Upgrade Firmware

Learn how to upgrade here >

Current Version of Coldcard Firmware — Version 3.1.0

2020-02-20T1448-v3.1.0-coldcard.dfu released Feb 20, 2020. IMPORTANT: This release is NOT COMPATIBLE with Mk1 hardware. It will brick Mk1 Coldcards.

Version 3.1.0 - Feb 20, 2020

• HSM (Hardware Security Module) mode: give Coldcard spending rules, including whitelisted addresses, velocity limits, subsets of authorizing users ... and Coldcard can sign with no human present. Requires companion software to setup (ckbunker or ckcc-protocol), and disabled by default, with multi-step on-screen confirmation required to enable. Mk3 only.
• Enhancement: New "user management" menu. Advanced > User Management shows a menu with usernames, some details and a 'delete user' command. USB commands must be used to create user accounts and they are only used to authenticate txn approvals in HSM mode.
• Enhancement: PSBT transaction can be "visualized" over USB, meaning you can view what the Coldcard will show on the screen during approval process, as text, downloaded over USB. That text can be signed (always with root key) to prove authenticity.
• Enhancement: Sending large PSBT files, and firmware upgrades over USB should be a little faster.
• IMPORTANT: This release is NOT COMPATIBLE with Mk1 hardware. It will brick Mk1 Coldcards.

Older releases and their changes are listed here, the full source code, hardware details, and much more can be found in our repository on github.

Mark 1 Hardware (2018)

The Mk1 hardware is obsolete and no further updates will be made. The final version of firmware for the Mk1 is 3.0.6 (2019-12-19T1623-v3.0.6). Do not load any newer firmware version, as it will brick the device.

How To Upgrade

Upgrading Step By Step

1. Download and verify the latest firmware release.
2. Save the 20...-coldcard.dfu firmware file onto a SD card.
3. Power up your ColdCard and unlock it with your PIN.
4. Go to the Advanced > Upgrade menu and click on From SD Card.
5. After the confirmation dialog, ColdCard will upgrade and reboot (slow).
6. Type in your PIN again. Verify new version running with:
   Advanced > Upgrade > Show Version
7. If you powered down during this process, to get a green light again, you may need to use: Bless Firmware in that menu.

Advanced: Verify Your Downloads

The release binaries may be verified using this clear-signed text file and GPG. The commands are:

curl https://pgp.key-server.io/download/0xA3A31BAD5A2A5B10 | gpg --import
gpg --verify signatures.txt

Please look for signing key: [4589779ADFC14F3327534EA8A3A31BAD5A2A5B10](https://pgp.key-server.io/pks/lookup?op=get&search=0xA3A31BAD5A2A5B10)

Don't forget to run SHA256 over the DFU files themselves, because that compares your actual file contents to what we signed.

sha256sum 2019-12-19T1623-v3.0.6-coldcard.dfu

Github.com is also protecting us because it verifies on all commits against the developer's public keys, and keeps a history of changes.

Background

The upgrade menu allows you to load updated firmware onto the Coldcard.

The menu allows loading an upgrade file from a MicroSD card, but it can also be done using the command line tool, or from the Electrum plugin.

How to Upgrade

Show Version

Displays the version numbers that you have already.

From MicroSD

Select an upgrade file from MicroSD card and start the process.

Bless Firmware

Mark the contents of flash memory as "approved" and light the green "Genuine" light.

Upgrade Files

You need a DFU file for upgrades. It's about 690k in size and should have the extension .dfu.

The latest firmware will always be available in Github:

github.com/Coldcard/.../releases

All upgrade files must be signed by a Coinkite Inc. approved key, or the Coldcard will refuse to load and run them.

Bless Firmware

This command is not typically needed, but can be used to set the genuine/caution lights to green. Note that only the main PIN holder can do this. A normal firmware upgrade sequence does not require this action, but if the unit is powered down between installing the upgrade and the first successful login, then the light will be red, and will stay red until this command is used.

Downgrade Protection

In general, it may not be advisable to downgrade (return to an older release). Some releases will set a "high water mark" so the bootloader that will block any downgrade to earlier versions. We will do this if a bug or security problem with an obsolete release is identifed.

Need extra help?

Watch this Video: Secure Upgrade Firmware of ColdCard Mark 2 - Max Hillebrand