Topic: Foundation Passport (FE) hardware wallet review and walkthrough - page 4. (Read 1539 times)

JL0 correctly linked to the guide from Foundation Devices about supply chain validation, which they urge you to go through during setup. They obviously also have some packaging protection as highlighted in my unboxing.

Honestly, constantly relying on some server to be able to use the device seems a risk of security and effectively allows the manufacturer to brick the device whenever they want. Foundation needs online servers for this initial verification, but after that you can use it indefinitely without server availability.

Yes, they ship international.

You can read about it at 11.1 Passport Supply Chain Validation.

https://github.com/Foundation-Devices/passport-firmware/blob/main/SECURITY/SECURITY.md

Does the Foundation ever consider sending the devices themselves from the EU, e.g. to Austria, Switzerland, etc.? Then you don't have to trust the reseller.

How does a non-technical person verify that it's a genuine Foundation Passport hardware wallet with a genuine firmware? You mentioned supply chain attacks, and since I only have experience with Ledger, I know that a fake Ledger device can't connect to official Ledger servers. So if someone in the supply chain replaced the HW with a fake one or made modifications to it, I wouldn't be able to use it with the official software. How does it work with Foundation's HW? 

On one hand, sure, but how about just offering some colour choices to choose from? Shouldn't be too much more expensive. Anyhow, I decided to keep the preorder since I ended up liking and continuing to use the v1 to this day. The timeline was pushed back a few times; hopefully it arrives soon.

Yes, being able to give early product feedback would be great; renders would completely suffice for figuring out elements like form factor, colours and overall design - no need to send out prototypes (which are admittedly extremely expensive to make one-offs of).

You're welcome. I actually have a little update on the 'battery situation'. After having bought a huge pack of Alkaline batteries (40 or so), I've only used 2 of them so far and switched to number 3 & 4 a while ago. If you just turn it on, verify an address and turn it back off, it (understandably - but still) uses very very little energy and you can use it regularly without swapping batteries much. It also doesn't drain them at all if you leave them in when powered down (I had the suspicion there was a little power draw while turned off but I was wrong).
So it's not as bad as it first seemed, but it's still clear they messed up the circuitry; Foundation honestly admitted themselves they found this problem too late & had to 'quick fix' it by telling people to buy expensive Lithium batteries. I expect this to be much better on v2, let's see if the device meets expectations.

I guess design is just very subjective, but like you, I can disregard it if it's technologically a good device. The battery model that they seem to be using is one that I've seen around for at least 10 years, maybe even heading towards 20.

I don't know about this, as I haven't gotten my preordered unit yet.

This is explained in their user manual:

There are a few potential attacks if it were possible to remove the PIN, one of the most trivial to understand being the supply chain attack. Someone could resell a used unit as new by resetting the device and resealing everything. They could buy the device, flash a modified (insecure) firmware, remove the PIN and sell it to a victim. As far as I know, you need to set it up once (thus also seting a PIN) to flash a custom firmware.

I don't know if v2 will be exactly the same, but I've asked them once and if I recall correctly, they're aiming to keep the codebase of v1 and v2 similar / mostly the same. As their naming suggests, as a 'batch 2' device, it should be fairly similar to v1 software-wise, with mostly hardware changes.

Thx @n0nce for a competent review and picking on important issues. That's transparancy I enjoy.

The first version of the wallet has properties that are almost a no-go for me. Inferior power supply design. (While I like the ability to use AAA or better AA size batteries, the power circuit should've indeed been better designed to get more high enough voltage out of more normal batteries of rechargeable ones.)
But I'm not going to address any more on the first device version.

Regarding "batch 2":
I kinda like the design more than the first one, to be honest. But design has less priority for me. It has to be easy to use for the tasks that it's made for.

I have no idea how long those Li-ion rechargeable batteries will be available and how long one lasts, even if it is a very common type. For a device intended to be kept for years such rechargeables are kind of "planned" obsolescense, a point of failure which I'm not happy with. The manifacturer could mitigate this if it were possible to use the device connected to a cabled power source like the charger but without necessity of a rechargeable battery inside the wallet. Is this possible? This way you could still use the device if the battery isn't available anymore or you happen to have none which is still OK.

There is one thing that I don't understand and what is for me nearly a no-go for this nice hardware wallet: what is the purpose of a non-resettable device PIN once it has been defined for the first time? Does this also apply for the batch 2 variant? What is the security idea behind such a device design decission? I don't get it.
From a hardware wallet I expect it to be fully factory resettable, including any user defined device PIN to unlock it.

I see many people commenting how they like the new design and I guess it's always going to be something like that when someone is creating redesigned device.
Best thing would be to have smaller group of testers who would provide feedback before main release, that way most of the issues would be avoided.
I think that crypto crowdsourced projects are totally different from normal tech industry, but on positive side look what ledger did with many millions they collected, they created worst X crap ever.
Let's wait few more days to see more information and better image previews.

Oh no that doesn't look very good! You're right, it does seem like something from the Transformers movies.
Let's see what else they can tell us about them next week; fortunately you can cancel the preorders at any time..

I honestly don't understand why they are again using this model of: developing something with little to no information, collecting money (but offering to refund any time) and only showing the final product shortly before release. This way they have no chance to incorporate user feedback because it's way too late (molds done and stuff).

In v1, people could have warned them to make sure the circuit works with Alkalines, could have asked them not to make a plastic screen, and they could have made it. Since they didn't give any info about this before shipping, obviously it was too late. This time, there is no way for them to change the buttons at this point in time, since they never asked - during the design stage.

Usually, crowdsourced projects are (should be) developed with close communication to the 'investors' / buyers to make sure they won't be unhappy with the product and to make sure they won't all cancel their orders shortly before you want to ship.

@n0nce did you hear the latest new about delayed release of Passport Batch2, because of supply chain issues manufacturing will begin in late March.
Website will be updated with more details next week, and now check out small sneak peak for new device bottom part with dials.
Much more sharper design this time, reminds me on decepticons from transformers


https://twitter.com/FOUNDATIONdvcs/status/1499492207081963524

Oh, you're right; it appears Li-Ions only exist in 3.7V (according to Wikipedia). Then I will edit my post accordingly.

Myself neither. According to Zach's reply it seems they didn't plan to use (or maybe even know) them themselves from the start either. Apparently, they discovered if they pull whatever currents an STM32 needs (triple digit milliAmps I guess), an Alkaline drains exponentially faster than on lower currents, but since it was discovered very late, they couldn't change the 'electromechanical design'.
Three AAA's with a step-down would fix the issue to some degree (counteracting rather linear discharge curve), but not sure it affects the current issue. Like, that they're apparently not made for higher currents and when used in such scenario, their capacity is crippled.

Well, in 10-20 years I can either get new rechargeable ones or also just get available Alkalines. The rechargeables would be needed if you use the device as a daily driver. To sweep it in the future, a set of Alkaline batteries is enough. They can power it for like 15 minutes easily. Of course you will also be able to retrieve your seed backup anyway, right...

Did you mean NiMh cells here? Li-ion produces 3.7V. Or am I missing something else?

I didn't even know Lithium AAA batteries exist. I think a better solution would have been if the device fits 3 batteries. With some voltage regulation, anything between 3.6 and 4.5V can be brought down to 3V, so that standard AAA batteries can be used until they're completely drained. From your pictures it looks like that would mean a slightly wider device.

I didn't know these exist! It looks like a great solution, but won't solve the "10-20 years time" problem.

I see, thanks for looking it up! I remembered the battery pack a bit differently, more like the old Nintendo Wii remote battery packs. But obviously I didn't look close enough.


This type of battery pack wouldn't add any thickness to the Passport FE, since it already has space for 2 cells. Just an idea!

In Keystone Pro you get one slim rechargable Li-ion batter yon the left so I am sure it's impossible to get any battery cramped inside.
On the right side you are getting empty fat back part replacement battery holder that can use AAA batteries, and this makes your hardware wallet have much bigger back.
Here is one review by John Chow dot Com from 2021 so you can see the BIG difference:
https://www.youtube.com/watch?v=mAV0kchQF-g



Maybe Passport can do something similar, releasing some conversion pack for users with first version devices.