Video: How to Upgrade Firmware
bc1p..
) so you can send
your BTC to them. Does not support signing, so you cannot operate a Taproot
wallet with COLDCARD as the signing device... yet.OP_RETURN
and other outputs we don't understand well (yet).bc1p..
) so you can send
your BTC to them. Does not support signing, so you cannot operate a Taproot
wallet with Mk3 COLDCARD as the signing device.coldcardwallet.com
to coldcard.com
in docs and few
on-screen messages.OP_RETURN
and other outputs we don't understand well (yet).Older releases and their changes are listed here, the full source code, hardware details, and much more can be found in our repository on github. Other downloads are listed here.
Stay up to date on firmware releases - follow our Twitter account @COLDCARDwallet, or bookmark the Coinkite Blog.
Firmware upgrades provide new features, enhancements, bugfixes, and the latest security updates to your COLDCARD.
Firmware upgrade files have a .dfu
file extension and should be approximately 690 KB in size. We use the abbreviation 20...-coldcard.dfu
to represent the full firmware file name. Make sure to use the full file name in your commands.
COLDCARDs only load and run files signed by a Coinkite Inc. approved key.
The Upgrade
menu allows you to load an upgrade .dfu
file from a microSD card.
Show Version
displays the version numbers of the firmware currently loaded on your COLDCARD.
From MicroSD
lets you start the firmware upgrade process.
Bless Firmware
marks the firmware upgrade as approved by the main PIN holder. This step is necessary if your COLDCARD loses power before the upgrade is confirmed.
These instructions use a microSD card to upgrade the firmware. You
can also upgrade by using the command-line tool or the
Electrum plugin. On the Mk4,
if USB drive emulation is enabled, you can simply copy the dfu
file
onto the COLDCARD.
Downgrading to an older firmware version is discouraged and may be blocked depending on your current firmware. Some firmware releases will prevent the bootloader from accepting older versions due to bugs or security issues found in older firmware. A limited selection of previously released firmware is available here.
Advanced > Upgrade > Show Version
.20...-coldcard.dfu
file to your microSD card or a folder on your computer.20...-coldcard.dfu
file to your microSD card if you haven't done so already and eject the card once the file is saved.Advanced > Upgrade > From MicroSD
."Loading. . ."
. Be patient, this process takes time.Note: When the screen changes to Verifying
, the red LED will
light up and stay lit until the firmware upgrade is complete. The
red CAUTION LED lets you know changes are being made or have
been made to your COLDCARD. If the COLDCARD is turned off after
the new firmware is installed but before the first successful
login, you will need to
bless the firmware
to turn the red LED off.
Do not turn off power to the Mk4 during it's 15-second upgrade process. Doing so will put it into a special recovery mode which requires a specially-prepared MicroSD card to be used.
Advanced > Upgrade > Show Version
. The firmware version you loaded will be displayed. You have successfully upgraded your COLDCARD's firmware!Watch Max Hillebrand perform the firmware upgrade and verification process using Debian and a Mark 2 COLDCARD.
The red CAUTION LED is a safety feature warning you of unconfirmed changes to your COLDCARD. Only the main PIN holder can confirm changes. If you load new firmware and turn off the device before confirming the upgrade, the CAUTION LED will be lit the next time you turn on your COLDCARD. Blessing the firmware tells the COLDCARD that you are aware of and approve of the firmware upgrade.
Advanced > Upgrade > Bless Firmware
.Verifying
the green GENUINE LED will light up confirming your approval of the new firmware.Once the firmware is blessed, your COLDCARD will light up the green LED on future startups.
Verifying the firmware's hash and signature requires intermediate to advanced computer skills. It uses extra tools and adds steps, but if you use a COLDCARD, you're probably security-conscious. In that case, you may find the extra effort to be worth the peace of mind you'll get from knowing your firmware is safe and correct.
Note: PGP signature verification requires GPG. Debian and other Linux distributions include GPG. Mac and Windows users who have not already installed GPG will need to do so. Operating system-specific instructions contain links to tool downloads.
These instructions use GPG Keychain, a component of the GPG Suite from GPGTools.
You can also follow along with our video tutorial, How to Verify COLDCARD's Firmware.
Confirm the Hash
shasum -a256 20...-coldcard.dfu
.signatures.txt
file at the same time.signatures.txt
file next to the firmware version you saved. The hash is confirmed if the values are the same.Verify the PGP Signature
4589779ADFC14F3327534EA8A3A31BAD5A2A5B10
as a .txt
file in the same location as the firmware and signatures.txt
files.signatures.txt
. Select the file and click Open. A pop-up message should appear saying "Import successful".gpg --verify signatures.txt
.Good signature from...
. It is normal to see WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
You may ignore the warning, the signature is verified.Once the hash and signature are verified, load the latest firmware on your COLDCARD.
Confirm the Hash
sha256sum 20...-coldcard.dfu
.signatures.txt
file at the same time.signatures.txt
file next to the firmware version you saved. The hash is confirmed if the values are the same.Verify the PGP Signature
curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xA3A31BAD5A2A5B10" | gpg --import
to import the public key.gpg --verify signatures.txt
to verify the file's signature versus its content.Good signature from...
. It is normal to see WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
You may ignore the warning, the signature is verified.Once the hash and signature are verified, load the latest firmware on your COLDCARD.
These instructions use Kleopatra, which is a part of Gpg4win (GNU Privacy Guard for Windows). You only need the GnuPG Privacy Guard and Kleopatra components to verify the PGP signature.
Kleopatra requires you to have an OpenPGP signature to complete verification. If you don't have a signature to import, you can make one in Kleopatra.
Confirm the Hash
certutil -hashfile C:\..\20...-coldcard.dfu SHA256
, where C:\..\20...-coldcard.dfu
is the full path to the saved firmware file.signatures.txt
file at the same time.signatures.txt
file next to the firmware version you saved. The hash is confirmed if the values are the same.Verify the PGP Signature
.asc
file extension in the same location as the saved firmware file. Do not save the file as .txt
, Kleopatra will not recognize it.4589779ADFC14F3327534EA8A3A31BAD5A2A5B10
as an .asc
file in the same location as the firmware and signatures.asc
files.Import...
..asc
file and open it.Yes
.Certify
. If you have a passphrase on your certificate, you'll be asked to enter it. A pop-up box should appear saying, "Certification successful." Click Ok
.Decrypt/Verify...
and open signatures.asc
.Once the hash and signature are verified, load the latest firmware on your COLDCARD.
We've found relevant search results.