I have been experiencing some issues with the passport Prime.
The magic back up, doesn’t back up the files, 2FA or Keys. Even if I create the back up file (settings.tar) of the entire device, there is no way to restore it when initializing the device back again after a reset.
The vault doesn’t let me add different seeds than the ones that it creates. It is just a BIP-85 implementation to generate seeds. Therefore the name Vault seems a bit misleading. I also think it would be very important to explain (on the device, not just the documentation) that the seeds created are derived from the main seed so people don’t make mistakes. The passwords do not implement BIP-85, the passwords are just for storing outside created passwords. It would be great if the vault allowed storing external generated seeds (like the coldcard Q) and the creation of BIP 85 passwords (Like the Krux). Being able to load the seeds created on the vault into the wallet itself would also be a useful thing to have.
I spent a lot of time trying to make keys work without much success. I tried to set them up with a google account. Making google register them has been difficult although sometimes they work after turning off and on the device, however even after managing to register them, they don’t seem to work to log back into the account. I tried NFC and USB. I was able to make the keys work with Binance though, so I am not sure if I am doing something wrong with google, or something else is going on. Has anyone managed to make them work with a google account?
It is not possible to import from Aegis into the Prime a 2FA QR code that contains this symbol “:” in the account field. 50% of my entries in Aegis contain that. It is also not possible to import from google 2FA either.
Sometimes the screen feels very unresponsive when pressing buttons (It doesn’t always happen though, so not sure what it might be)
There are also some minor bugs, but I am sure they will all be resolved with time.
If anyone experienced some of this issues and found a workaround (specially the back up issue and the keys+google), I would appreciate the feedback. Thanks!
Hey @asd thank you for posting all this info! Will reply bullet by bullet, hope I don’t miss anything:
The magic backup doesn’t back up the files (yet!), but it should back up the 2fa codes and keys. The magic backup works with Envoy though, not with the settings.tar file. That would be the manual way of restoring your passport prime. As you can read in this thread, we currently only have magic backups implemented, and we are planning on implementing the manual recovery flow in a future release. I am curious about why you said it doesn’t back up the 2fa or keys though, how did you get to this conclusion? I just want to double check, as you might have uncovered a bug.
You are correct, the current implementation of the Vault is a bip85 seed generator. We are planning on expanding and improving its capabilities to include bip85 passwords (internal code SFT-4740), and importing externally generated seeds like you mention (nternal code SFT-5877), so i can confirm these are in the roadmap. However you might be right in that we could maybe do a better job at explaining that the seeds are derived from the master seed on device. I will add an item to our backlog to look into this.
We currently only support some basic authentication methods like FIDO, more advanced forms of authentication like FIDO2 and passkeys are in the pipeline. It’s possible that Binance uses a protocol we support now, but you tried to register a FIDO2 key with google? However, the turning off and on the device does sound like we might be looking at a bug, please reach out to hello@foundation.xyz for guidance - your logs might be very valuable to hunt down what happened!
This sounds like a bug, I opened an internal ticket to look into it (SFT-6804)
Does this happen in any particular screen or do you mean in general? It’s possible that some actions need time to load the app and we missed to add some visual feedback that work in ongoing. Like when you tap the bottom left button to open the main menu, there’s a spinner that shows. The work is happenning in the background, but you have visual feedback, so it feels “responsive”. But maybe we missed this visual cue in some places and so even though the app is working in the background it feels unresponsive?
Again, thank you for all this feedback! This feedback is crucial for us to improve Passport Prime so please any other bug report or anything else you want to share with the team - know that we are reading these posts! Thank you!
Yesterday, I used the magic backup a bunch of times and it wasn’t bringing keys or 2FA back upon recovery. I tried again in the evening (Doing exactly the same steps as earlier, but making sure on clicking back up before erasing the device) and it worked. Either there is a bug, or the back up was not going through earlier. Will keep on testing.
These features are very important. Hopefully can get implemented soon. Specially the import of external seeds (Which should be pretty simple to do, I believe)
I think there is definitely some kind of bug here, I kept on trying last night and it is possible to register the keys in a google account (usually after turning off and on the device), but once they are registered, I wasn’t able to use the device to sign in (even after putting the password). I have a bunch of YubiKeys, and I set them up with the same process and those work fine. If google let’s me register the key on the Prime, it should be also able to use it to login. For reference, I am using a google account (incognito mode) on my android phone (S21 ultra) via NFC and USB.
thanks!
It happens in general, I haven’t been able to pinpoint the reason. It is like I press buttons and they either don’t register or take long to do their thing. I feel like I have to process some buttons multiple times in order for them to work. Like the touch area for certain buttons is small. I am not sure how to explain it more clear as I haven’t been able to pinpoint when it happens (It’s not with every button and not all the time)
Since you are asking for more feedback.
The Internal/Airlock/External button is too small to be able to select the proper option. I don’t consider my finger big, and I still have a hard time selecting the right option on the first touch.
There is a very minor bug where in the 2FA, if the label is too long it overlaps the back and edit buttons.
This might be an issue with my phone (I don’t know) but when scanning the device with envoy to connect it for the first time, the envoy app seems to not be able to focus properly on the QR codes. It used to happen with other software wallets in the past, but a bunch of them added an extra button to make the camera behave differently. Nunchuk on Android has it for example. When you try to add a new key via QR code there is a button with an icon of a camera in google colors (red, yellow, blue and green) and when pressed it seems like the camera behaves differently and it is able to focus on QR codes properly. Maybe you could implement something like that. I suspect that is an Android issue.
Another small bug is that when you set up a wallet, it defaults to Native segwit script (which I think is good), but when you go to the addresses explorer it opens Taproot addresses by default. I think it should open Native segwit (at least for now) specially if Envoy uses native segwit by default.
Not sure if it would be possible, but the QR scanner in the home menu at the bottom right should also be able to scan 2FA QR codes as well, not just PSBT transactions.
It would be great to have an option to set up the wallet without having to connect it via Bluetooth to use it as an airgap device with another software wallet. Basically as it is now, if you don’t have a phone with envoy, it is impossible to use the device (if it wasn’t set up previously)
When plugged into the computer the storage shows up as 31.9GB is the OS and the System overhead taking 18.1GB?
It would be great if simple or very common files like a .txt or .jpg were possible to open from the device to be able to see/read them or edit them.
Lastly, the device is great, physically speaking and all the issues are software related, and can be fixed in the future I would hope. For a product that was delayed an entire year, I was expecting the device to work flawlessly and be more polished in terms of features. I have more than 50 2FA codes on my phone that I am not able to import into the device neither from google authenticator nor Aegis nor manually entering the back up codes because it only allows for QR scanning. I have multiple google accounts that I cannot secure with the device either, I haven’t tried Microsoft yet or others besides Binance (which worked) and google. The magic back up doesn’t work for files yet. So overall I am a bit disappointed. Hopefully it doesn’t take too long to get everything closer to the finish line.
I’ll tackle the second half of the message - as for the first half, everything has been acknowledged. Please report back if you have any more findings in the magic backups/google login fronts - we will look into it regardless. About the buttons and loading times same feedback, if you pinpoint any one button in particular that you find particularly difficult to tap please let us know, it’s possible that some buttons have a smaller active area than others and we were overly confident in its size.
Now, for the second half of your message:
The Internal/Airlock/External pill is a tricky one indeed. With the current implementation, you can tap the active tab for it to rotate right once with every tap, or try and nail the exact tab you aiming for. That is to say, if you are in Internal, you can tap “Internal” for it to rotate right to “Airlock”, and tap “Airlock” for it to rotate right to “External”, and then tap “External” for it to rotate back to “Internal”. However, we are looking into ways of making this pill a little bigger and easier to tap.
Created internal tracking issue (SFT-6809) to tackle this visual 2FA bug - thank you!
I have looked into how Nunchuk implements this, and based on what I could find out it looks like they rely on a regular android camera library for the scanner (the same one Envoy uses), but if you tap that button they switch this to the google camera scanner library (CameraX + ML Kit) which has more modern and powerful autofocus. I checked in with AI about that specific library and this is what I got back: “The caveat: The ML Kit SDK still collects some diagnostic/analytics telemetry — device info, erformance metrics, session IDs, and potentially IP addresses when the SDK initializes. Google says this data is encrypted in transit and not shared with third parties, but it’s still phoning home with something”. I will chat with the team about this, but us being a privacy minded company where all our decisions run around how we can prevent learning information about our users and how we can preserve their privacy, adding a google button doesn’t feel like the right path for us. Still, there might be something we can do here, so I will add an item to our backlog to look into how to improve our autofocus (ENV-2884). In the meantime I suggest you try increasing the brightnes of Passport Prime and tapping the QR code in your phone’s scanner for Envoy to focus. Also, if it’s the first QR you are trying to scan, remember you can use your phone’s camera app as suggested by Passport Prime’s on screen text, and it should recognize the link as belonging to Envoy, then opening it should launch Envoy just as if you scanned the QR code from Envoy. Hope this helps!
Good catch! On the one hand, taproot is the more modern address type and is an improvement over “regular” segwit (in fact it is segwit v1 vs the “regular” segwit which is v0). On top of that, eventually users might not use Envoy and might use Passport Prime with Sparrow or other wallet, so defaulting to what Envoy defaults to might not be the best move. However, the point is still valid and we might want to make sure both default to the same type even if it’s for consistency’s sake, so I added an action item for us to look into it (SFT-6811). Thanks!
Yes! This is already in the works. We plan the home screen scanner to be able to digest more than just PSBTs. But also, if you install more than one app that can handle any given type of QR code, you would have to choose what app that is, and we also thought about that, quick snapshot below ;). It is planned for the near future, but cant really give you a timeline right now.
Yes, this requirement to use Envoy is a limitation we are fully aware of. Like we did with Passport Core, we want to give our customers the option to set up Passport Prime without the need for Envoy, and that is something we are actively working towards. Using Envoy was the easiest first step, a stepping stone to keep building towards a fully independent Passport Prime. Again, I cant give you tielines for this feature, but I can guarantee you it is in our roadmap =)
Passport Prime has a theoretical eMMC of 64Gb, from which around 58Gb are real storage. We reserve 8Gb for the OS and any future apps to handle their encrypted data. The remaining 50Gb are for you. However, the Airlock is formatted to 32Gb (minus FAT overhead), that’s what you on the OS side. It is implemented as a dynamically sized disk image on Internal, so the sum of Internal files, app data and airlock can go up to 50Gb, just not able to handle more than 32Gbs at the same time. Think about it like a shopping cart to take the groceries to a bigger car. In total between internal and airlock, you have 50 Gbs. At any given time, in Airlock you can only have 32Gb. So you can dump 18Gb to internal storage and still have 32 Gb of airlock. Or dump 32Gb to internal storage and then you would have 18Gb of airlock. Makes sense?
This is also planned but without a timeline, yes. We want Prime to be a fully functional offline data handler.
I understand the frustration, and I would want to apologize again for the delay. Building an OS from scratch was a massive task that we clearly underestimated. Building a clean and nice interface and user experience takes time - more so than we anticipated. There is no way around that, we are not happy about the year long delay either. However, we can only just keep pushing forward, keep building and keep delivering, and with the help of people like you is how we will achieve it. So again, thank you for all the feedback and thank you for your patience!
Great! Thank you again for your fast and in depth response, it is very helpful.
A solution for the taproot/native segwit addresses explorer thing could be to have a menu right after pressing Addresses explorer where you need to select the type of script and then it shows the current screen with the appropriate script addresses. I would also recommend to still leave the switch at the top right to change it again in case the wrong script was selected by the user.
Hey @asd - came here to say that KeyOS 1.2.1 is out, with Envoy open and active, and with bluetooth on (AKA, QuantumLink connected), you should be able to go to Settings → Update → Check for New Version and find and install 1.2.1. This version addresses one of the biggest misses in all of your feedback: the inability to add 2FA codes that contained a colon in the issuer or name. You should now be able to import these without any issues. We are still working through the rest of the list but couldn’t sneak in any of the other fixes in time for 1.2.1.
Hope this now works for you! Let us know with anything else =)
