Bitcoin.org
Bitcoin.org copied to clipboard
bitcoin-dot-org
KeepKey marked as "fully transparent", however does not have open source hw design
Keep key doesn't have a fully open source design. In particular its hardware design isn't open source, whereas for example Trezor and Coldcard (at least) are. I don't think we should say Keepkey is "fully transparent" given that that's the case.
That criterion refers to the software, not the hardware, as explained in the description. (By the way, I assume you mean "Complete transparency" and not "fully transparent." There is no "fully transparent" scoring.)
I may be getting off on a tangent here, but I don't believe any of the wallets that are listed truly qualify yet as open source hardware (based on the definition of being useful to someone auditing the entire system) because the chips used in these devices are not open source. I don't believe that simply disclosing a wiring diagram or a PC board is a useful distinction in this context.
I assume you mean "Complete transparency"
Yes, that's what I meant.
the chips used in these devices are not open source
True, but I think its important that the producers of hardware wallets make their designs as open source as possible - regardless of the licensing status of the parts they source elsewhere. Until we demand it, companies won't do it. We've discussed some of this in https://github.com/bitcoin-dot-org/bitcoin.org/issues/3164 . You asked me for a definition of open source hardware, and I think maybe we can define two levels:
- Not fully open sourced designs
- The hardware designs of the product are fully open source, including what externally-sourced parts are bought from whom and how they're wired up, so customers can verify that the hardware looks like it is manufactured according to the design (eg in a tear down).
- Fully open sourced hardware, where not only are the immediate company's designs open sourced, but all sub components are also open source.
These three levels correspond with three levels of practical verifiability. Level 0 obviously offers no hardware verifiability, level 1 allows customers to verify that the company selling the hardware is operating honestly, and level 2 allows customers to verify that all manufacturers in the supply chain are operating honestly (at least for a given inspected unit).
yet
That's great, thanks for the link! I was aware Trezor was doing this but hadn't seen the video.
As I commented in #3164 and above I don't believe we have any wallets that qualify for levels 1. or 2, and I don't think we should make any changes to our scoring at this point, but rather wait until we have new (or updated) wallets that are worthy of some updates.
@fresheneesz You might want to take a look at some very impressive work by @3rditeration in his KeepKey DIY hardware guide. There's also a YouTube video detailing the process. I want to be clear that I don't believe that this makes KeepKey any more or less "open source" (so I guess that means this comment is mostly off topic on this issue, but I couldn't resist mentioning it).
Thanks :)
The Keepkey profile on Twitter seems quite positive about the content so I have also asked whether they might consider adding it to their Github (I will bring a PR if they are open) and/or releasing some of their official hardware docs that have not been released up until now.
Edit: Looks like they have forked the repo onto their official one and will be preparing a blog post to release some more information in the future. :)
