In just a few minutes you have a highly secure backup already in place for your new mobile wallet, but can spend easily and freely on the go. This makes pairing Passport with Envoy as a mobile wallet the best of both worlds.

Another common use-case for our more privacy-minded community is to use a child seed from Passport to create a hot wallet for mixing in Samourai Wallet or Sparrow Wallet. You can now easily keep those funds in your mixing wallet while you’re reclaiming your privacy without an additional seed to back up (or potentially lose). You can even leverage Sparrow Wallet to mix from that new child seed directly to Passport using our Postmix extension, bringing privacy to your cold storage without all of the normal headaches. Privacy meets peace of mind.

Lastly, child seeds present an incredible way for those who are more knowledgeable and further along in their Bitcoin journey to help back up funds of close family and friends while they’re learning the ropes. You can generate child seeds for your parents, your kids, or your friends who are new to Bitcoin to help get them started while reducing the risk of them losing precious sats. While this does give you access to their bitcoin, it’s a great temporary tool while they get comfortable using Bitcoin.

But wait, there’s more!

That’s not all that the Key Manager extension enables, though! We’ve also been building out full Nostr key support as a part of the extension, allowing you to leverage the power of child keys to create Nostr keys directly from your Bitcoin seed on Passport. One master backup with Passport and all your Nostr keys are safe and secure.

When you want to create that new Nostr key, it’s as easy as navigating to the new Key Manager card, selecting “New Key,” choosing the “Nostr” option, and then naming it as you see fit. Whenever you want to login to a Nostr client, simply export the new key to QR and scan it from your favorite client (Amethyst currently supports this) or export to microSD as a text file and copy paste if necessary. No more worrying about losing your Nostr key.

While it’s not live in this release, we’ve also been hard at work implementing delegated key signing a la NIP-26 into Passport. This new approach to key management means that you can leverage a child key to sign-in and use Nostr without ever exposing your master Nostr key to the world. This standard and implementation are still in their infancy, but we’re excited to help grow the ways that our users can leverage Passport to empower their freedom in areas outside of Bitcoin alone. We’re thankful for all those working on freedom tech more broadly and we can’t wait to get delegated key signing in your hands shortly.

Driving Nostr forward

Nostr key management is one of the areas where Nostr is very early in development today, so we’ve been working hard as a team to find ways that we can give back to the Nostr ecosystem and help to drive forward mature standards. One of the ways we have worked to improve the ecosystem is by helping expand the standard for Nostr key derivation in NIP-06 to include generating multiple keys properly. We helped to develop and test a derivation method that would allow you to generate practically infinite usable Nostr keys from a single Bitcoin seed and contributed that tested definition to the official repository on Github.

Another key way we have worked to help grow the Nostr key management ecosystem is through funding bounties to implement Nostr key QR login and delegated key use in Amethyst, one of our favorite Nostr clients today. Taking the time to create issues for features you love and drive open bounties incentivizes developers to implement these features and rewards them for their incredible contributions to free and open-source code, something that is absolutely vital to continuing to grow the FOSS movement!

If you’re on Nostr today, be sure to follow us below to keep up with the latest things we’re building, writing, and sharing:

What’s next

We’re also working on expanding the Taproot payments support added in this version into full Taproot support to both send and receive, implementing NIP 26 support as mentioned above, and much more. We hope you enjoy the new features in Passport’s latest firmware as much as we do, and we can’t wait to hear your feedback on what uses you find for child seeds, Nostr keys, and so much more!

If you’d like to learn more about the technical details and usage of Key Manager, you can jump right into our detailed support docs below:

Passport version 2.1.2 is now live!

Posted on by

We’re excited to announce that the latest version of Passport firmware – 2.1.2 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

WHAT’S CHANGED

In version 2.1.2, we’ve leveraged all of the background work in recent versions to build out some amazing new features for you, including backporting v2.1 firmware to Founder’s Edition, sending to Taproot addresses, a Key Manager Extension for BIP 85 and Nostr key support and export, and BIP 85 SeedQR exports. Features, features everywhere.

For more details on each of the changes, keep reading below!

NEW FEATURES

  • Backported our firmware from Batch 2 to Founder’s Edition, bringing firmware parity for all of our early supporters
    • We’re thrilled that those of you running Founder’s Edition devices will now have the latest and greatest features and improvements that we’ve been developing for Passport
    • This backport also means that we will be able to keep Founder’s Edition firmware up to date with Batch 2 as they now use the same base code
  • Added support for sending to Taproot (“P2TR”) addresses
    • Welcome to the world of Taproot, where you can now send transactions to any Taproot address (those starting with “bc1p”)
  • Added a “Key Manager” extension for enabling advanced functionalities
    • To learn more about our newest extension, dive into our support docs
    • You can use Key Manager to generate and export:
      • BIP 85 child seeds, allowing you to backup only Passport’s seed and be able to recover other wallets directly from Passport’s seed
      • Nostr private keys, allowing you to securely generate, easily backup, and recover your Nostr private keys directly from Passport or Passport’s seed
        • Simply display your Nostr key as a QR code and login directly to your favorite app with a single scan. No more copy-pasting private keys.
        • See how fast this can be in our Twitter post with video
        • Thanks to greenart7c3 you can use this today in Amethyst, a fantastic Android Nostr app!
      • …And possibly more in the future! This is a great place for open source tinkerers to add other keys they want to Passport’s firmware
      • Please note that if you export keys as QR codes, you should be careful what you scan them with! Apps like Google Camera will often open the content of the QR code in your default search engine, exposing that key to Google etc.
    • Any keys you set up will be automatically backed up to microSD in an encrypted format, making recovery a breeze
  • Added support for exporting BIP 85 seeds via SeedQR
    • Exports are possible via SeedQR and Compact SeedQR
    • Importing SeedQR is coming soon!
  • Allow users to display their PIN when entering it by pressing the “UP” key during PIN entry
    • Just in case you want to be sure you have it entered correctly, be sure not to do this in a place where it might be seen!

IMPROVEMENTS

  • Cleaned up our C code, optimizing our firmware and giving more space for amazing new features
  • Make “Erase Now” no longer the default selected option when you enter the erase screen, just to be sure an itchy trigger finger won’t accidentally erase your Passport
  • Ensure Founder’s Edition properly communicates its device information to Envoy
  • Passport will now indicate that it’s 30 seconds away from auto-shutdown by dimming its screen
  • Removed support for 18-word seed phrases as they are very, very rarely used

BUG FIXES

  • Fixes a bug where the backups folder was sometimes not created on the microSD. When this occurred Passport would also fail to create the backup file.
  • Improved error handling and prevention in displaying transaction info
  • Better handling of errors caused by other wallets’ multisig config formats
  • Fixed a display issue with the screen brightness icon
  • Fixed an issue that would prevent signing of PSBTs in sub-directories on microSD

VERIFYING AND INSTALLING PASSPORT FIRMWARE

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page

Passport version 2.0.7 is now live!

Posted on by

We’re excited to announce that the latest version of Passport firmware – 2.0.7 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

WHAT’S CHANGED

In version 2.0.7, we’ve reworked memory management when signing transactions from the ground up, drastically improving handling of larger than normal transactions via QR codes. We’ve also added the ability to delete files from microSD directly on Passport, allow you to export multisig configs directly via QR and microSD, and cleaned up a few small bugs.

For more details on each of the changes, keep reading below!

NEW FEATURES

  • Added the ability to delete files off of the microSD card directly from Passport’s file explorer
  • Added a feature to easily export full multisig configs via QR or microSD
    • Passport can now act as an additional secure option for you to store your multisig configuration file(s)
    • Now, if you were to lose a hardware wallet and its backup, you can easily recover your entire multisig wallet in something like Bitcoin Keeper, directly from Passport

IMPROVEMENTS

  • Drastically improved memory management when signing transactions via QR code
    • This improvements means that even those of you with complex multisig setups or dozens of UTXOs can now use QR codes to sign transactions
    • We do still recommend microSD for abnormally large transactions, as it is much faster for passing larger amounts of data by nature
  • Improved how we display sending funds to yourself to make it clearer what is happening
  • Renamed “Keeper” to “Bitcoin Keeper” in wallet export flow

BUG FIXES

  • Corrected a color inversion issue with the camera viewfinder
  • Corrected a minor terminology issue in multisig config text
  • Fixed a bug where Passport could say it was exporting a wallet summary to microSD without a microSD card inserted
  • Added a more detailed and helpful error message when a transaction is too large to sign via QR codes

VERIFYING AND INSTALLING PASSPORT FIRMWARE

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page

Passport version 2.0.6 is now live!

Posted on by

We’re excited to announce that the latest version of Passport firmware – 2.0.6 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

With version 2.0.6 of Passport firmware, we’ve added a fix for a pin entry issue that affected users with alphanumeric pins in the now deprecated v2.0.5.

NOTE: Since we have deprecated v2.0.5, we’ve replicated the blog post from that version below.

What’s changed

With version 2.0.6 of Passport firmware, we worked hard to drastically improve QR code scanning and processing, bringing speed and compatibility up to our standards. We’ve also added official support for Keeper Wallet, a new multisig focused wallet, and cleaned up a few bugs.

For more details on each of the changes, keep reading below!

New Features

  • Added support for Keeper Wallet
    • Keeper is a new wallet in alpha focusing on bringing a user-friendly experience to multisig and inheritance. Now you can use it with Passport as one of your keys with a native option under accounts to connect to Keeper.
  • Support looping through menus
    • Get tired of pressing that left key? Prefer to just mash one button? Now you can cycle through pages by just pressing right or left repeatedly.

Improvements

  • Improved camera QR code scanning performance
    • Camera performance has been a major focus in this release as we weren’t happy with speed and handling of certain QR code sizes and resolutions.
    • We’re happy to say that QR code scanning is finally up to our standards, and scanning should be much snappier and less finnicky across practically all wallets.
    • Two of the specific changes are:
      • Changed the camera to use a 4:3 resolution
      • Changed the QR scanning library to a more stable version
  • Improved performance of address verification
  • Show security words immediately after activation of security words
  • Improved supply chain validation scan errors
  • Improved Casa health check error handling

Bug Fixes

  • Fixed a visual bug around alphanumeric PIN entry
  • Fix Passport lockup during initialization while pressing keys
    • If you’ve ever had your passport keyboard become unresponsive after booting, it was likely due to this bug
  • Resolved a few key Casa integration bugs
    • Fix an error when trying to export Casa configuration using microSD
    • Fix Casa health check scanning
    • Fix Casa transaction signing issue
  • Fix multiple minor memory leaks
  • Alphabetical order of software wallets displayed was fixed
  • Improve animation on “Verify Address” screen
  • Bring forward a microSD card bug fix from Founder’s Edition code
  • Fix passphrase not being shown when showing seed words
  • Reset extension settings and search address space on Passport erase
  • Fix Passport freezing when using special characters
  • When setting up Passport allow user to go back to update the firmware
    or to change the setup method
  • Fix crash when importing multisig configuration without valid keys
  • Display a warning when backing up Passport with a passphrase applied
  • Use root XFP as the filename for the backup when a passphrase is applied
  • Ensure extension accounts show the passphrase indicator
  • Fix lockup on wrong PIN entry
  • Filter keypad double-presses
  • Extended the shutdown timer while scanning and displaying QRs
  • Revert a regression in account header display
  • Prevent multisig config import failing when a passphrase is present
  • Fix a bug that would crash the file explorer if there were too many files on the microSD card

Verifying and Installing Passport Firmware

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page

Why we love encrypted microSD backups

Posted on by

Those of you who have been in Bitcoin for a while may be used to the seed phrase shuffle involved in creating a new Bitcoin wallet, but that concept is one that is alien to the normal person’s experience in the digital world. As people have become more and more used to trusting a centralized entity with their data behind only a username and password, the idea of physically writing down 12 or 24 words as a way to store wealth is not necessarily the most approachable.

While the concept of encrypted backups to microSD isn’t a new one, we’ve taken the path of using microSD backups as the default on-boarding method when a user sets up their new Passport. This approach does introduce a new set of trade-offs, but we think that it is a simpler approach for most people and opens up new possibilities when it comes to storing the secrets required to restore your funds after you lose your Passport, break it, or suffer a physical theft. Our goal with encrypted microSD backups is to improve the user experience and peace of mind for new users without sacrificing security, and we think this approach does just that.

Why not just use seed phrases like everyone else?

Here at Foundation, we’re deeply passionate about not only helping to onboard the deeply technical users in the Bitcoin community, but also ensuring that those who are new to the space can more easily dive down the rabbit hole of Bitcoin. This means that we work hard to ensure that deeply technical and complex setups can work well with Passport + Envoy, as well as very simplistic and approachable setups that are more friendly to new users.

This is why we’ve chosen to support both seed phrases and microSD backups and leave the choice up to the user. While we’ve made the default flow follow the microSD backup path, we still expose the seed words to users in the settings menu, allowing the standard backup path to be chosen by those who understand the trade-offs inherent in it. Unfortunately a seed cannot be used to backup and restore device configuration, account names, transaction tags, etc., meaning that a seed phrase can never restore any off-chain data.

If you backup the seed phrase you can always restore funds like normal in the Bitcoin space – both with Passport or with any other Bitcoin wallet of your choosing.

How do encrypted microSD backups work?

When you create a backup of your passport to microSD (something that automatically happens when you first setup your Passport and anytime you make account changes to it), Passport creates an encrypted 7-zip file using a 20-digit passcode that is generated using Passport’s three forms of entropy:

  1. The onboard CPU’s random number generator
  2. The secure element’s true random number generator
  3. The open source Avalanche noise entropy source

These three forms of entropy are used so that even if one was somehow compromised or vulnerable to attack, the passcode would still be cryptographically secure. 

This standard form of 7-zip encryption uses AES-256 to encrypt the data, and then uses a form of SHA-256 to hash the 20-digit passcode into a 256-bit key. The combination of these techniques means that there are 100,000,000,000,000,000,000 possible combinations of passcodes, making it practically impossible to bruteforce the passcode if an attacker somehow obtained the backup file.

As long as a user has access to both the backup file and the 20-digit passcode, they can not only restore their funds, they can also restore all device settings, accounts, account names, multisig configurations, etc. in just a couple of minutes. As the encrypted backup file is a standard 7-zip format, even if Foundation disappeared and your Passport stopped working you could easily decrypt the file with your 20-digit passcode on a computer and import the seed into any of your favorite Bitcoin wallets.

To learn more about the backup functionality, you can read through our docs here.

What are the key advantages of encrypted backups?

Migrating from seed phrases to an encrypted microSD backup (or utilizing them alongside a standard seed phrase backup) provides a few key advantages for users:

  1. All device configuration, accounts, account names, and multisig configurations are fully backed up and automatically restored when using microSD backups
    1. If you merely backup the seed phrase all of this secondary data is not backed up, leading to a lot of initial headache and extra setup necessary when restoring onto another device in the future
  2. You can safely make and distribute multiple copies of the backup file – even to family or friends you don’t fully trust – as they cannot view or move funds in any way with just the backup file
    1. Just be sure not to also give them the passcode!
  3. You can store the passcode safely in an end-to-end encrypted password manager like Bitwarden without risk of funds being stolen even if someone got access to your Bitwarden account
    1. Just be sure not to also store the backup file there!
  4. An attacker or thief finding either your backup file or passcode would not be able to easily tell that they are Bitcoin-related
    1. There is no reason for an attacker to suspect that a microSD card or 20-digit passcode would be worth stealing
  5. An attacker or thief finding either your backup file or passcode could not view or steal funds in any way without having both the backup file and passcode

What are the key disadvantages of encrypted backups?

While we think the overall trade-offs inherent in microSD backups are well worth it, there are some key drawbacks that you should be aware of if you choose to only use encrypted microSD backups:

  1. You must have both the 20-digit passcode and encrypted backup file to restore funds
    1. I.e. if you lose either one you will be unable to restore funds!
    2. This means that microSD backups do introduce a second single point of failure
    3. Advantage #3 above greatly reduces this disadvantages impact, practically
  2. If you store both the encrypted backup and passcode together, it provides no added security over a plaintext seed phrase
  3. MicroSD cards themselves have a limited lifecycle and can fail – it’s important to use high-quality industrial-grade microSD cards (like those we ship with Passport) to reduce this risk
    1. You can also backup the file to another storage medium like a NAS or extra hard drive as another failsafe, and shouldn’t rely on a single microSD card alone!

This may be a short list, but the first point is extremely important to understand – losing either the passcode or the encrypted backup file would lead to loss of funds if you also lost or broke your Passport!

Which should I use?

The beauty of Bitcoin is that it enables you to choose your own path, and we certainly don’t want to inhibit that freedom. That’s why we leave the ultimate choice up to you and ensure that you aren’t locked into our ecosystem (or even our favorite approach). Whether you choose microSD backups or seed phrases (or both!) is up to you, but both can be easily imported into any standard Bitcoin wallet app. If you want added peace of mind, you can even use both and store the three pieces separately – encrypted backup file, 20-digit passcode, and seed phrase!

Ultimately the choice is yours, but we certainly love encrypted backups and how they’re helping onboard less technical users in a way that is approachable and secure.

https://www.youtube.com/watch?v=fyuCy8TfTKw

Passport version 2.0.4 is now live!

Posted on by

We’re excited to announce that the latest version of Passport firmware – 2.0.4 – is now live! To download it, simply initiate the update from Envoy to be guided through the process.

What’s changed

With version 2.0.4 of Passport firmware, we added the Extensions menu, allowing users to enable extra features on Passport with the flick of a switch, starting with the Casa and Postmix extensions. We also greatly improved the QR code scanning and display functionality and fixed several minor bugs.

For more details on each of the changes, keep reading below!

New Features

Improvements

  • Improved QR code display and scanning
    • Improve the size and density of QR codes to better fill the screen
    • Remove vertical line from camera image when scanning QR codes
    • Remember last brightness setting when showing a QR code
    • Remember last pixel density setting when showing a QR code
  • Improve microSD and file handling
    • Autorefresh file picker when microSD inserted/removed
    • Erase the PSBT file after signing
    • Allow user to go back up a level when there are no files in the current directory
  • Improve user experience
    • Make delete key handling on Backup Code page more intuitive
    • Add low power warning dialog when battery hits 5%
    • Tell user when they are installing a developer-signed firmware update
    • Show new fingerprint (XFP) when switching passphrases
    • Show Clear Passphrase and Change Passphrase menus instead when a passphrase is already active
  • Show brick warnings on 5 and 1 PIN code entry attempts remaining
    • Ensure that users properly understand that the device will be bricked after entering an incorrect PIN code 21 times
  • Add several new/updated icons
  • Add support to enter account numbers up to 2,147,483,646
  • Improved paginated layout for seed words page
  • Rename Testnet menu to Network
  • Search “change” addresses for multisig address verification

Bug Fixes

  • Bring forward bug fixes from Founder’s Edition code
  • Fix Verify Address for all uppercase bech32 addresses
  • Fix XFP missing crash
  • Respect “Skip address verification” flag in wallet settings
  • Respect “Force multisig policy” flag in wallet settings
  • Fix multisig import and multisig address verification during connect wallet process
  • Fix text alignment in mulitsig QR import screen
  • Fix scrollbar margins in a few places
  • Fix QR and microSD wallet import crashes
  • Fix backspace bug when entering a 12 digit PIN
  • Fix toggle switch right padding
  • Don’t import duplicate multisig wallets (show error page)
  • When Auto-Shutdown is set to Never, the selection now scrolls into view properly
  • Fix Bitcoin URI parsing (when URI was followed by query params, parsing failed)
  • Allow up/down keys to increase/decrease screen brightness on all QR code pages, not just animated ones

Verifying and Installing Passport Firmware

If you’d like to verify and install the latest version of Passport manually, you can follow our guide on the topic here: Firmware Update support page