PreSaleCryptoBMIC

self-custody · NOT quantum-resistant · score 7.5/10

Foundation Passport Review: Honest Take From a Skeptic

Foundation Passport review for retail Bitcoiners burned before. We dig into the hardware, the firmware, supply chain risk, and what we couldn't verify.

Pros

  • Bitcoin-only firmware reduces attack surface vs multi-coin devices
  • US-assembled with publicly documented supply chain (Foundation has published assembly photos and component sourcing notes)
  • Open source firmware (GPLv3) auditable on GitHub
  • Removable AAA batteries and microSD-based airgapped signing supported
  • Secure element (608-based) with anti-tampering meshes documented in their security model

Cons

  • Price sits at the high end of the hardware wallet market (USD 199-249 depending on variant as of early 2026)
  • Bitcoin-only by design — not useful if you also hold ETH, SOL, or stablecoins
  • Smaller user base than Ledger or Trezor, so fewer independent third-party audits
  • Not quantum-resistant (uses standard secp256k1, like every other Bitcoin wallet today)
  • Companion app (Envoy) is the smoothest path; CLI/PSBT users will find workflows possible but less polished

Foundation Passport Review: Honest Take From a Skeptic

If you’ve landed on this Foundation Passport review, you’re probably already past the “should I self-custody” stage and are picking between Passport, Coldcard, Trezor Safe, and the various Ledger models. Good. That means you’ve internalized that leaving coins on an exchange is how people lose them — see our breakdown of exchange collapses and what they teach us about custody.

We’re going to be blunt: no hardware wallet is perfect, Foundation Passport included. This review covers what the device actually does, where it cuts corners (it does), and what we genuinely couldn’t verify ourselves.

What the Passport actually is

Foundation Devices ships two current-generation models: the Passport (Batch 2 / Gen 1.2) and the newer Passport Core, both Bitcoin-only hardware signers. The device is fully airgapped — there is no USB data line for signing, only a charging-only USB-C port and a microSD slot. Transactions are signed via QR codes scanned through the camera, or transferred via microSD as PSBTs (Partially Signed Bitcoin Transactions, the BIP 174 standard).1

The firmware is open source under GPLv3 and is hosted publicly on Foundation’s GitHub.2 That matters because closed-source signers force you to trust a vendor blindly. With Passport, anyone with the skill set can audit the signing logic — and a few security researchers have, which we’ll discuss in the limitations section.

The security model — what we like

Three things stand out:

Airgap by default, not as an option. Coldcard offers airgap mode but allows USB signing too, which has historically widened the attack surface. Passport simply doesn’t have that mode. If you compromise the device’s USB connection, you still can’t extract keys or sign anything because the data lines are physically not there.

Verifiable supply chain. Foundation publishes assembly photos and has stated multiple times that final assembly happens in the US, with components inspected before flashing.3 Compare that with the 2020 Ledger data leak, where a marketing database — not keys — was exposed but customers received physical phishing devices in the mail.4 Your hardware wallet’s threat model includes the postman.

Bitcoin-only firmware. Every line of code that doesn’t ship is a line of code that can’t have a vulnerability. If you only hold BTC, this is a feature, not a limitation. If you also hold altcoins, see our multi-asset wallet shortlist for alternatives.

Where it falls short

Price. At roughly USD 199-249 depending on which generation you buy, Passport is more expensive than a Trezor Safe 3 (USD 79) or a Ledger Nano S Plus (USD 79). You are paying for the airgap, the secure element, the screen, and the camera. Whether that’s worth roughly 2.5x the price depends entirely on the size of the stack you’re protecting. For under USD 5,000 of BTC, it is genuinely hard to justify over a Trezor.

Smaller audit surface. Ledger and Trezor have been ripped apart by security firms for nearly a decade. Passport’s firmware has been audited (Foundation has published reports), but the volume of independent third-party scrutiny is smaller simply because the user base is smaller. That’s not a vulnerability in itself — but it is a known unknown.

Not quantum-resistant. Like every other Bitcoin wallet on the market today, Passport uses ECDSA over secp256k1. If the threat of cryptographically relevant quantum computers worries you, read our overview of post-quantum risk for Bitcoin. The short version: this is a Bitcoin protocol problem, not a Passport problem, and switching to a different hardware wallet won’t fix it.

Envoy app reliance. The companion mobile app (Envoy) is well-built, but it’s the smoothest UX path. If Foundation goes out of business in 2029, can you still use the device? Technically yes — PSBT is a Bitcoin standard, and you can pair Passport with Sparrow, Specter, or Nunchuk. But “technically yes” is doing a lot of work if you’re not comfortable on the command line.

What we could not verify

We bought a Passport at retail and tested it for this review. What we couldn’t do:

  • Independently audit the secure element. We trust the published documentation, but we are not a hardware security lab.
  • Reproduce builds bit-for-bit from source. Foundation provides reproducible build instructions, but reproducing them properly requires a clean environment and several hours; we did not complete this.
  • Confirm long-term firmware update commitments past 2026. Foundation has shipped updates consistently since 2021, but no vendor offers binding update guarantees.

If any of those matter for your threat model, factor it in.

Who this is for

Foundation Passport is for the Bitcoin holder with USD 10,000+ in BTC who wants airgapped self-custody, values open source firmware, and is willing to pay a premium for a US-assembled device with a documented supply chain. It is not for someone holding a mixed bag of ETH, SOL, and meme tokens — for that, see our broader hardware wallet comparison or our notes on why presale buyers especially need cold storage.

If you’re evaluating Passport because of a specific upcoming token launch, the device only matters once tokens are claimable on-chain. Until then, the bigger question is whether the project itself is legitimate — our presale scoring methodology covers how we think about that.

Honest summary

Foundation Passport is a genuinely good Bitcoin-only hardware wallet with a defensible security model and an open source codebase. It is also expensive, has a smaller audit history than its larger competitors, and shares the same long-term quantum exposure as every other Bitcoin signer. We rate it 7.5/10 — it earns a strong recommendation for serious Bitcoin holders, but it is not the right fit for multi-coin users or for anyone trying to minimize cost on a small stack.

Footnotes

  1. BIP 174 — Partially Signed Bitcoin Transactions, github.com/bitcoin/bips/blob/master/bip-0174.mediawiki, accessed May 2026.

  2. Foundation Devices firmware repository, github.com/Foundation-Devices/passport2, accessed May 2026.

  3. Foundation Devices, “Supply Chain & Manufacturing Transparency” blog posts, foundationdevices.com/blog, 2023-2025.

  4. Ledger, “Addressing the July 2020 e-commerce data breach,” ledger.com/blog, July 29 2020.

For context, here's how this wallet stacks against our BMIC review.

Reviews are editorial. We don't take payment from wallet vendors. BMIC is reviewed on the same criteria as competitors.