Topic: Foundation Passport (FE) hardware wallet review and walkthrough (Read 1589 times)

Sharing this from the official Passport thread as it's a massive new update that brings all of our firmware efforts back to Founder's Edition devices and wanted to be sure everyone saw it! If you're not following that thread yet, you can do so here:

https://bitcointalksearch.org/topic/foundation-passport-official-thread-5441422

Self hosting STMP servers is more trouble than its worth now days the one SaaS provider we cant easily pencil out spamscores being one of the hurdles for us , we've designed a system that provides anonymity via session hashstring.(the sting is essentially the receipt) you vault the strings when orders complete and purge libs, this system isn't retail investor friendly.

Little bump here:
In case you prefer a Founders Edition over the new Batch 2, there is a deal going on. Their EU reseller is clearing out stock for ~250€.


Probably making space for some Batch 2 stock..

Yes, review is out! https://bitcointalksearch.org/topic/foundation-devices-passport-batch-2-hardware-wallet-review-5421713
Unfortunately, very long, but I hope the outline helps a little bit with that.

Shipping time was not that long actually; UPS only took around a day. There were just a lot of delays in the production and I had bought the device in its 'preorder' phase, so it was still being developed and manufactured.

I don't think so. It should work in the Foundation Devices shop regardless of shipping location. Actually, the deal is still live, so I'll add it in my Batch 2 review.

Oh finally IT arrived, take your time and write a good constructive review
I have recent experience of waiting one package to arrive from far away country and it appears to be lost somewhere in the twilight tracking zone  

I saw this deal and it's ok-ish, but I think it only only works for United States (correct me if I am wrong).

Have you seen recent price changes for those wallets?
Bitbox is now €139, Trezor model T is over €260, so I think that $259 price for Passport wallet is more than fair.
With discount it's even cheaper, and presale price was fantastic.

...

I own a Trezor Model T and a BitBox02, n0nce, as I like the idea of sending & receiving to/from a HW BTC without cables.

I hope that they do a good job with this new version.

Diversification even to the point of using different hardware wallets now seems to be important in these times of hackers after out BTC.

Hey friends! I know you are all eagerly waiting on my review of Passport v2. Good news; I received the wallet and I'm trying it out thoroughly, jotting down everything. Expect the review to be finished relatively quickly.

I did want to hop in mostly to tell you about this deal which I saw on Twitter earlier today.

Do note that I've not tried CoinCards yet and can't vouch or guarantee for anything. Just a way to maybe get a good deal.
So far I can say that the v2 is a capable, compact, daily-drivable hardware wallet for sure! ^{[of course, it has its own issues, but more on that soonTM]}

Sorry, that was missing! You need to create a microsd folder inside of the previously created work folder. That will then be picked up by the Passport simulator as an inserted microSD.



Reference:
Alright, thanks for the reply though!
And thanks for bringing up the microSD storage - I will add it to the 'guide'.

Thanks for the instructions, that worked and went together rather quickly.  Were you able to emulate SD storage for exporting wallets?  Just curious how that would go importing into my wallet client.


Inconclusive.  I tried without it at first, but I got an error about my camera.  I went back and installed it, but the error persisted turning out to be a VM setting which I neglected.  I might try again, I need a fresh VM to compile another couple of packages soon.

I would only add one more emulator for DIY SeedSigner device.
This way you can test air-gapped hardware wallet in your desktop for most operating systems (windows/linux/mac), and I think someone forked it to work with Monero.
It would be interesting if someone could check out if any other hardware wallets have their own emulators like this.

As far as I remember Trezor offers a Firmware Emulator, too.

As for an easy to setup and decent mail server, I'm happy with Mailcow.

[1] Get Ubuntu 22.04.1 ISO and spin up the VM.
[2] Update all packages (after all, this is a fresh Ubuntu install).
[3] Install git and dependencies
[4] Clone repository
[5] Install Rust & Cargo (never hurts ) to then install 'Just' (command runner).
[6] Create work and snapshots folders (not sure why they don't exist) Edit: added microsd folder which emulates an inserted microSD.
[7] Start simulator (this builds the firmware)

---

To get the camera working (kinda needed for supply chain validation), install OBS with its virtual camera feature, as well.
[8] Install QT6 dependency and OBS itself.

Then, start OBS, add an image of whatever QR code and make it nice and big. Images below. Lastly, restart the simulator.
If you want to reset the simulator, delete the work folder that you created earlier and re-create it (or delete all files within it).


Left: OBS setup steps; Right: How it should look like with everything set up correctly. Notice the QR code rather big and the Virtual Camera running.


Left: Camera view of Passport simulator. The QR code is a bit too large, therefore no successful scan. Right: As soon as I resized it a bit, such that it fits inside the camera view, it is scanned and the words are shown (I believe always the same hardcoded words in the simulator during Supply Chain Validation, since it doesn't obviously contain the actual secret).
Decoding addresses and transactions should work correctly, though.

Oh, I see.  Yes, that would actually be very helpful and much appreciated.  I would trust an ISO provided by you, but only in a locked up VM    Lol, just kidding.  You've developed an honorable reputation here, and I wouldn't hesitate to play around with a binary furnished by you.  I do trust that you know what you're doing, so your skill level wouldn't be an issue at all.

I agree it's always best for one to learn how to ensure his own safety, security, and privacy.  Being able to compile binaries straight off the trunk is a good way to verify the checksums of various apps that are developed by folks for whom I have yet to develop trust.  I don't bother with Electrum or Core, but somethings are just worth the extra care.

Oh yes, I was not going to upload an ISO or something like that; I thought to just post the commands, similar as in my full node install guide.

Sounds good! It's definitely best for security, as well. Then there's no worry about reproducible build or not; you just  build directly from source, so you know you're running the latest upstream code and nothing else.

Alright; I may do it later today with Ubuntu VM and post an update.

Lol, now that you mention it I was aware of that simulator.  In fact I played with the Mk3 version about a year and half ago.  They say the memory is the first thing to go...


Thanks for the offer!  I may take you up on it, but usually I prefer to compile these types of things myself.  I learned how to compile binaries from source back when Electrum was implementing Lightning, and I didn't have the patience to wait until they released the new version.  I won't say I'm anywhere near an expert on it, but I don't mind fumbling around until I figure it out.

As for distros, I still prefer Ubuntu Minimal for Desktop environments, but lately I've been partial to Debian for my servers.

Nice! It seems that it will also go in stock & ship relatively quickly, after the preorders are delivered (starting from November).

I believe ColdCard has had one for a while, too. https://github.com/Coldcard/firmware

If you have a specific preferred Linux distro for VMs, I can spin one up real quick, install & set everything and dump the history file for you.
Be aware that it can start up fine with missing dependencies and then crash when you try to e.g. open the camera or do something else in the simulator. That's why I bring it up.

Actually, I'm waiting for your review before I order one. 

That's super cool, don't recall any other hardware wallet vendors providing a simulator before.  I'll have to fire up a VM and play around with it sometime soon.  I actually have a lot of IT work to do in the next few weeks to make sure I can access all my servers while traveling oversees, so I'm not sure when I'll get around to it.  I might just get to set it up so I have something to play with on long flight.

Double posting! Gaah I guess it's fine in this case.

My Passport Batch 2 is on its way to me and I will create a separate thread for it when it arrives.
However, to start having some fun already and preparing the review, I checked out their simulator today!

It's not the most performant VM I've seen, but then again, I ran it inside another VM. You can run Founders Edition or Batch 2.

A few tips and tricks:
[1] You need to create work directory in simulator.
[2] You need to create snapshots directory in simulator to take snapshots with 'Z'.
[3] You can use OBS with its 'Virtual Camera' feature. Start it before starting the simulator. Then put in an 'Image' source with whatever QR code you want to 'scan' with the virtual Passport. When you now start the Passport simulator, it picks up this virtual camera as if it was its own, so whatever you put on the canvas, it will pick up and scan.

I think it's actually a great idea to try this out to see how you like the Passport's UI, workflows and make yourself familiar with it, especially if you're waiting to receive one already.
Here's an image of the landing screen.

Oh, it's not about using a Gmail domain; Foundation Devices do have their own domain and use it for support emails. It just appears on the backend they use Google.
And that's what the vast majority of companies does (if it's not Google, it's a different third party email provider), no matter what the domain is, which you see as an end customer.

As far as I know, truly self-hosting your IMAP and SMTP and getting all emails to come through is one of the hardest things on the internet..
But I'd be happy to be proven wrong e.g. through a written guide on how to set up self-hosted email with high success rate!

---

Edit: I've looked around a bit, and it seems possible, but fiddly. It's possible to land on a blacklist and then need to get un-blacklisted manually.

Self-hosting email in 2020 – Joe Nobody vs. World [02/2020]
Outlook.com is blocking my mail server [07/2020]
Outlook.com is no longer blocking my mail server [08/2020]

Now, this is a private person hosting their own private email account. If something like that happens, it's probably not critical.
But imagine what happens if as a company, you appear going 'MIA' in a support discussion or appear to be completely unresponsive to support requests, because their replies land in your spam folder.
Even one day of this can cause significant harm to a company's reputation.

Now, neither do I want to be the 'weird nerd' jumping in to protect a certain company, nor do I know for sure that this is the reason why Foundation Devices doesn't host their own support emails.
I just wanted to inform everyone who believes this to be a trivial task that it's really not.


Personally, I'd prefer not to get Foundation Devices emails for a day or two (because of landing on my email provider's blacklist or whatever)), but I kind of understand the rationale.

I also do believe it would be possible for Foundation to move to a self-hosted server, and prior to that inform customers about the change and that they might need to check their spam folder or explicitly whitelist them.
It would also be possible to write a blog post about it and link it just below the support form, so that new customers know why they may not be receiving a reply.

Sure it can happen, but every serious company in the world have their own email with domains, it would be silly if everyone would use just gmail.
Blocking usually happens if people are using shared hosting, and I am not 100% sure but I think that ledger and trezor considered switching to self-hosted emails after leaking of their newsletter with third party partners.