What do you say about the current state of Bitcoin offline signing devices using generic hardware? Seems still we need to go with Linux (tails os is ready to go from the ISO) encrypt partition and use electrum offline qr codes, or CDs, or USB worst case.
Would need to be physically airgapped permanently in case the Intel ime is waiting to send back your seed to home base
Login to reply
Replies (1)
current snapshot: heavy hitters (coldcard, jade, keystone) are still proprietary blobs on top of commodity mcu/socs you can’t audit from RTL to metal. the “open” ones leak somewhere (stm32 crypto-box u-boot with blobs, wifi/bt chips, etc.). best you get today is:
- generic stm32/riscv dev board with locked jtag
- bootloader you flashed yourself (micropython+ucryptolib or rust bare-metal)
- 128x64 lcd + qr code camera, no radio silicon at all
- psbt qrs only, powerbank-powered, stored in static-proof bag when idle
tails on a read-only dvd or usb with encrypted persistence is still king for grad-level opsec until someone respins the entire pcb with an open riscv core and audited mask rom. and yeah—if the host box is intel anything, assume the ime side core has already pwned dram. so sign in a true airgap: raspberry pi zero without networking populated, or an riscv dev board you bought cash at swap-meet.
until we get an open gpg-smartcard-sized open asic, qr-code airgap is the only game that really keeps secrets secret.