Pages:
Author

Topic: Foundation Passport (FE) hardware wallet review and walkthrough (Read 1593 times)

copper member
Activity: 96
Merit: 253
Sharing this from the official Passport thread as it's a massive new update that brings all of our firmware efforts back to Founder's Edition devices and wanted to be sure everyone saw it! If you're not following that thread yet, you can do so here:

https://bitcointalksearch.org/topic/foundation-passport-official-thread-5441422

Quote
The latest version of Passport firmware, v2.1.0, has been released!

Please note that this is our largest release in some time and also brings Founder's Edition up to date with Batch 2 devices, unifying our firmware. As this is such a large update, we'd love for you all to test it as much as you can before we announce it more widely.

Highlights of this release:

- Backporting v2.1.0 firmware to Founder’s Edition
- Sending to Taproot addresses
- A new Key Manager Extension for BIP 85 and Nostr key support and export
- BIP 85 SeedQR exports

For the full release notes, browse Github or read our blog post below:

https://foundationdevices.com/2023/05/passport-version-2-1-0-is-now-live/

NOTE: Since we are now releasing both firmware files from the same repo, the file naming has changed slightly. "Batch 2" devices use the same naming scheme for firmware as before:

Code:
v2.1.0-passport.bin

but Founder's Edition is now named explicitly to avoid confusion:

Code:
v2.1.0-founders-passport.bin
hero member
Activity: 1438
Merit: 513
First is Google, who we use for company email. This means any interaction with our customer support team has emails stored with Google.
If you self-host everything else, why don't you do the same thing for emails as well?
I can't speak for Foundation, but I do know that - especially with outgoing emails - self-hosting these days is a pretty big challenge.
Some providers will immediately flag your emails or delete them outright due to too strict firewall settings. Imagine a customer not receiving a response because their email provider didn't let Foundation team's reply through. That will probably be the main issue.

Maybe a support thread on Bitcointalk, together with support through DM (even if it may sound silly) could be a better way, avoiding email completely.

Do you have any official reseller stores in US and in other parts of the world that can sell Passport devices for cash or bitcoin in person?
I think this is a best way for reducing digital footprint and there is no risk of any leaks happening in future.
I agree that local and international brick-and-mortar resellers / distributors would be a great idea.
Though up until now everything was preorder - I don't believe that in-person preorders are very convenient; the customer would at least need to visit the store 2x. But on the other hand, they may actually be ready to do it.

Hopefully we'll see in-stock, in-person offerings around the world, after preorders are shipped!
Self hosting STMP servers is more trouble than its worth now days the one SaaS provider we cant easily pencil out spamscores being one of the hurdles for us , we've designed a system that provides anonymity via session hashstring.(the sting is essentially the receipt) you vault the strings when orders complete and purge libs, this system isn't retail investor friendly.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Little bump here:
In case you prefer a Founders Edition over the new Batch 2, there is a deal going on. Their EU reseller is clearing out stock for ~250€.

EU ONLY! 🇪🇺
Passport by @FOUNDATIONdvcs - founders edition is now available for 249,95 instead of 329,95 in our shop
🤩 https://shop.btcdirect.eu/en-gb/products/passport

Probably making space for some Batch 2 stock.. Smiley
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Hey friends! I know you are all eagerly waiting on my review of Passport v2. Good news; I received the wallet and I'm trying it out thoroughly, jotting down everything. Expect the review to be finished relatively quickly.
Oh finally IT arrived, take your time and write a good constructive review Smiley
Yes, review is out! https://bitcointalksearch.org/topic/foundation-devices-passport-batch-2-hardware-wallet-review-5421713
Unfortunately, very long, but I hope the outline helps a little bit with that.

I have recent experience of waiting one package to arrive from far away country and it appears to be lost somewhere in the twilight tracking zone  Tongue
Shipping time was not that long actually; UPS only took around a day. There were just a lot of delays in the production and I had bought the device in its 'preorder' phase, so it was still being developed and manufactured.

Do note that I've not tried CoinCards yet and can't vouch or guarantee for anything. Just a way to maybe get a good deal.
I saw this deal and it's ok-ish, but I think it only only works for United States (correct me if I am wrong).
I don't think so. It should work in the Foundation Devices shop regardless of shipping location. Actually, the deal is still live, so I'll add it in my Batch 2 review.
legendary
Activity: 2212
Merit: 7064
Hey friends! I know you are all eagerly waiting on my review of Passport v2. Good news; I received the wallet and I'm trying it out thoroughly, jotting down everything. Expect the review to be finished relatively quickly.
Oh finally IT arrived, take your time and write a good constructive review Smiley
I have recent experience of waiting one package to arrive from far away country and it appears to be lost somewhere in the twilight tracking zone  Tongue

Do note that I've not tried CoinCards yet and can't vouch or guarantee for anything. Just a way to maybe get a good deal.
I saw this deal and it's ok-ish, but I think it only only works for United States (correct me if I am wrong).

I own a Trezor Model T and a BitBox02, n0nce, as I like the idea of sending & receiving to/from a HW BTC without cables.
Have you seen recent price changes for those wallets?
Bitbox is now €139, Trezor model T is over €260, so I think that $259 price for Passport wallet is more than fair.
With discount it's even cheaper, and presale price was fantastic.
legendary
Activity: 2940
Merit: 1865
...

I own a Trezor Model T and a BitBox02, n0nce, as I like the idea of sending & receiving to/from a HW BTC without cables.

I hope that they do a good job with this new version.

Diversification even to the point of using different hardware wallets now seems to be important in these times of hackers after out BTC.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Hey friends! I know you are all eagerly waiting on my review of Passport v2. Good news; I received the wallet and I'm trying it out thoroughly, jotting down everything. Expect the review to be finished relatively quickly.

I did want to hop in mostly to tell you about this deal which I saw on Twitter earlier today.
We have officially teamed up with Coincards
Now you can buy a Passport #bitcoin wallet at a discount!
Simply purchase a Foundation gift card @CoinCards at 10% off and redeem on our site: foundationdevices.com

Do note that I've not tried CoinCards yet and can't vouch or guarantee for anything. Just a way to maybe get a good deal.
So far I can say that the v2 is a capable, compact, daily-drivable hardware wallet for sure! [of course, it has its own issues, but more on that soonTM]
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
~
Thanks for the instructions, that worked and went together rather quickly.  Were you able to emulate SD storage for exporting wallets?  Just curious how that would go importing into my wallet client.
Sorry, that was missing! You need to create a microsd folder inside of the previously created work folder. That will then be picked up by the Passport simulator as an inserted microSD.



Reference:
Code:
sudo apt install qt6-base-dev qt6-wayland # may not be required; maybe try without and report back :)
Inconclusive.  I tried without it at first, but I got an error about my camera.  I went back and installed it, but the error persisted turning out to be a VM setting which I neglected.  I might try again, I need a fresh VM to compile another couple of packages soon.
Alright, thanks for the reply though!
And thanks for bringing up the microSD storage - I will add it to the 'guide'.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
~

Thanks for the instructions, that worked and went together rather quickly.  Were you able to emulate SD storage for exporting wallets?  Just curious how that would go importing into my wallet client.

Code:
sudo apt install qt6-base-dev qt6-wayland # may not be required; maybe try without and report back :)

Inconclusive.  I tried without it at first, but I got an error about my camera.  I went back and installed it, but the error persisted turning out to be a VM setting which I neglected.  I might try again, I need a fresh VM to compile another couple of packages soon.
legendary
Activity: 2212
Merit: 7064
As far as I remember Trezor offers a Firmware Emulator, too.
I would only add one more emulator for DIY SeedSigner device.
This way you can test air-gapped hardware wallet in your desktop for most operating systems (windows/linux/mac), and I think someone forked it to work with Monero.
It would be interesting if someone could check out if any other hardware wallets have their own emulators like this.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
That's super cool, don't recall any other hardware wallet vendors providing a simulator before.

As far as I remember Trezor offers a Firmware Emulator, too.

As for an easy to setup and decent mail server, I'm happy with Mailcow.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
~

[1] Get Ubuntu 22.04.1 ISO and spin up the VM.
[2] Update all packages (after all, this is a fresh Ubuntu install).
Code:
sudo apt update
sudo apt upgrade
[3] Install git and dependencies
Code:
sudo apt install git autotools-dev automake libusb-1.0-0-dev libtool python3-virtualenv libsdl2-dev pkg-config curl gcc xterm
[4] Clone repository
Code:
git clone https://github.com/Foundation-Devices/passport2.git
cd passport2/simulator
[5] Install Rust & Cargo (never hurts Grin) to then install 'Just' (command runner).
Code:
curl https://sh.rustup.rs -sSf | sh
cargo install just
[6] Create work and snapshots folders (not sure why they don't exist) Edit: added microsd folder which emulates an inserted microSD.
Code:
mkdir work snapshots
mkdir work/microsd
[7] Start simulator (this builds the firmware)
Code:
just sim color



To get the camera working (kinda needed for supply chain validation), install OBS with its virtual camera feature, as well.
[8] Install QT6 dependency and OBS itself.
Code:
sudo apt install qt6-base-dev qt6-wayland # may not be required; maybe try without and report back :)
sudo add-apt-repository ppa:obsproject/obs-studio
sudo apt update
sudo apt install obs-studio

Then, start OBS, add an image of whatever QR code and make it nice and big. Images below. Lastly, restart the simulator.
If you want to reset the simulator, delete the work folder that you created earlier and re-create it (or delete all files within it).


Left: OBS setup steps; Right: How it should look like with everything set up correctly. Notice the QR code rather big and the Virtual Camera running.


Left: Camera view of Passport simulator. The QR code is a bit too large, therefore no successful scan. Right: As soon as I resized it a bit, such that it fits inside the camera view, it is scanned and the words are shown (I believe always the same hardcoded words in the simulator during Supply Chain Validation, since it doesn't obviously contain the actual secret).
Decoding addresses and transactions should work correctly, though.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
~

Oh, I see.  Yes, that would actually be very helpful and much appreciated.  I would trust an ISO provided by you, but only in a locked up VM  Tongue  Lol, just kidding.  You've developed an honorable reputation here, and I wouldn't hesitate to play around with a binary furnished by you.  I do trust that you know what you're doing, so your skill level wouldn't be an issue at all.

I agree it's always best for one to learn how to ensure his own safety, security, and privacy.  Being able to compile binaries straight off the trunk is a good way to verify the checksums of various apps that are developed by folks for whom I have yet to develop trust.  I don't bother with Electrum or Core, but somethings are just worth the extra care.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
If you have a specific preferred Linux distro for VMs, I can spin one up real quick, install & set everything and dump the history file for you.
Be aware that it can start up fine with missing dependencies and then crash when you try to e.g. open the camera or do something else in the simulator. Wink That's why I bring it up.
Thanks for the offer!  I may take you up on it, but usually I prefer to compile these types of things myself.
Oh yes, I was not going to upload an ISO or something like that; I thought to just post the commands, similar as in my full node install guide.

I learned how to compile binaries from source back when Electrum was implementing Lightning, and I didn't have the patience to wait until they released the new version.  I won't say I'm anywhere near an expert on it, but I don't mind fumbling around until I figure it out.

As for distros, I still prefer Ubuntu Minimal for Desktop environments, but lately I've been partial to Debian for my servers.
Sounds good! It's definitely best for security, as well. Then there's no worry about reproducible build or not; you just  build directly from source, so you know you're running the latest upstream code and nothing else.

Alright; I may do it later today with Ubuntu VM and post an update.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
That's super cool, don't recall any other hardware wallet vendors providing a simulator before.  I'll have to fire up a VM and play around with it sometime soon.  I actually have a lot of IT work to do in the next few weeks to make sure I can access all my servers while traveling oversees, so I'm not sure when I'll get around to it.  I might just get to set it up so I have something to play with on long flight.
I believe ColdCard has had one for a while, too. https://github.com/Coldcard/firmware

Lol, now that you mention it I was aware of that simulator.  In fact I played with the Mk3 version about a year and half ago.  They say the memory is the first thing to go...

If you have a specific preferred Linux distro for VMs, I can spin one up real quick, install & set everything and dump the history file for you.
Be aware that it can start up fine with missing dependencies and then crash when you try to e.g. open the camera or do something else in the simulator. Wink That's why I bring it up.

Thanks for the offer!  I may take you up on it, but usually I prefer to compile these types of things myself.  I learned how to compile binaries from source back when Electrum was implementing Lightning, and I didn't have the patience to wait until they released the new version.  I won't say I'm anywhere near an expert on it, but I don't mind fumbling around until I figure it out.

As for distros, I still prefer Ubuntu Minimal for Desktop environments, but lately I've been partial to Debian for my servers.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
I think it's actually a great idea to try this out to see how you like the Passport's UI, workflows and make yourself familiar with it, especially if you're waiting to receive one already.
Here's an image of the landing screen.
Actually, I'm waiting for your review before I order one.  Tongue
Nice! It seems that it will also go in stock & ship relatively quickly, after the preorders are delivered (starting from November).

That's super cool, don't recall any other hardware wallet vendors providing a simulator before.  I'll have to fire up a VM and play around with it sometime soon.  I actually have a lot of IT work to do in the next few weeks to make sure I can access all my servers while traveling oversees, so I'm not sure when I'll get around to it.  I might just get to set it up so I have something to play with on long flight.
I believe ColdCard has had one for a while, too. https://github.com/Coldcard/firmware

If you have a specific preferred Linux distro for VMs, I can spin one up real quick, install & set everything and dump the history file for you.
Be aware that it can start up fine with missing dependencies and then crash when you try to e.g. open the camera or do something else in the simulator. Wink That's why I bring it up.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
I think it's actually a great idea to try this out to see how you like the Passport's UI, workflows and make yourself familiar with it, especially if you're waiting to receive one already.
Here's an image of the landing screen.

Actually, I'm waiting for your review before I order one.  Tongue

That's super cool, don't recall any other hardware wallet vendors providing a simulator before.  I'll have to fire up a VM and play around with it sometime soon.  I actually have a lot of IT work to do in the next few weeks to make sure I can access all my servers while traveling oversees, so I'm not sure when I'll get around to it.  I might just get to set it up so I have something to play with on long flight.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Double posting! Gaah Tongue I guess it's fine in this case.

My Passport Batch 2 is on its way to me and I will create a separate thread for it when it arrives.
However, to start having some fun already and preparing the review, I checked out their simulator today!

It's not the most performant VM I've seen, but then again, I ran it inside another VM. You can run Founders Edition or Batch 2.
Code:
git clone https://github.com/Foundation-Devices/passport2/
cd passport2/simulator
make color     # make mono for FE
just sim color # just sim mono for FE

A few tips and tricks:
[1] You need to create work directory in simulator.
[2] You need to create snapshots directory in simulator to take snapshots with 'Z'.
[3] You can use OBS with its 'Virtual Camera' feature. Start it before starting the simulator. Then put in an 'Image' source with whatever QR code you want to 'scan' with the virtual Passport. When you now start the Passport simulator, it picks up this virtual camera as if it was its own, so whatever you put on the canvas, it will pick up and scan.

I think it's actually a great idea to try this out to see how you like the Passport's UI, workflows and make yourself familiar with it, especially if you're waiting to receive one already.
Here's an image of the landing screen.

hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
I can't speak for Foundation, but I do know that - especially with outgoing emails - self-hosting these days is a pretty big challenge.
Some providers will immediately flag your emails or delete them outright due to too strict firewall settings. Imagine a customer not receiving a response because their email provider didn't let Foundation team's reply through. That will probably be the main issue.
Sure it can happen, but every serious company in the world have their own email with domains, it would be silly if everyone would use just gmail.
Blocking usually happens if people are using shared hosting, and I am not 100% sure but I think that ledger and trezor considered switching to self-hosted emails after leaking of their newsletter with third party partners.
Oh, it's not about using a Gmail domain; Foundation Devices do have their own domain and use it for support emails. It just appears on the backend they use Google.
And that's what the vast majority of companies does (if it's not Google, it's a different third party email provider), no matter what the domain is, which you see as an end customer.

As far as I know, truly self-hosting your IMAP and SMTP and getting all emails to come through is one of the hardest things on the internet.. Grin
But I'd be happy to be proven wrong e.g. through a written guide on how to set up self-hosted email with high success rate!



Edit: I've looked around a bit, and it seems possible, but fiddly. It's possible to land on a blacklist and then need to get un-blacklisted manually.

Self-hosting email in 2020 – Joe Nobody vs. World [02/2020]
Outlook.com is blocking my mail server [07/2020]
Outlook.com is no longer blocking my mail server [08/2020]

Now, this is a private person hosting their own private email account. If something like that happens, it's probably not critical.
But imagine what happens if as a company, you appear going 'MIA' in a support discussion or appear to be completely unresponsive to support requests, because their replies land in your spam folder.
Even one day of this can cause significant harm to a company's reputation.

Now, neither do I want to be the 'weird nerd' jumping in to protect a certain company, nor do I know for sure that this is the reason why Foundation Devices doesn't host their own support emails.
I just wanted to inform everyone who believes this to be a trivial task that it's really not.


Personally, I'd prefer not to get Foundation Devices emails for a day or two (because of landing on my email provider's blacklist or whatever)), but I kind of understand the rationale.

I also do believe it would be possible for Foundation to move to a self-hosted server, and prior to that inform customers about the change and that they might need to check their spam folder or explicitly whitelist them.
It would also be possible to write a blog post about it and link it just below the support form, so that new customers know why they may not be receiving a reply.
legendary
Activity: 2212
Merit: 7064
I can't speak for Foundation, but I do know that - especially with outgoing emails - self-hosting these days is a pretty big challenge.
Some providers will immediately flag your emails or delete them outright due to too strict firewall settings. Imagine a customer not receiving a response because their email provider didn't let Foundation team's reply through. That will probably be the main issue.
Sure it can happen, but every serious company in the world have their own email with domains, it would be silly if everyone would use just gmail.
Blocking usually happens if people are using shared hosting, and I am not 100% sure but I think that ledger and trezor considered switching to self-hosted emails after leaking of their newsletter with third party partners.

Pages:
Jump to: