The purpose of this document is to detail the software specifications and security features used by OneKey Mini, Classic, and Touch.

The software used in OneKey devices is always open source and fully auditable. Everyone can look at the code used in OneKey devices and verify its integrity, find vulnerabilities, or suggest improvements and integrations.

We make OneKey completely transparent to remove the inherent need for trust and to share as much knowledge and ideas as possible with the broader community.

OneKey Mini & Classic

operating system

There are multiple layers of code to ensure the legitimacy and security of the operations performed by your device.

bootstrapping process

The bootloader is a simple program designed to install, update, and check the firmware loaded on OneKey devices. The bootloader checks the firmware for integrity and signatures, and runs it when everything is in order. This check is performed each time power is applied to the device. If the bootloader detects unofficial firmware, it displays a prominent warning on the device screen.

If the bootloader detects that both buttons are pressed or that there is no firmware on the device, it will start in firmware update mode (also known as "bootloader mode"), thus allowing firmware updates via USB.

Bootloader Essentials:upload, update, check firmware integrity; is updatable; signature for bootloader checks.


Firmware

A firmware is the program that operates your device. It's the code that performs most of the functions and features you use. Firmware is also critical to ensuring safe operation. Firmware can be updated directly from the OneKey App via USB and always requires physical confirmation (button press).

When updating firmware, the bootloader erases the memory on the device and restores it only after verifying the signature on the firmware. Downgrading firmware erases memory.

Firmware essentials :operate the device; check by bootloader; update regularly.

It is recommended that the device be updated with the latest firmware version.Updating the firmware is the only way to deal with certain known security vulnerabilities.

Authorisation

Physical access

OneKey devices implement several security measures to prevent unauthorized physical access.

Home screen - very useful

While adding a nice personal touch to your device, the home screen also serves an important function. Having a custom and unique picture helps the user identify the device as soon as it is turned on, thus acting as the first line of defense against the device being replaced by my malicious third parties.

Changing the home screen requires a PIN to be entered or it cannot be done. The same feature applies to the device label.

PIN - Protects the device

The PIN is the number you set when you first initialize your OneKey device. It prevents the device from being used by an unauthorized person.

Password - Protected Seeds

Password protection is an ingenious piece of OneKey security design. Unlike PINs, which are completely device-dependent and can be changed or disabled without affecting your account, password phrases are tied to your seeds.

By using a fully customizable phrase, you can add more entropy to the seeds loaded in your wallet. This builds a whole new hidden wallet "on top" of your seed. The password is not recorded anywhere on the device; therefore it is untraceable and unbreakable.

Restore the mnemonic: Here's your money

The Recovery Helper is the ultimate backup of all private keys and related data used and protected by your device.

OneKey Touch

Operating System

There are multiple layers of code to ensure the legitimacy and security of the operations performed by your device.

wheel loaders

The boardloader is the write-protected, embedded immutable code for the device. Its function is to load and check the integrity and signature of the bootloader. The main purpose of write-protection of the on-board program is to make it an immutable part that is resistant to code based attacks (e.g. BadUSB) and errors that can reprogram any/all embedded code. It ensures that only embedded code with verified signatures runs on the device (and runs the expected code, not skipped).It is not possible to update, modify or delete the boardloader.

Boardloader Essentials:embedded; unmodifiable; loads the bootloader and checks its integrity.


Bootloader

The bootloader is a simple program designed to install, update, and check the firmware loaded on OneKey devices. The bootloader checks the firmware for integrity and signatures, and runs it when everything is in order. This check is performed each time power is applied to the device. If the bootloader detects unofficial firmware, it displays a warning on the device screen.

If the bootloader detects a finger press on the display or no firmware on the device, it will start in firmware update mode (also called "bootloader mode"), allowing firmware updates to be performed via USB.

Bootloader Essentials:upload, update, check firmware integrity; is updatable; signature for bootloader checks.


Firmware

A firmware is the program that operates your device. It's the code that performs most of the functions and features you use. Firmware is also critical to ensuring safe operation. Firmware can be updated directly from the OneKey App via USB and always requires physical confirmation (tap the touchscreen).

When updating firmware, the bootloader erases the memory on the device and restores it only after verifying the signature on the firmware. Downgrading the firmware erases the memory.

Firmware essentials:operate the device; check by bootloader; update regularly.

It is recommended that the device be updated with the latest firmware version.Updating the firmware is the only way to deal with certain known security vulnerabilities.

Authorisation

Physical access

OneKey devices implement several security measures to prevent unauthorized physical access.

Home screen - very useful

While adding a nice personal touch to your device, the home screen also serves an important function. Having a custom and unique picture helps the user identify the device as soon as it is turned on, thus acting as the first line of defense against the device being replaced by my malicious third parties.


Changing the home screen requires a PIN to be entered or it cannot be done. The same feature applies to the device label.

PIN - Protects the device

The PIN is the number you set when you first run OneKey. It protects OneKey from unauthorized use.

Password - Protected Seeds

Password protection is an ingenious piece of OneKey security design. Unlike PINs, which are completely device-dependent and can be changed or disabled without affecting your account, password phrases are tied to your recovery booster.

By using a fully customizable phrase, you can add more entropy to the seeds loaded in your wallet. This builds a whole new hidden wallet "on top" of your seeds. The password is not recorded anywhere on the device; therefore it is untraceable and unbreakable.

Recovering Seed Phrases: Here's Your Money

Recovery Seed is the ultimate backup of all private keys and associated data used and protected by your device.