Keys sealed in silicon.
For people — and the machines that come next.
Silroot is an open-source, air-gapped signing device for Solana, built around an NXP SE051 secure element with an ESP32-S3 running the screen, camera and QR flow. The wallet is chapter one. The same core is growing into an embedded module that lets autonomous agents and machines transact on their own — within hardware-sealed limits they cannot exceed.
status: V1 signing on devnet · SE051 secure element on the bench next
Don't trust the pitch. Read the log.
This is the actual V1 boot sequence: the board derives its keypair, signs a System Program transfer, and broadcasts it to Solana devnet. The receipt lives on-chain.
Every release will ship with a reproducible-build hash, so the firmware on your board can be checked against the source you read. Verify, don't trust.
How a transaction gets signed
In air-gapped mode the radio is off. Nothing but photons crosses the gap between your phone and your keys.
Transaction in
Your phone wallet builds an unsigned transaction and shows it as a QR code. Silroot's camera reads it.
Read before you sign
The device decodes the message and shows the recipient, amount and program on its own screen. No blind signing.
Key stays in silicon
You press ✓. The Ed25519 signature is computed inside the SE051 — the private key is not exportable, by chip policy.
Signature out
The signed transaction is shown as a QR. Your phone scans it back and broadcasts. Silroot never touches the internet.
Why a secure element? A general-purpose microcontroller can be glitched, probed and dumped. The SE051 is a CC EAL6+ smart-card-grade chip built to resist exactly that — the same class of silicon inside passports and bank cards.
Parts you can buy at a distributor
No custom silicon, no secret sauce. Every part is off-the-shelf and documented — the whole point is that you could build one yourself.
| Ref | Part | Role |
|---|---|---|
| U1 | Espressif ESP32-S3 | Host MCU: display, camera, QR encode/decode, transaction parsing. Radio disabled in air-gapped mode. |
| U2 | NXP EdgeLock SE051C2 | Secure element. Generates and holds the Ed25519 key with a non-export policy; signs on-chip. CC EAL6+ certified hardware. |
| J1 | OV2640 camera | Reads unsigned-transaction QR codes from your phone. |
| J2 | 2.0″ IPS display | Shows what you're signing — recipient, amount, program — and the signed-transaction QR. |
| SW1–SW2 | Physical buttons | Reject / approve. A signature requires a human thumb, every time. |
Three rules the hardware enforces
Keys never leave silicon
The private key is born inside the SE051 and is marked non-exportable at the chip-policy level. The host MCU — and Silroot's own firmware — can ask for signatures, never for the key.
Nothing signed blind
The device parses every transaction and shows you what it does before you approve it. If Silroot can't decode an instruction, it says so — loudly — instead of pretending.
Open enough to audit
Schematics, firmware, and transaction parser are public. An honest threat model ships in the docs: what this protects you from, and what it doesn't.
Wallets for machines, not just people
The same silicon that protects a human's savings can give an autonomous agent a spending mandate it physically cannot exceed.
A signing module for autonomous agents
A solderable module that gives any robot, sensor, vehicle or AI agent its own on-chain identity: a key sealed inside the secure element, fronted by a policy engine running in signed, tamper-protected firmware.
- Spend caps per transaction and per day, checked before anything is signed
- Recipient and program allow-lists — the agent can pay its suppliers, not an attacker
- Rate limits and dead-man cutoffs for runaway processes
- Hardware attestation: prove a payment came from a specific physical device
Where the build is right now
Silroot is a work in progress, built in public. This page updates as the hardware does.
-
V1 · Done
Software signer on ESP32
BIP-39 / SLIP-0010 key derivation, Solana transaction builder verified byte-for-byte against the official SDK, first transfers signed and confirmed on devnet.
-
V2 · In progress
Secure element on the bench
SE051C2 over I2C with an SCP03 encrypted channel. Key generation and Ed25519 signing move into certified silicon with a non-export policy; the firmware's signer interface stays identical.
-
V3 · Next
Air-gapped QR flow
Camera in, display out, radio off. On-screen verification of recipient, amount and program, PIN with SE-enforced retry lockout, and animated-QR support for larger transactions.
-
V4 · Planned
Silroot Rev·A board
Custom PCB and enclosure, SPL token and multi-account support, reproducible firmware builds, a published threat model — and an external security review before anyone is told to trust it with real funds.
-
V5 · Research Silroot Core
Machine-to-machine signing module
An embedded module that lets autonomous agents and machines transact on their own — within limits they cannot exceed. The key is sealed in the secure element; spend caps, allow-lists and rate limits are enforced by a policy engine in signed firmware in front of it. Built for the machine economy: robots paying for charging, sensors selling data, agents settling compute bills.
-
V6 · Horizon
Fleet tooling
Provisioning, attestation and key-ceremony tooling for deploying Silroot Core across device fleets — so a thousand machines can each hold their own wallet without a human ever handling a key.
Follow the build
New milestones, failures included, posted as they happen. Star the repo to read every commit.
Silroot is a prototype. Today it signs on Solana devnet only and has not been audited. Don't put funds you care about on development hardware — mine or anyone's. When that changes, this box will change first.