GM.🫡
Everything we showed you this week, KeyOS, QuantumLink, Passport Prime, Envoy, is all open source and reproducible.
You don't have to trust our marketing.
Go verify it yourself :) Have a great Friday 😊
Foundation
_@foundation.xyz
npub1s0vt...pq6j
We build Bitcoin-centric tools that empower you to reclaim your sovereignty, including Passport hardware wallet and Envoy app.
Open source, USA assembled.
Learn more at https://foundation.xyz
This week, we launched Passport Prime into the world.
We showed you how Passport Prime is built. KeyOS. QuantumLink. The open source hardware. The security architecture from top to bottom.
But security architecture doesn't mean much if it doesn't solve real problems for real people. So let's talk about what Passport Prime actually does for you, every single day.
Bitcoin wallet, Passport Prime is a best-in-class Bitcoin hardware wallet. Multisig. Passphrases. Temporary seeds. It supports every major Bitcoin software wallet you already use, and it pairs seamlessly with Envoy via QuantumLink. No more squinting at QR codes under bad lighting. Just tap, authorize, done.
2FA codes, offline. Right now, your two-factor authentication codes probably live on your phone. The same phone that's connected to the internet 24 hours a day. Passport Prime stores your 2FA codes in a secure, offline environment. If someone compromises your phone, your 2FA codes aren't there to find.
Security keys, Passport Prime replaces every YubiKey you own. Create multiple security keys and use them over NFC. Tap your Passport Prime to log in. No more juggling a drawer full of keys.
Encrypted file storage, 50 GB of secure, offline storage for your most important files. Tax documents. Recovery phrases. Legal records. Whatever you need to protect. Here's what makes it different: when you plug Passport Prime into your computer, it only exposes the files in your Airlock, a sandboxed folder you control. Everything else stays hidden.
Seed vault, If you're deep in Bitcoin, you know the chaos of managing seed words across multiple wallets. Passport Prime brings them all into one place. Create new seeds, temporarily load existing ones, organize them all in the Seed Vault app. You can also manually add your most secure passwords.
We're just getting started.
Everything above ships today. KeyOS, the custom operating system powering Passport Prime, was built from day one as a developer platform. Every app runs in its own sandbox. Every app receives a hardened child seed, meaning even a malicious app has zero access to your master seed and cannot communicate with other apps.
This is what unlocks everything.
We are opening the developer SDK so that any team can build apps for KeyOS. Our friends at Cake Wallet are already building the first third-party app. But think about what comes next: password managers that never touch the internet. Encrypted messaging key storage. Nostr identity management. PGP signing.
The possibilities are as wide as the developer community that builds on it. One device that starts as the most capable personal security device on the market, and only gets more powerful over time.
Passport Prime. Open source. Made in the USA.
This is what taking control of your digital life actually looks like. 🧡
What if the Bluetooth chip inside your security device were malicious?
Compromised firmware. A supply chain attack. With Passport Prime, it wouldn't matter, because we built QuantumLink.
QuantumLink is a new wireless protocol we designed from the ground up with Blockchain Commons. It encrypts every piece of data before it ever reaches the Bluetooth chip, using quantum-resistant cryptography.
Here's what that means in practice:
The Bluetooth chip in Passport Prime is physically isolated from the security processor running KeyOS. All data passing through it is already encrypted using CRYSTALS-Kyber key exchange and ChaCha20-Poly1305 symmetric encryption, both designed to withstand attacks from quantum computers.
The Bluetooth chip never sees unencrypted data. It can't read what it relays. It can't inject commands. Even if it were fully compromised, it would have nothing useful to work with.
Setup takes seconds. Passport Prime displays a QR code during onboarding. Scan it with Envoy, and a fully encrypted tunnel is established, no pairing codes, no trust prompts.
From there, you get the real-time convenience of wireless communication, interacting with Envoy, updating KeyOS, and accessing new features, without compromising on security. And if you ever want zero wireless, one tap in KeyOS powers down the Bluetooth chip entirely.
We built QuantumLink because wireless and secure shouldn't be a tradeoff.
Read the full technical deep dive here:
Foundation
QuantumLink: Reinventing Secure Wireless Communication
When we set out to create Passport Prime, we knew we had to do more than just build a new operating system. We needed to address a long-standing is...
We spent three years building our own operating system from scratch. No Android. No off-the-shelf firmware. Just a microkernel OS written in Rust.
KeyOS powers Passport Prime and delivers real process isolation, every app sandboxed, secure message-passing between processes, running on a 500 MHz security processor.
It's fully open-source, built on the Xous kernel, and we're opening it up to third-party developers. Every app must be open-source with reproducible builds.
Full technical deep dive: foundation.xyz/2024/12/building-keyos/
We're thrilled to announce that Passport Prime is officially shipping. 🎊
We set out to build something that didn't exist, that doesn’t fit neatly into any existing categories.
Manufactured in the USA, built on open-source principles.
New hardware. New OS. New communication layer. New software.
What makes Passport Prime different:
We built a brand new operating system from scratch. KeyOS uses a modern microkernel design where only the most critical functions run at the core, keeping apps and sensitive data completely segregated.
We created QuantumLink, a quantum-resistant Bluetooth protocol that delivers wireless convenience with air-gapped level security.
Before shipping, we commissioned a full third-party security audit by Keylabs. The result: zero critical or high-severity vulnerabilities. The full audit and our response are publicly available here: 
Passport Prime ships in a premium package:
- 3.5" Gorilla Glass touchscreen
- CNC-machined aluminum body
- 3x NFC KeyCards with Faraday sleeves
- USB-C cable.
Looking ahead, we're continuing to build KeyOS improvements, a developer SDK, third-party app support, and accessories are all on the roadmap.
This is just the beginning.
→ Learn more: 
Foundation
Passport Prime Security Audit
Our approach to security has always been consistent: build with care, and invite open verification. Before Passport Prime ships, we commissioned a...
Foundation
Passport Prime - Secure your entire digital life
Secure your Bitcoin, 2FA codes, security keys, important files, and additional seeds – all in a single, easy to use device.
Envoy v2.2.12 is now available! 🚀
This update adds support for pairing multiple Passport Prime devices and includes various improvements.
You can read the full release notes below for all the details.
Foundation
Envoy version 2.2.12 is now available!
The latest version of Envoy – 2.2.12– is now published on all your favorite mobile platforms! To download it, simply visit our download page or...
🚀 Envoy 2.2.5 is now available.
This release is all about Passport Prime, improved onboarding, and several bug fixes to make the experience smoother.
Read the full release notes with all the details below.
Foundation
Envoy version 2.2.5 is now available!
The latest version of Envoy – 2.2.5– is now published on all your favorite mobile platforms! To download it, simply visit our download page or ...
🚀 Envoy v2.2.1 is live!
For this release we focused mostly on the upcoming Passport Prime integration, but we also focused efforts on improving our tor integration and fixing many bugs.
For more details on each of the changes, keep reading below!
X (formerly Twitter)
FOUNDATION (@FOUNDATIONdvcs) on X
https://t.co/ZdxxBiK04u
Before Passport Prime ships, we commissioned a full third-party security audit from Keylabs, the same team behind the well-known wallet.fail research. Their review covered every layer of Passport Prime, from hardware and firmware to system architecture to evaluate its resilience against real-world attack scenarios.
The results: no critical or high-severity vulnerabilities were found. All observations were classified as low severity, requiring physical access and advanced tools. Keylabs concluded that Prime’s architecture demonstrates “exceptional security design principles and sophisticated implementation,” and “a highly secure architecture that exceeds industry standards.”
We’ve published the full breakdown, findings, and our response here:
Foundation
Passport Prime Security Audit
Our approach to security has always been consistent: build with care, and invite open verification. Before Passport Prime ships, we commissioned a...
🚨Phishing Alert 🚨
We've received reports of emails being received with a fake website.
🔗foundationenvoy(.)app
This is NOT from us and hosts a malicious Envoy desktop download. Do NOT click or download anything from it.
There is no Envoy desktop version.
👀 Ever wondered what’s on the Passport Core menu?
If you’ve never used one, you might be curious about its menus, navigation, and features.
Here’s a full breakdown of how Passport Core is structured. 👇
🔥 Privacy just leveled up.
We value every part of your digital life; that’s why we’ve partnered with Cloaked Wireless.
Every Foundation product now comes with a FREE Cloaked Wireless SIM + 1 month free plan (up to $75 value). While stocks last.
Here’s how it works 👇
1️⃣ Order any Foundation product. At checkout, enter cloaked in the coupon section.
2️⃣ Once your Foundation order ships, you’ll receive an email with your voucher code and instructions to redeem on the Cloaked Wireless website.
3️⃣ Activate your Cloaked Wireless plan and SIM in minutes:
🔷 Bring your number + device
🔷 Choose from powerful privacy features
🔷 Enjoy nationwide 5G coverage
🔷 Pay with Bitcoin if you want in the future for full privacy.
With Foundation, your keys are secure.
With Cloaked Wireless, your phone line is secure.
Start protecting both today 👉 
Foundation
Homepage
Self custody is finally attainable. Secure your Bitcoin with an unprecedented combination of elegance and ease of use.
Bitcoin is neutral.
Your custody and privacy choices decide whether it’s freedom or surveillance. 🔐
An update from Zach our CEO regarding passport prime:
To our Passport Prime Early Access customers: we appreciate your continued patience as our @FOUNDATIONdvcs team works to get devices into your hands. It’s taken longer than we thought it would – and while I still don’t have an exact date, we are much closer now and are aiming to begin shipping in the coming weeks. Below is a detailed update of where we are from a hardware and software perspective.
While Passport Prime will be the third device Foundation has created, it’s really an entirely new, first-generation device running a new operating system (KeyOS) and new hardware architecture. It’s the first of its kind personal security platform that will enable an open, permissionless developer ecosystem for third party apps.
It’s been an enormous effort to build KeyOS, ensure it is secure, and create the first-party apps that are shipping with Passport Prime. This week we officially finished our security audit by @keylabsio, who we think is best in the business. We will publish the final report next week and are finishing up implementing the suggestions from the audit to ensure Passport Prime is the most secure device on the market.
Completing the audit is a major milestone and was one of the items blocking us from being able to finalize the v1.0 bootloader and KeyOS release. I’m sharing a screenshot of the Conclusion page below, but I also wanted to share the last sentence of the report:
“This results in a highly secure hardware wallet architecture that exceeds industry standards for protecting users' digital assets.”
With Passport Prime and KeyOS, we are aiming to not only match industry standard security (cough, Ledger, cough), but exceed it. I am proud to say that we have done that.
Now that the audit is complete, the team is rigorously testing the firmware update process, so that when you unbox your Passport Prime and connect it to Envoy, it will seamlessly update to the latest KeyOS firmware.
This is of the utmost importance because we can fix most bugs with updates, even after shipping, but there cannot be any bugs in the initial process of connecting Passport Prime to Envoy and initiating a firmware update.
Once we internally deem that firmware updates are bulletproof, we will give the factory the go-ahead to provision all circuit boards with KeyOS and complete final assembly and packaging.
In the meantime, we are squashing bugs in our first-party apps and working to complete all Bitcoin app features. Since this is the Early Access batch, we do expect that there will be some bugs and/or some incomplete features across apps, but we want to ensure that (1) there are absolutely no bugs that will affect device security and (2) that the Bitcoin app has parity with the Passport Core experience, supports all the same software wallets, and so on.
I will continue to post regular updates and will also publish a video walking through the latest version of KeyOS. Please let me know if you have any questions! Thanks for reading.
📊 97% of apps track your personal data.
🔎 80% share it with third parties.
Foundation: 0% tracking. 0% data collection.
Your privacy isn’t a product. It’s a right.
Online, you don’t own anything:
• Subscriptions can be revoked.
• Accounts can be banned.
• Purchases can be “removed.”
• Exchanges can lock you out.
Bitcoin and Nostr: the only things online that can’t be taken from you.
Mt. Gox: 850,000 BTC gone.
FTX: $8B gone.
Celsius, BlockFi, Voyager: billions gone.
Every cycle proves the same point:
If it’s not in self-custody, it’s not safe.
The latest version of 2.0.2 is now published on all your favorite mobile platforms!
You can read the full release notes below:
Foundation
Envoy version 2.0.2 is now available
The latest version of Envoy – 2.0.2 – is now published on all your favorite mobile platforms! To download it, simply visit our download page or...
One day, the login will fail.
The exchange will be "down for maintenance."
The service will be "no longer available in your country."
And you'll wish you had it in your hands!
GM from Riga 🧡
