Upgrade Firmware

Learn how to upgrade here >

Current Version of Coldcard Firmware — Version 3.2.2

2021-01-14T1617-v3.2.2-coldcard.dfu released Jan 14, 2021.

NOTE: Releases 3.1.0 and later are NOT COMPATIBLE with Mk1 hardware. They will brick Mk1 Coldcards.

Video: How to Upgrade Firmware

Version 3.2.2 - Jan 14, 2021

• Major Address Explorer enhancements! Thanks go to @switck for this major feature bump.
  • View sub-accounts as exported, just enter the account number.
  • Multisig wallet support! (Caveat: addresses are for verification purposes and never for direct use as deposit, so they are partially redacted)
  • Enter any custom derivation path, by entering numbers directly; for gurus.
  • Warning screen can be suppressed after reading first time (press 6)
  • Export of addresses now named "addresses.csv" not ".txt"
• Bugfix: Disable a few more path derivation checks for "Skip Checks" for multisig compatibility. Handles error shown when working with previously-imported Spectre multisig wallets (ie. multisig.py: 891).
• Bugfix: Generic wallet export (JSON) name for BIP49 wallets changed from "p2wpkh-p2sh" to "p2sh-p2wpkh". Thanks @craigraw

Version 3.2.1 - Jan 8, 2021

• Major Multisig improvements! If you are using multisig features, please backup your Coldcard before upgrade, just in case (but shouldn't be a problem).
  • Tracks derivation path for each co-signer and no longer assumes they all use a shared derivation path. Blocks multiple instances of same XFP in the wallet (not supported anymore, bad idea). Various displays updated to reflect derivation path change. Text file import: "Derivation:" line can be repeated, applies to all following xpubs.
  • Show Ypub/Zpub formated values from SLIP-132 when viewing details of wallet.
  • Standardize on "p2sh-p2wsh" nomenclature, rather than "p2wsh-p2sh", thanks to @humanumbrella. For airgaped multisig wallet creation, you must use same firmware verison on all Coldcards or this change can make trouble.
  • Address type (p2sh-p2wsh, p2sh, p2wsh) is captured from MS wallets created by PSBT file import.
  • Can now store multiple wallets involving same set of XFP values, if they have differing subkey paths and/or address formats.
  • New mode which disables certain multisig checks to assist bug compatibility.
• Enhancement: Add support for signing Payjoin PSBT files based on BIP-78.
• Enhancement: Promoted the address explorer to the main menu. It's useful! (credit to @matt_odell)
• Bugfix: zero-length BIP39 passphrase, when saved, would cause a crash when restore attempted. We recommend longer passphrases, but fixed the issue.
• Enhancement: Move the "blockchain" setting deeper into the "Danger Zone" and add warning screen. This mitigates a concern raised by @benma (Marko Bencun) where an attacker could socially-engineer you to sign a transaction on Testnet, which corresponds to real UTXO being stolen. Only developers should be using Testnet.
• Bugfix: Display of amounts could be incorrect by a few sats in final digits.
• Bugfix: Incorrect digest method picked when P2SH-P2WSH incorrectly identified as plain P2SH.
• Bugfix: Better error reporting when importing bogus multisig wallet files.
• Enhancement: Files created on MicroSD will have date and time determined by the version of firmware that made them. Downstream systems might use this to know when the Coldcard should be upgraded, or which firmware version created the data. Idea from @sancoder
• Enhancement: Show version of secure element, under Advanced > Upgrade > Show Version.
• Enhancement: Improve 'None of the keys involved...' message to show XFP value actually found inside PSBT file.
• Enhancement: "Invalid PSBT" errors are shown with more information now.
• Paper Wallet features temporarily removed to free space; will return in future version.
• License changed from GPL to MIT+CC on files for which the GPL doesn't apply.

Version 3.1.8 and 3.1.9 - Aug 6, 2020

• Massive Enhancement: Optimized and improved drawing speed on screen, and responsiveness of keypad entry. You'll see some slight changes to login screen (centered now) and massive drawing performance improvements system-wide. Laggy and unresponsive keypad is no more!
• New feature: New setting, "Delete PSBTs", will blank and securely erase input PSBT files when they are no longer needed. Also renames signed transaction to be (txid).txn (in hex)
• Enhancement: The current XFP (xpub fingerprint) is shown on the "Ready To Sign" screen, if you have entered an BIP39 Passphrase.
• Enhancement: File names from SD Card are now shown in sorted order.
• Enhancement: Can show the SHA256(file contents) for any file on SD Card. Use Advanced > MicroSD > List Files and pick your file. Thanks to B.O. for this idea.
• Enhancement: Enable full BIP-85 support on older Mk2 hardware (derived entropy feature).
• Enhancement: Minor text changes based on feedback from customers.
• Enhancement: Two assertions promoted to text error messags related to bad PSBT files.
• (v3.1.9) Enhancement: Very minor change so that login feels more responsive.
• (v3.1.9) Bugfix: Small bug in production selftest. No other changes.

Older releases and their changes are listed here, the full source code, hardware details, and much more can be found in our repository on github.

Mark 1 Hardware (late 2017 / early 2018)

The Mk1 hardware is obsolete and no further updates will be made. The final version of firmware for the Mk1 is 3.0.6 (2019-12-19T1623-v3.0.6). Do not load any newer firmware version, as it will brick the device.

How To Upgrade

Upgrading Step By Step

Video: How to Verify COLDCARD's Firmware

1. Download and verify the latest firmware release.
2. Save the 20...-coldcard.dfu firmware file onto a SD card.
3. Power up your ColdCard and unlock it with your PIN.
4. Go to the Advanced > Upgrade menu and click on From SD Card.
5. After the confirmation dialog, ColdCard will upgrade and reboot (slow).
6. Type in your PIN again. Verify new version running with:
   Advanced > Upgrade > Show Version
7. If you powered down during this process, to get a green light again, you may need to use: Bless Firmware in that menu.

Advanced: Verify Your Downloads

The release binaries may be verified using this clear-signed text file and GPG. The commands are:

curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xA3A31BAD5A2A5B10" | gpg --import
gpg --verify signatures.txt

The first command imports the public key 4589779ADFC14F3327534EA8A3A31BAD5A2A5B10 and the second verifies the file's signature vs. file contents.

Don't forget to run SHA256 over the DFU files themselves, because that compares the actual file contents to what we have signed.

sha256sum 2019-12-19T1623-v3.0.6-coldcard.dfu

Github.com is also protecting us because it verifies on all commits against the developer's public keys, and keeps a history of changes.

Background

The upgrade menu allows you to load updated firmware onto the Coldcard.

The menu allows loading an upgrade file from a MicroSD card, but it can also be done using the command line tool, or from the Electrum plugin.

How to Upgrade

Show Version

Displays the version numbers that you have already.

From MicroSD

Select an upgrade file from MicroSD card and start the process.

Bless Firmware

Mark the contents of flash memory as "approved" and light the green "Genuine" light.

Upgrade Files

You need a DFU file for upgrades. It's about 690k in size and should have the extension .dfu.

The latest firmware will always be available in Github:

github.com/Coldcard/.../releases

All upgrade files must be signed by a Coinkite Inc. approved key, or the Coldcard will refuse to load and run them.

Bless Firmware

This command is not typically needed, but can be used to set the genuine/caution lights to green. Note that only the main PIN holder can do this. A normal firmware upgrade sequence does not require this action, but if the unit is powered down between installing the upgrade and the first successful login, then the light will be red, and will stay red until this command is used.

Downgrade Protection

In general, it may not be advisable to downgrade (return to an older release). Some releases will set a "high water mark" so the bootloader that will block any downgrade to earlier versions. We will do this if a bug or security problem with an obsolete release is identifed.

Need extra help?

Watch this Video: Secure Upgrade Firmware of ColdCard Mark 2 - Max Hillebrand