⭐ Merited by JayJuanGee (1)
Keystone is not open source, and I have been considering writing a blog posts that dives into their claims.
I would be interested to read that blog post, and I know WalletScrutiny could not verify source code for older version but that was one year ago.This is not the first time I saw companies from China doing modification on source code like this.
What about their secure element firmware? Looks like that code can only be compiled with proprietary ARM software called Keil. https://github.com/KeystoneHQ/keystone-se-firmware
I don't think there is any open source secure elements yet, so that means that all hardware wallets have weak spot here.Not that I am comparing this with Keystone example.
Additionally, there is no information as to who even makes their secure element. It's some kind of white labeled processor. https://github.com/KeystoneHQ/Keystone-developer-hub/blob/main/hardware/Keystone_V1.02_BOM.xls
This is for older device, I am not sure they released code for new devices yet.They changed it now and they released in public name of all secure elements, one of them is the same chip like Passport is using.
ATECC608B + Maxim DS28S60 (+ Maxim MAX32520 that is used only for Keystone 3 Pro version)
Hopefully Keystone 3 will actually be open source, but I am growing tired of hardware wallet companies hiding behind false claims of open source. It really damages the definition and I consider it attack on the FOSS movement.
I agree with this.When I asked Keystone CEO all this questions he refused to tell me more information, I think becasue they have signed some NDA crap.
