Learn how to upgrade here >
Current Version of Coldcard Firmware — Version 4.1.3
Video: How to Upgrade Firmware
Version 4.1.3 - Sept 2, 2021
- Enhancement: support "importdescriptors" command in Bitcoin Core 0.21 so that
a descriptor-based wallet is created. PSBT files are then supported natively by
Core, and the resulting desktop wallet can be used for spending (ie. create PSBT
via GUI) and also watching. Translation: Easy air-gap PSBT operation with Bitcoin Core!
- Enhancement: remove "m/0/0" derivations from public.txt and address explorer,
since that path is obsolete and not used by any major wallets now. We can still
sign PSBT files with that path, but it's an unnecessary risk to show derived
addresses for a type of wallet that doesn't exist anymore.
- Enhancement: if PSBT input sections don't contain the key path information we need,
show a more specific error message.
- Bugfix: a PSBT which provided the wrong pubkey (based on UTXO being spent) was not
flagged as invalid, but instead we proceeded to do nothing. Now says "pubkey vs. address wrong".
- Bugfix: if asked to serialize a partially-signed transaction, we did. Now fails properly.
- Bugfix: if multiple copies of the same BIP-39 passphrase were saved to a card, the menu
would not display correctly and you might not be able to select your saved value.
Version 4.1.2 - July 28, 2021
- Enhancement: Shows QR code with BIP-85 derived entropy value if you press (3) while
value shown on-screen. Thanks to @opennoms for idea.
Works with 12/18/24-words, XPRV, privatekey and even hex cases.
- Enhancement: Offer to show QR in other places:
- Coldcard's main XPUB, in Advanced > View Identity
- Seed words, during picking process (before the quiz)
- Stored seed words: Advanced > Danger Zone > Seed Functions > View Seed Words
- TXID of just-signed transaction (64 hex digits)
- Encryption password for the system backup file (12 words)
- Enhancement: We now grind a nonce so that our signatures are always 71 bytes or shorter.
This may save a byte in transaction size, and makes our signatures identical to those
produced by Bitcoin Core, improving anonymity on-chain. Thanks to
@craigraw for detecting this.
- Bugfix: On a blank Coldcard, after importing a seed phrase using the
Seed XOR feature, the main menu was not updated to show
system is "Ready To Sign".
- Bugfix: Red caution light could happen (a false positive) if a specific sequence of
firmware upgrades and reboots occured in the right order. Issue could only occur once
during lifetime of any particular Coldcard.
Version 4.1.1 - April 30, 2021
- Bugfix/Enhancement: Unchained Capital
was using the P2SH (BIP-45) value we exported in our multisig
wallet file (removed in 4.1.0). So we've restored that, added
BIP-45 path to our generic JSON export (if account number is zero),
and added a dedicated menu item: Advanced > MicroSD > Export > Unchained Capital
Version 4.1.0 - April 29, 2021
- New feature: Seed XOR -- split your secret BIP-39 seed into 2 (or 3 or 4) new seed phrases
- any combination of found seed word phrases is a fully working wallet (great for duress)
- still 24 words, and can be encoded onto a SEEDPLATE
- all parts are required to be known to get back to original
seed phrase (not M of N, always N of N),
- your existing seed can be split by Coldcard (one already in use)
- you can do the math on paper, and it's possible to split/combine without the Coldcard
- see docs/seed-xor.md for background
- see wordlist-paper repo for some tools
- Enhancement: Add support for BIP-48 derivations when exporting generic JSON (including
the accounts number) under Advanced > MicroSD Card > Export Wallet > Generic JSON.
These are targeted towards multisig wallets, such as
- Enhancement: Ask for account number when creating Multisig Wallets via air-gapped
Coldcards. Use account zero for compatibility with previous versions. No need to
use same account number on each participating Coldcard, but we recommend that. Creating
new P2SH (BIP-45) type air-gapped wallets has been removed since it cannot support
- Enhancement: Show new firmware version number and date before installing firmware update.
- Bugfix: Could not clear PIN codes, including the duress PIN, so was not possible to wipe
the main secret, if a duress PIN had been set. 999999-999999 works again now.
- Bugfix: Deleting a multisig wallet that was identical to another wallet, except
for different address type, would lead to an error.
- Bugfix: Standardize on BIP-nn in place of BIPnn in source code, messages and docs.
Older releases and their changes are listed here,
the full source code, hardware details, and much more can be found
in our repository on github.
Mark 1 Hardware (late 2017 / early 2018)
The Mk1 hardware is obsolete and no further updates will be made. The final
version of firmware for the Mk1 is
3.0.6 (2019-12-19T1623-v3.0.6). Do not
load any newer firmware version, as it will brick the device.
How To Upgrade
Upgrading Step By Step
Video: How to Verify COLDCARD's Firmware
- Download and verify the latest firmware release from top of this page. Select older versions are available here.
- Save the
20...-coldcard.dfu firmware file onto a SD card.
- Power up your ColdCard and unlock it with your PIN.
- Go to the
Advanced > Upgrade menu and click on
From SD Card.
- After the confirmation dialog, ColdCard will upgrade and reboot (slow).
- Type in your PIN again. Verify new version running with:
Advanced > Upgrade > Show Version
- If you powered down during this process, to get a green light again,
you may need to use:
Bless Firmware in that menu.
Advanced: Verify Your Downloads
The release binaries may be verified using
this clear-signed text file
and GPG. The commands are:
curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xA3A31BAD5A2A5B10" | gpg --import
gpg --verify signatures.txt
The first command imports the public key
4589779ADFC14F3327534EA8A3A31BAD5A2A5B10 and the second verifies the file's
signature vs. file contents.
Don't forget to run SHA256 over the DFU files themselves, because that compares
the actual file contents to what we have signed.
Github.com is also protecting us because it verifies on all commits
against the developer's public keys, and keeps a history of changes.
Need step-by-step? Watch How to Verify COLDCARD's Firmware on YouTube
The upgrade menu allows you to load updated firmware onto the Coldcard.
The menu allows loading an upgrade file from a MicroSD card, but it can
also be done using the command line tool, or from the Electrum plugin.
How to Upgrade
- Show Version
- Displays the version numbers that you have already.
- From MicroSD
- Select an upgrade file from MicroSD card and start the process.
- Bless Firmware
- Mark the contents of flash memory as "approved" and light the green "Genuine" light.
You need a
DFU file for upgrades. It's about 690k in size and should have the
The latest firmware can always be build from sources on Github:
All upgrade files must be signed by a Coinkite Inc. approved key, or
the Coldcard will refuse to load and run them.
This command is not typically needed, but can be used to set the
genuine/caution lights to green. Note that only the main PIN holder
can do this. A normal firmware upgrade sequence does not require
this action, but if the unit is powered down between installing the
upgrade and the first successful login, then the light will be red,
and will stay red until this command is used.
In general, it may not be advisable to downgrade (return to an older
release). Some releases will set a "high water mark" so the bootloader
that will block any downgrade to earlier versions. We will do this
if a bug or security problem with an obsolete release is identifed.
Watch this Video: Secure Upgrade Firmware of ColdCard Mark 2 - Max Hillebrand