Learn how to upgrade here

Current Version of Coldcard Firmware — Version 4.1.3

• 2021-09-02T1752-v4.1.3-coldcard.dfu released Sept 2, 2021.

Video: How to Upgrade Firmware

Version 4.1.3 - Sept 2, 2021

• Enhancement: support "importdescriptors" command in Bitcoin Core 0.21 so that a descriptor-based wallet is created. PSBT files are then supported natively by Core, and the resulting desktop wallet can be used for spending (ie. create PSBT via GUI) and also watching. Translation: Easy air-gap PSBT operation with Bitcoin Core!
• Enhancement: remove "m/0/0" derivations from public.txt and address explorer, since that path is obsolete and not used by any major wallets now. We can still sign PSBT files with that path, but it's an unnecessary risk to show derived addresses for a type of wallet that doesn't exist anymore.
• Enhancement: if PSBT input sections don't contain the key path information we need, show a more specific error message.
• Bugfix: a PSBT which provided the wrong pubkey (based on UTXO being spent) was not flagged as invalid, but instead we proceeded to do nothing. Now says "pubkey vs. address wrong".
• Bugfix: if asked to serialize a partially-signed transaction, we did. Now fails properly.
• Bugfix: if multiple copies of the same BIP-39 passphrase were saved to a card, the menu would not display correctly and you might not be able to select your saved value.

Version 4.1.2 - July 28, 2021

• Enhancement: Shows QR code with BIP-85 derived entropy value if you press (3) while value shown on-screen. Thanks to @opennoms for idea. Works with 12/18/24-words, XPRV, privatekey and even hex cases.
• Enhancement: Offer to show QR in other places:
  • Coldcard's main XPUB, in Advanced > View Identity
  • Seed words, during picking process (before the quiz)
  • Stored seed words: Advanced > Danger Zone > Seed Functions > View Seed Words
  • TXID of just-signed transaction (64 hex digits)
  • Encryption password for the system backup file (12 words)
• Enhancement: We now grind a nonce so that our signatures are always 71 bytes or shorter. This may save a byte in transaction size, and makes our signatures identical to those produced by Bitcoin Core, improving anonymity on-chain. Thanks to @craigraw for detecting this.
• Bugfix: On a blank Coldcard, after importing a seed phrase using the Seed XOR feature, the main menu was not updated to show system is "Ready To Sign".
• Bugfix: Red caution light could happen (a false positive) if a specific sequence of firmware upgrades and reboots occured in the right order. Issue could only occur once during lifetime of any particular Coldcard.

Version 4.1.1 - April 30, 2021

• Bugfix/Enhancement: Unchained Capital was using the P2SH (BIP-45) value we exported in our multisig wallet file (removed in 4.1.0). So we've restored that, added BIP-45 path to our generic JSON export (if account number is zero), and added a dedicated menu item: Advanced > MicroSD > Export > Unchained Capital

Version 4.1.0 - April 29, 2021

• New feature: Seed XOR -- split your secret BIP-39 seed into 2 (or 3 or 4) new seed phrases
  • any combination of found seed word phrases is a fully working wallet (great for duress)
  • still 24 words, and can be encoded onto a SEEDPLATE
  • all parts are required to be known to get back to original seed phrase (not M of N, always N of N),
  • your existing seed can be split by Coldcard (one already in use)
  • you can do the math on paper, and it's possible to split/combine without the Coldcard
  • see docs/seed-xor.md for background
  • see wordlist-paper repo for some tools
• Enhancement: Add support for BIP-48 derivations when exporting generic JSON (including the accounts number) under Advanced > MicroSD Card > Export Wallet > Generic JSON. These are targeted towards multisig wallets, such as Sparrow
• Enhancement: Ask for account number when creating Multisig Wallets via air-gapped Coldcards. Use account zero for compatibility with previous versions. No need to use same account number on each participating Coldcard, but we recommend that. Creating new P2SH (BIP-45) type air-gapped wallets has been removed since it cannot support multiple accounts.
• Enhancement: Show new firmware version number and date before installing firmware update.
• Bugfix: Could not clear PIN codes, including the duress PIN, so was not possible to wipe the main secret, if a duress PIN had been set. 999999-999999 works again now.
• Bugfix: Deleting a multisig wallet that was identical to another wallet, except for different address type, would lead to an error.
• Bugfix: Standardize on BIP-nn in place of BIPnn in source code, messages and docs.

Older releases and their changes are listed here, the full source code, hardware details, and much more can be found in our repository on github.

Upgrading Your COLDCARD's Firmware

Introduction

About Upgrades

Stay up to date on firmware releases - follow our Twitter account @COLDCARDwallet, or bookmark the Coinkite Blog.

Firmware upgrades provide new features, enhancements, bugfixes, and the latest security updates to your COLDCARD.

Firmware upgrade files have a .dfu file extension and should be approximately 690 KB in size. We use the abbreviation 20...-coldcard.dfu to represent the full firmware file name. Make sure to use the full file name in your commands.

COLDCARDs only load and run files signed by a Coinkite Inc. approved key.

Upgrade Menu

The Upgrade menu allows you to load an upgrade .dfu file from a microSD card.

Upgrade Menu Options

Show Version displays the version numbers of the firmware currently loaded on your COLDCARD.

From MicroSD lets you start the firmware upgrade process.

Bless Firmware marks the firmware upgrade as approved by the main PIN holder. This step is necessary if your COLDCARD loses power before the upgrade is confirmed.

Alternate Upgrade Methods

These instructions use a microSD card to upgrade the firmware. You can also upgrade by using the command-line tool or the Electrum plugin.

Downgrading Firmware and Older Versions

Downgrading to an older firmware version is discouraged and may be blocked depending on your current firmware. Some firmware releases will prevent the bootloader from accepting older versions due to bugs or security issues found in older firmware. A limited selection of previously released firmware is available here.

Upgrade Procedure

What You'll Need

• Mark 2 or Mark 3 COLDCARD
• microSD card (up to 32 GB capacity, FAT32 or FAT12 format)
• Micro USB cable, power-only preferred
• Power source for Micro USB cable, COLDPOWER or AC to USB adapter preferred
• Internet-capable device for downloading and saving files

What You'll Do

Check Your Current COLDCARD Firmware Version

1. Connect the COLDCARD to a power source with the Micro USB cable to turn it on.
2. Enter your PIN to unlock the COLDCARD.
3. Select Advanced > Upgrade > Show Version.
4. Compare the version shown on the screen with the latest version shown on coldcard.com/docs/upgrade. If your COLDCARD doesn't have the latest firmware version, it's time to upgrade.

Get the Latest Firmware

1. Go to coldcard.com/docs/upgrade if you're not already there. The latest firmware release will be at the top of the page.
2. Save the 20...-coldcard.dfu file to your microSD card or a folder on your computer.
3. Decide whether you will verify the firmware's hash and signature (strongly recommended) or load the firmware on your COLDCARD without verification.
4. Verifying? Go to the verification instructions.

Load the Latest Firmware on your COLDCARD

1. Save the 20...-coldcard.dfu file to your microSD card if you haven't done so already and eject the card once the file is saved.
2. Make sure your COLDCARD is turned on and unlocked.
3. Select Advanced > Upgrade > From MicroSD.
4. Press OK (✔) on your COLDCARD when you are prompted to pick the firmware image.
5. Select the firmware file.
6. The screen will say "Loading. . .". Be patient, this process takes time.

Note: When the screen changes to Verifying, the red LED will light up and stay lit until the firmware upgrade is complete. The red CAUTION LED lets you know changes are being made or have been made to your COLDCARD. If the COLDCARD is turned off after the new firmware is installed but before the first successful login, you will need to bless the firmware to turn the red LED off.

Confirm and Finish Upgrade

1. Enter your PIN prefix when prompted after the COLDCARD reboots.
2. Verify whether or not you recognize the two words displayed on the screen. These words are hardware-specific to ensure you have the correct device. A different COLDCARD will display different words.
3. Enter the rest of your PIN when prompted.
4. The COLDCARD will perform another verification and the green GENUINE LED will light up.
5. Inspect your upgrade by selecting Advanced > Upgrade > Show Version. The firmware version you loaded will be displayed. You have successfully upgraded your COLDCARD's firmware!

Video Tutorial

Watch Max Hillebrand perform the firmware upgrade and verification process using Debian and a Mark 2 COLDCARD.

Optional Steps

Red LED Lit After Restart? Bless the Firmware

The red CAUTION LED is a safety feature warning you of unconfirmed changes to your COLDCARD. Only the main PIN holder can confirm changes. If you load new firmware and turn off the device before confirming the upgrade, the CAUTION LED will be lit the next time you turn on your COLDCARD. Blessing the firmware tells the COLDCARD that you are aware of and approve of the firmware upgrade.

1. Follow the prompts on the screen to log in to your COLDCARD.
2. Select Advanced > Upgrade > Bless Firmware.
3. The screen will say Verifying the green GENUINE LED will light up confirming your approval of the new firmware.

Once the firmware is blessed, your COLDCARD will light up the green LED on future startups.

Don't Trust. Verify the Firmware

Verifying the firmware's hash and signature requires intermediate to advanced computer skills. It uses extra tools and adds steps, but if you use a COLDCARD, you're probably security-conscious. In that case, you may find the extra effort to be worth the peace of mind you'll get from knowing your firmware is safe and correct.

Note: PGP signature verification requires GPG. Debian and other Linux distributions include GPG. Mac and Windows users who have not already installed GPG will need to do so. Operating system-specific instructions contain links to tool downloads.

Verifying on Mac

These instructions use GPG Keychain, a component of the GPG Suite from GPGTools.

You can also follow along with our video tutorial, How to Verify COLDCARD's Firmware.

Confirm the Hash

1. Open signatures.txt so you can view its contents.
2. Open Terminal, navigate to the directory where you saved the firmware and use the command shasum -a256 20...-coldcard.dfu.
3. Resize or reposition the windows so you can see both the Terminal and signatures.txt file at the same time.
4. Compare the output values in Terminal with the line of text in the signatures.txt file next to the firmware version you saved. The hash is confirmed if the values are the same.

Verify the PGP Signature

1. Save the signatures.txt file in the same location as the new firmware file.
2. Save the public key 4589779ADFC14F3327534EA8A3A31BAD5A2A5B10 as a .txt file in the same location as the firmware and signatures.txt files.
3. Open GPG Keychain.
4. Click the Import button and navigate to signatures.txt. Select the file and click Open. A pop-up message should appear saying "Import successful".
5. Open Terminal and enter gpg --verify signatures.txt.
6. The output in Terminal should include Good signature from.... It is normal to see WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. You may ignore the warning, the signature is verified.

Once the hash and signature are verified, load the latest firmware on your COLDCARD.

Verifying on Linux

Confirm the Hash

1. Open signatures.txt so you can view its contents.
2. Use the command line to navigate to the directory where you saved the firmware and enter the command sha256sum 20...-coldcard.dfu.
3. Resize or reposition the windows so you can see both the command output and signatures.txt file at the same time.
4. Compare the output value from the command with the line of text in the signatures.txt file next to the firmware version you saved. The hash is confirmed if the values are the same.

Verify the PGP Signature

1. Save the signatures.txt file in the same location as the new firmware file.
2. On the command line, enter curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xA3A31BAD5A2A5B10" | gpg --import to import the public key.
3. Next, enter gpg --verify signatures.txt to verify the file's signature versus its content.
4. The command output should include Good signature from.... It is normal to see WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. You may ignore the warning, the signature is verified.

Once the hash and signature are verified, load the latest firmware on your COLDCARD.

Verifying on Windows

These instructions use Kleopatra, which is a part of Gpg4win (GNU Privacy Guard for Windows). You only need the GnuPG Privacy Guard and Kleopatra components to verify the PGP signature.

Kleopatra requires you to have an OpenPGP signature to complete verification. If you don't have a signature to import, you can make one in Kleopatra.

Confirm the Hash

1. Open signatures.txt so you can view its contents.
2. Open Command Prompt and enter certutil -hashfile C:\..\20...-coldcard.dfu SHA256, where C:\..\20...-coldcard.dfu is the full path to the saved firmware file.
3. Resize or reposition the windows so you can see both the Command Prompt output and signatures.txt file at the same time.
4. Compare the output values in Command Prompt with the line of text in the signatures.txt file next to the firmware version you saved. The hash is confirmed if the values are the same.

Verify the PGP Signature

1. Save the text from signatures.txt with an .asc file extension in the same location as the saved firmware file. Do not save the file as .txt, Kleopatra will not recognize it.
2. Save the public key 4589779ADFC14F3327534EA8A3A31BAD5A2A5B10 as an .asc file in the same location as the firmware and signatures.asc files.
3. Open a browser and go to keybase.io/DocHex. Click on the text next to the key icon to open the public key window. You will need this window for a later step.
4. Open Kleopatra and click Import....
5. Navigate to the public key .asc file and open it.
6. You will be asked to check the fingerprint of the file and given suggested options. The Keybase public key window is the trusted website. Click Yes.
7. A Certify Certificate window will show the file's fingerprint, your certification, and the fingerprint's owner - in this case, Peter D. Gray. Resize or reposition the Certify Certificate window and the browser window opened in step 3 so you can see them both at the same time.
8. Make sure the fingerprints in each window match and click Certify. If you have a passphrase on your certificate, you'll be asked to enter it. A pop-up box should appear saying, "Certification successful." Click Ok.
9. Click Decrypt/Verify... and open signatures.asc.
10. Kleopatra will verify the signature. You may save or discard the file Kleopatra generates, it is not needed. The signature is verified.

Once the hash and signature are verified, load the latest firmware on your COLDCARD.