Product development is an iterative process. NGRAVE are constantly looking to improve our ZERO cold wallet; its functionality, usability and most importantly, its security. But to do this we need to upgrade the device firmware, the permanent software that sits in the device memory. This creates a potential Catch-22 situation as updating device firmware can itself compromise security. That’s why NGRAVE put as much focus on the update process as we do on the actual product improvements.
What is firmware?
Every physical piece of digital technology has software that enables it to function. Depending on the device’s complexity the software might be separated into different functions.
For PCs, firmware is the program - often described as BIOS - that boots the device up, before handing over to the Operating System within which individual applications run. In smartphones, the firmware includes a bootstrap loader, which runs prior to the operating system but hardware wallets require fewer commands and the firmware controls everything, from the operating system to the in-built applications.
So in order to make changes to how the NGRAVE ZERO functions the firmware needs updating in a process called flashing, which completely overwrites the existing firmware.
Why does NGRAVE’s firmware need updating?
NGRAVE is committed to offering users the highest level of secure crypto storage as well as the best usability. In order to maintain that commitment, we have to periodically update the device through the firmware to:
Add new features - Such as support for additional Coins
Improve existing features - Most important of which is security
Bug fixing - Fixing any known issues with firmware which we are constantly reviewing
NGRAVE maintains a page on our website detailing the latest firmware update. You can check what firmware your device is running by going to: Settings >> About this device. How does NGRAVE update firmware without compromising security?
We consider the NGRAVE ZERO to be the most secure cryptocurrency hardware wallet on the market. It was built following a ‘what if’ development methodology, considering all potential security risks and the scenarios that generate them.
Given our commitment to improving the ZERO, we regularly need to update the firmware that controls the device. This is the only occasion that the ZERO requires a USB connection to a computer and naturally represents one of the biggest points of potential vulnerability as it can - if handled poorly - open the door to malware.
NGRAVE takes every possible step to minimise risk. To receive new firmware, the ZERO boots in a separate, empty partition, specifically for the purpose of receiving the update, which is cryptographically signed by NGRAVE’s secret keys.
This will also trigger the Integrity Verifier, a trademarked technology (ARM®TrustZone®) that checks during the update process that the NGRAVE software stack side of the platform is free from unintended modifications, and has no alien tasks running.
So a new firmware is both verified and received in isolation. That partition provides total separation between the update process and any software actually running the device.
Subscribe To The NGRAVE Academy
Knowledge for all levels. Join our newsletter to receive the latest articles.
The Integrity Verifier will also run at every boot to continually verify that only the genuine software is running, without unauthorised modification, ensuring authenticity and integrity.
To prevent any possibility of malicious firmware being added directly to the chip any debugger access has been disabled. Even if the chip were exposed, there would be no way to modify the currently loaded firmware as we've iterated the ‘what if’ approach, and addressed the possibility of modifying the bootloader responsible for the verification of the firmware.
The relevant part of the chip is locked from write access, encrypting its contents and employing the basic hardware and firmware authenticity protections provided by the Micro Processing Unit’s (MPU) TrustZone® module.
Any attempt to access the chip in any other way will trigger the tamper response described earlier which would wipe the stored secrets.
In this way, the NGRAVE ZERO operates in a similar way to the fictional cryptex device author, Dan Brown, introduced in the ‘Da Vinci Code’ and attributed to Leonardo Da Vinci. A small, portable, cylindrical vault protecting secret codes written on paper, and opened by aligning five disks featuring letters of the alphabet. The codes inside would lead to the Holy Grail, but align the disks incorrectly and the cryptex would break a vial liquid inside destroying the paper contents.
Our Step-by-Step guide to updating Firmware
As well as taking every precaution to ensure that the internal process of updating the NGRAVE ZERO’s firmware is as safe as possible, we’ve also produced a guide to walk you through the process.
Our guide provides in-depth instructions but here is a summary of what you’ll need to do to update your device firmware:
You’ll need a computer running on Windows (ideally Windows 10 or greater) or macOS (12 or above).
If you use a laptop, make sure it is charging.
Make sure your ZERO is fully charged.
You’ll need your ZERO USB cable and if your computer has no USB port, make sure you have a USB adaptor.
The guide then walks you through a three-step process:
Downloading the Firmware Updater installer.
Installing and starting the Firmware Updater.
Upgrading your ZERO by following the steps in the Updater tool.
You might be thinking that this sounds like a load of hassle so you’d prefer to not bother updating the firmware but that defeats the object of protecting your crypto. Updating to the latest firmware will maximise security as well as expand the functions of your device.