Do any hardware wallets / hardware platforms that rely on or allow open source firmware?

There's a reason the safest software wallets are open-source: they can be audited by anyone. With hardware wallets, unless you're manufacturing one yourself, you're all but forced to trust the manufacturer to a certain extent. This trust could be minimized if a manufacturer created a generalized security device that users would upload their own firmware to. This way, the manufacturer would be very limited in the types of security holes it could intentionally add, given that they couldn't know what firmware would be running on it.

So it seems to me that the ideal would be for a hardware wallet to have an open-source design, manufactured by some hopefully (but not necessarily) trustworthy private company, and each user would upload and run some open source firmware on the device.

Are there any devices / hardware wallets that fit this description?

hardware-wallet

B T

Posted 2017-06-07T00:18:32.750

Reputation: 1 134

Answers

The software of major hardware wallets (The top three are: KeepKey, Trezor and Ledger) are open source (and other hardware wallets are mostly open source) If you want to know whether their firmware is open source, then it's easy to find KeepKey and Trezor's firmware, but Ledger's is partially open source. When you go a bit down, you'll see that only Trezor's hardware is open source. (Yes, its circuit can be seen online.)

MCCCS

Posted 2017-06-07T00:18:32.750

Reputation: 5 827

See here the latest list of 27 hardware wallets, many use open source software in the meantime - flagged with a (O). The other ones are flagged with a (N). For security reasons it is of course not sufficient to consider the software alone, also hardware can contain backdoors.

(O) Archos Safe-T (Mini)
(O) BC Vault
(O) Bitbox
(O) Bitfi
(O) BitLox Hardware Wallet
(?) Card Wallet
(O) Cobo Vault Wallet
(O) ColdCard
(N) CoolWallet S --> plans to (O) it in future
(N) D’CENT Hardware Wallet
(N) Ellipal
(N) Ellipal Titan
(O) Keepkey
(N) Keevo Wallet
(O) KeyCard
(N) Ledger Blue
(N) Ledger Nano S
(N) Ledger Nano X
(N?) MIRKey by ellipticsecure
(O) Opendime
(N?) SafePal S1
(O) Secalot
(N) SecuX V20
(partly O) Temexe X Wallet --> backup algorithm is open source
(O) Trezor One Wallet
(O) Trezor T
(N?) XZEN Wallet

tempo

Posted 2017-06-07T00:18:32.750

Reputation: 81

That's a reasonable point about the hardware being able to contain backdoors. And thanks for your comprehensive answer! Is there a source where you got this information from? Listing your sources would be very helpful, especially in a year or two when the info is out of date (but the sources might be more up to date). It would also be super helpful if these also marked which hardware wallets had open source hardware designs. – B T – 2019-11-11T20:36:08.033

1And even if no backdoor and open source it would be interesting to know if the randomizers are close to perfect. In worst case a scammer builds a randomizer selecting always from the same 10 million priv keys and collects all credits after a few years. I have no dedicated source for the wallet list except several DuckDuckGo searches. I collected the wallet names from there and then checked one by one about the firmware open source :) – tempo – 2019-11-11T22:11:48.527

Topic I opened the other day touching as well the security: https://bitcoin.stackexchange.com/questions/91570/handwritten-paperwallet-or-hardwarewallet-to-store-bitcoins

– tempo – 2019-11-11T22:22:20.683