OpenHWW: Dedicated OpenBSD Laptop As Hardware Wallet iconMineXMR2 | OpenHWW

OpenHWW: Dedicated OpenBSD Laptop As Hardware Wallet icon 2OpenHWW

Ultimately secure replacement of hardware, software wallets for all the cryptocurrencies and digital assets. No more Ledger, Atomic heart bleeding

—Give us your old-OpenBSD meme image-school cryptos!—

Proposed 2023-05-08

We believe the recent disasters with hardware, software wallets (Ledger, Atomic) have been caused by fundamental misunderstanding the Security by Isolation concept, leading to blind trust in proprietary 3rd-parties
Whitepaper
Turn your dedicated Intel/AMD x86-64 laptop or ARM64 dashboard running OpenBSD into ultimately secure Hardware Wallet. Also it can be a VirtualBox or Qubes OS virtual machine.

Official Monero CLI suite, Feather Monero Wallet and Bitcoin Electrum are already working. Depending on your wish, they all can be configured to connect the Internet via tor/tor browser only.

The nowadays scandals around Ledger hardware wallet (and inherently all the proprietary hardware wallets) as well as Atomic software wallet (and inherently all the closed-source software wallets) have inspired us to bring the only true fundamental solution for a hardware/software wallet: a dedicated laptop running OpenBSD on a SOFTRAID encrypted disk with disabled Intel ME/AMD PSP CPU manufacturer's spyware. Alternatively one can use a palette of ARM64 dashboards compatible with OpenBSD since ARM processors are typically too simple to have an "ARM ME".

Currently, official Monero CLI wallet has been successfully ported to OpenBSD. Also Bitcoin Electrum and Monero Feather wallets have been ported too. It just needs a time to write the build instructions. Screenshots for them are available now. All the apps work fine via tor/tor browser as well! We strongly believe every advanced crypto user MUST compile the wallet software himself from their open sources, as it is directly required by the entire Crypto philosophy.

Each crypto wallet on OpenBSD will be stored under separate user login and running on the current user's X Window system using original wallet login name. All the wallet users are unprivileged and thus completely isolated from each other. Customer can't accidentally wipe out the software. Also potential malware caught by one login name can't propagate to another one. And of course, customer can't catch a virus, because Firefox and Tor Browser are running from their own login names or even chroot or vmm hypervisor.

The goal of this project is to provide fully automated open source scripts that build the open source wallet software on the customer's dedicated laptop or virtual machine. The whole setup will be as easy as "git clone <repo-name>; make; make install".

In fact, OpenBSD is an easy to use operating system that nevertheless calls a "holly thrill" in a mid customer mind. We are here to break that thrill and bring OpenBSD into the Crypto world as a Gold Standard of the finance security. OpenBSD ships with extremely lightweight yet fully customizable xenodm display manager & fvwm window manager that both can resemble Microsoft Windows in base GUI interactions. VirtualBox OpenHWW images will be available soon for playing and testing purposes.

There are customers that can't dedicate a whole separate computer to serve as a hardware wallet. No problem. They can create and bootstrap a VirtualBox or Qubes OS virtual machine from the same open source install script. Also there will be ready-to-use virtual machine images available for download and testing as well.

What another crypto wallets do you want to be ported and incorporated into fully automated build script on a OpenHWW platform? Write email to: minexmr2@tutanota.com.

Frequently Asked Questions
Why do you call it a Hardware Wallet, why not Tails or Qubes OS, etc.

Q: Indeed, it seems like a software distribution, why do you call it a Hardware Wallet?

A: OpenHWW is not just a software distribution. Pedantically said, it is a Hardware Wallet:

  • Hardware, because it is a completely isolated, separate device with disabled totalitarian 1984 state spying firmware (Intel ME, AMD PSP, etc.). Also compatible ARM64 dashboards like Raspberry PI can be used as well, because their ARM chips are too simple to have ME ("Malware Engine") or even completely open source.
  • Wallet, because the software installed is fully dedicated to serve the Special Purposes Only (crypto-financial operations). Customer can't download, install something else (it could be forced only under root with extra tribal dances: I'll plan to disable pkg_add by default).

Q: This is not a Hardware Wallet if it is actually connected to the internet?

Hardware wallet is, by definition, a "small" and "hardware" device running specific software that can sign a transaction to be spent on a customer's request. The nuances come with what is "small enough", "hardware enough", and "could it do something extra than sign a transaction (preserving the security level of a "classic" hardware wallet)".

The solution I propose can be:

  • "small enough", if running on an ARM64 dashboard at price some $40 or even on a bootable USB-flash that is much cheaper
  • "hardware enough" if running on a dedicated device or as a dedicated VM in a highly secure hypervisor like QubesOS. You can call the latter variant "Virtual Hardware Wallet"
  • "could it do something extra than sign a transaction (preserving the security level of a "classic" hardware wallet)", yes, OpenHWW can also broadcast the transaction signed, and even maintain the full blockchain node (that strengthens the security of overall solution); to be pedantic, a signing part of the wallet software (for example, in Monero, it is monero-wallet-rpc) must run in an isolated environment without Internet access. In OpenBSD it is achieved by pledge system call after chroot.

Q: Why don't use Tails instead?

A: Tails got popularity since Snowden mentioned it as a tool that helped him to stay anonymous in Internet. And Tails is actually a Linux distro that focuses on anonymity in Internet. But anonymity does not equal to security. That are separate notions just closely related to each other. Hardware Wallet requirements include security mandatory, but anonymity is an option. Also the devs team behind Tails is not THAT trusted as devs team behind OpenBSD. And inherently, being a Linux distro, Tails has some potential security problems of Linux.

Q: Why then not Qubes OS?

A: Qubes OS is a top 2 good choice after OpenBSD that is top 1. We do strongly respect the founder Joanna Rutkowska and recommend Qubes OS for those customers who don't have a dedicated laptop to run OpenBSD. We plan to test whether OpenBSD can run as HVM under Qubes OS. If so, it should be wonderful, since having a running host Qubes OS in dom0 you still have to choose guest OS running in domU as a Hardware Wallet, because Qubes OS does the isolation job, while what happens in a HVM remains in a HVM. If someone can attack your HVM OS and steal your wallet's private keys, Qubes OS just guarantees the attack will not propagate onto other domU HVMs or dom0 Qubes OS hypervisor.

Screenshots
SOFTRAID disk encryption passphrase at boot, Xenodm login screen, Monerod running, and more

Trailer screenshot 1. OpenBSD boot. Type your passphrase for a SOFTRAID encrypted disk. OpenHWW: OpenBSD boot. Type your passphrase for a SOFTRAID encrypted disk

Trailer screenshot 2. OpenBSD xenodm login. Type your username and password to login into a system. OpenHWW: OpenBSD xenodm login. Type your username and password to login into a system

Trailer screenshot 3. OpenBSD fvwm desktop. Right-click the screen by mouse to see a context menu like in Windows OS. OpenHWW: OpenBSD fvwm desktop. Right-click the screen by mouse to see a context menu like in Windows OS

Trailer screenshot 4. OpenBSD fvwm desktop running monerod & monero-wallet-cli. Wait for full blockchain sync, then type you Monero wallet file name. OpenHWW: OpenBSD fvwm desktop running monerod & monero-wallet-cli. Wait for full blockchain sync, then type you Monero wallet file name

Trailer screenshot 5. OpenBSD fvwm desktop running Monero Feather Wallet. It is working via Tor for the best anonymity. OpenHWW: OpenBSD fvwm desktop running Monero Feather Wallet. It is working via Tor for the best anonymity

Trailer screenshot 6. OpenBSD fvwm desktop running Bitcoin Electrum Wallet. It is working via Tor for the best anonymity. OpenHWW: OpenBSD fvwm desktop running Bitcoin Electrum Wallet. It is working via Tor for the best anonymity

Trailer screenshot 7. OpenBSD lock screen. Just type your password to resume your work. OpenHWW: OpenBSD lock screen. Just type your password to resume your work

Please Donate!
Your donations are ultimately welcome

If you find OpenHWW as a good project to support the secure replacement of a hardware wallet, please donate XMR or BTC to further development. Our goal is to bring all the hardware wallet capabilities to every Crypto customer, without time/resource costs, by running fully automated build scripts in a unified, reproducible OpenBSD environment.

Donate XMR: 4AoKL73JHbJWSws7exQyxMYwgEvqkrpxX6hiLwLA8YXyESLHVCk7r9djR8fmeaDMSABCryvu1PjUGDYmQnkBNHum9NhDpbW

Donate BTC: bc1qmg0jc8lnsqx82096cknfn9a8q6e723gm3kw23t

2023-06-05. First trailer screenshots running Monero Feather Wallet and Bitcoin Electrum Wallet via Tor have been added.
2023-06-01. First trailer screenshots running monerod & monero-wallet-cli have been added. Introduction has been written.

Support email if something goes wrong (especially with SOFTRAID disk encryption): minexmr2@tutanota.com.