Topic: [TUTORIAL] Cold storage device on a Raspberry Pi (Read 171 times)

Guys, apparently, BlackHatCoiner is correct (at least mostly correct). The tools that he suggested are superior. So please, this tutorial should be treated as an alternative, but not as the best alternative.

The tutorial is good, but should be limited to generating wallets only for long-term storage and not to be used as a hardware wallet for daily spending.

There is a big problem. Sparrow terminal doesn't support signing transactions. This means that you can't enter a PSBT and sign it. Obviously, I wasn't aware before-hand, because I started implementing the tutorial at the time of writing the post.

That said, the tutorial is still useful in order to generate a long-term cold storage, but you can't really sign transactions unless you import the seed phrase on a hot wallet.

There are mainly two options:
1. Use the wallet like you would use a "paper" wallet.
2. Use electrum instead of sparrow terminal.

Lastly, I changed the title because the post will be a single post and not a multi-part tutorial.

Both of them are technically possible. There's official documentation about secure boot[1], while you could create encrypted partition on the SD card and modify boot option to handle encryption using another computer.

[1] https://pip.raspberrypi.com/categories/685-whitepapers-app-notes/documents/RP-003466-WP/Boot-Security-Howto.pdf

Absolutely! The tutorial was made because I had an idle Raspberry Pi, so I wanted to examine this option. It's not that I suggest it as "a better alternative", but rather as an option to have a small device which is easily portable. But obviously, eveyone suggests Tails on old laptops, and I understand why!


That's indeed a significant advantage. Though I assume that you could encrypt the Sparrow directory and of course the wallets themselves.

Oh sorry, I must've missed that part. Indeed your tutorial must not be bloated with such things that are well enough documented elsewhere.


You certainly have a point here. Can a used laptop really beat e.g. a Raspi 4B with 4GB RAM which would certainly be enough for a cold storage platform? I see apogio's tutorial as another option. Whatever you choose to use, is up to yourself.

While a laptop has the advantages you enumerate, it is bulkier than a small Raspi. If you boot the Raspi from a quality microSD card, this small microSD card is all you need to hide to securely store your cold wallet.

I wish there were a way for Secure Boot with a Raspi that works with the commonly used Linux OSes AND encrypted partitions. I admit, I haven't extensively searched for solutions to secure partitions on Raspi storage media.

Secure Boot and encrypted filesystems would be another advantage of a laptop if we can't have at least encrypted filesystems for the data on a Raspi.

This is a helpful guide, but isn't a new Raspberry Pi both more expensive and slower than a second-hand laptop? You can find very cheap laptops on e-Bay and manually remove hardware components like Wi-Fi antennas to make them air-gapped. Plus, with a laptop, you get a graphical interface instead of being limited to command-line usage. By using thoroughly reviewed operating systems like Tails, which comes with Electrum pre-installed, you also reduce the risk of making mistakes compared to setting everything up manually, while benefiting from added security features.

Raspberry Pi makes serves better purpose when used to run a Bitcoin node, IMO, because in that case, you'd save in electricity.

Thank you!


Suggestion added to the initial post. Very good idea.


There was a sentence about software verification:


Although verification is a must for me, I didn't want to include it in the tutorial. Every software we install has a detailed verification process on the their website.
If more users think it's good to include it, I will!


Changed!

That looks like a nice tutorial so far, great job! Sorry, I'm pretty low on sMerits atm.

Allow me a few suggestions:

# Instead of Balena Etcher you can use the official Pi Imager where you can easily choose what OS you want to have written to your microSD card or whatever you want to boot your Raspi from (changing boot order may need tweaks with raspi-config, IIRC.

# A maybe safer way to force the Raspi to be offline is to disable the device drivers for the network interfaces in the config.txt file in /boot. Disabled device drivers in config.txt prevent any accidental try to fire up any of the wireless network interfaces. For the ETH port you can insert a dummy plug or leave it open. So far I haven't yet found a way to disable the ethernet port via some dtoverlay magic.

# You can disable WiFi and Bluetooth alltogether (not sure if this is also possible for the ETH port) by adding the following lines in your /boot/config.txt usually somewhere near the end. Make sure the section of the lines applies generally to your Raspi device (see config.txt documentation for this on official Raspi website).

# Without internet connection the Raspi 4B won't have a correct date and time set. You will have to set it to correct values manually after every reboot.

# Maybe add a sentence that the Sparrow wallet file download should be properly checked and verified before you install or execute Sparrow. That's just good common practice in crypto coin space.

---

Linguistic nitpicking:
change airgaped --> air-gapped or air gapped

Today we will construct a secure, air-gapped device, where we will be able to generate wallets and keys offline.

Prerequisites
1. A Raspberry Pi 4B (or any other model). If the model doesn't support WiFi it's even better. But for this tutorial I have used a Raspberry Pi 4B.
2. A keyboard.
3. A micro-SD card.
4. An HDMI cable.
5. A monitor.
6. A computer that connects to the internet.
7. A USB thumb drive.

Flashing Raspberry Pi OS Lite on the SD card
1. Download Balena Etcher.
2. Download Raspberry Pi OS Lite from the official website.
3. Use Balena Etcher to flash the OS image on the SD card.

Downloading Sparrow Terminal
1. Download the Linux (ARM64) Standalone version (sparrow-server-2.0.0-aarch64.tar.gz) from the official website.
2. Drag and drop the tar.gz file on a USB drive.

Setting up the Raspberry Pi
1. Insert the SD card into the card reader on the Raspberry Pi.
2. Connect the device to the monitor using the HDMI cable.
3. Plug the power supply to the device.

Once the device is turned on, it will prompt you to create a user and set a password.
After that, you will log in and you will be presented with a terminal.
The terminal will be our dearest friend from now on.

Doing some preconfiguration
Keep in mind, that since we won't plug in an Ethernet cable and we won't connect to a WiFi network, we will never connect to the internet.
But this is not enough!
Since we want to build an air-gapped device, we must disable networking.
This will open nano editor and there we will add the following lines:
Having done that, everytime we reboot the device, networking will be disabled.

Installing Sparrow Terminal
We will now import the USB where Sparrow Terminal is installed.
Then, we need to mount it.
This command will produce an output where we will see the USB and the disk partition (normally something like /dev/sda1 or /dev/sdb1 etc.).
Let's say that the USB is on /dev/sda1.
We need to mount it, using the command:

Now we will move into the folder, and we will extract the tar file onto our home path.

Then we will unmount the usb.

Now we install Sparrow:
Now, we have a Sparrow directory in our home.

Let's run it.

Once you run it, you will get something like this:


Then, press the "Wallets" button.

You will be presented with 2 options:


Just choose to "Create Wallet"

---

Notes:

• For simplicity, I haven't written the verification process of the software we have downloaded. But we must always verify the software we install.

---

EDITS by other members:

User		Idea / Comment
Cricktor		To disable wireless internet, we can edit the config.txt file, as follows: Code: sudo nano /boot/config.txt then add this line at the end: dtoverlay=disable-wifi