SILROOT
Open Sourced · Hardware root of trust

Keys sealed in silicon.
For people — and the machines that come next.

Silroot is an open-source, air-gapped signing device for Solana, built around an NXP SE051 secure element with an ESP32-S3 running the screen, camera and QR flow. The wallet is chapter one. The same core is growing into an embedded module that lets autonomous agents and machines transact on their own — within hardware-sealed limits they cannot exceed.

status: V1 signing on devnet · SE051 secure element on the bench next

Serial monitor

Don't trust the pitch. Read the log.

This is the actual V1 boot sequence: the board derives its keypair, signs a System Program transfer, and broadcasts it to Solana devnet. The receipt lives on-chain.

idf.py monitor — /dev/ttyUSB0 · 115200

Every release will ship with a reproducible-build hash, so the firmware on your board can be checked against the source you read. Verify, don't trust.

Signing path

How a transaction gets signed

In air-gapped mode the radio is off. Nothing but photons crosses the gap between your phone and your keys.

01 / SCAN

Transaction in

Your phone wallet builds an unsigned transaction and shows it as a QR code. Silroot's camera reads it.

02 / VERIFY

Read before you sign

The device decodes the message and shows the recipient, amount and program on its own screen. No blind signing.

03 / SIGN

Key stays in silicon

You press ✓. The Ed25519 signature is computed inside the SE051 — the private key is not exportable, by chip policy.

04 / RETURN

Signature out

The signed transaction is shown as a QR. Your phone scans it back and broadcasts. Silroot never touches the internet.

Why a secure element? A general-purpose microcontroller can be glitched, probed and dumped. The SE051 is a CC EAL6+ smart-card-grade chip built to resist exactly that — the same class of silicon inside passports and bank cards.

Hardware

Parts you can buy at a distributor

No custom silicon, no secret sauce. Every part is off-the-shelf and documented — the whole point is that you could build one yourself.

RefPartRole
U1 Espressif ESP32-S3 Host MCU: display, camera, QR encode/decode, transaction parsing. Radio disabled in air-gapped mode.
U2 NXP EdgeLock SE051C2 Secure element. Generates and holds the Ed25519 key with a non-export policy; signs on-chip. CC EAL6+ certified hardware.
J1 OV2640 camera Reads unsigned-transaction QR codes from your phone.
J2 2.0″ IPS display Shows what you're signing — recipient, amount, program — and the signed-transaction QR.
SW1–SW2 Physical buttons Reject / approve. A signature requires a human thumb, every time.
Design rules

Three rules the hardware enforces

Keys never leave silicon

The private key is born inside the SE051 and is marked non-exportable at the chip-policy level. The host MCU — and Silroot's own firmware — can ask for signatures, never for the key.

Nothing signed blind

The device parses every transaction and shows you what it does before you approve it. If Silroot can't decode an instruction, it says so — loudly — instead of pretending.

Open enough to audit

Schematics, firmware, and transaction parser are public. An honest threat model ships in the docs: what this protects you from, and what it doesn't.

Where this is going

Wallets for machines, not just people

The same silicon that protects a human's savings can give an autonomous agent a spending mandate it physically cannot exceed.

Silroot Core — concept

A signing module for autonomous agents

A solderable module that gives any robot, sensor, vehicle or AI agent its own on-chain identity: a key sealed inside the secure element, fronted by a policy engine running in signed, tamper-protected firmware.

  • Spend caps per transaction and per day, checked before anything is signed
  • Recipient and program allow-lists — the agent can pay its suppliers, not an attacker
  • Rate limits and dead-man cutoffs for runaway processes
  • Hardware attestation: prove a payment came from a specific physical device
AGENT tx request POLICY caps · lists rate limits SE051 sign signature DENIED BY DEFAULT · SIGNED BY EXCEPTION
Build log

Where the build is right now

Silroot is a work in progress, built in public. This page updates as the hardware does.

  • V1 · Done

    Software signer on ESP32

    BIP-39 / SLIP-0010 key derivation, Solana transaction builder verified byte-for-byte against the official SDK, first transfers signed and confirmed on devnet.

  • V2 · In progress

    Secure element on the bench

    SE051C2 over I2C with an SCP03 encrypted channel. Key generation and Ed25519 signing move into certified silicon with a non-export policy; the firmware's signer interface stays identical.

  • V3 · Next

    Air-gapped QR flow

    Camera in, display out, radio off. On-screen verification of recipient, amount and program, PIN with SE-enforced retry lockout, and animated-QR support for larger transactions.

  • V4 · Planned

    Silroot Rev·A board

    Custom PCB and enclosure, SPL token and multi-account support, reproducible firmware builds, a published threat model — and an external security review before anyone is told to trust it with real funds.

  • V5 · Research Silroot Core

    Machine-to-machine signing module

    An embedded module that lets autonomous agents and machines transact on their own — within limits they cannot exceed. The key is sealed in the secure element; spend caps, allow-lists and rate limits are enforced by a policy engine in signed firmware in front of it. Built for the machine economy: robots paying for charging, sensors selling data, agents settling compute bills.

  • V6 · Horizon

    Fleet tooling

    Provisioning, attestation and key-ceremony tooling for deploying Silroot Core across device fleets — so a thousand machines can each hold their own wallet without a human ever handling a key.

Status

Follow the build

New milestones, failures included, posted as they happen. Star the repo to read every commit.

Read this before you get excited

Silroot is a prototype. Today it signs on Solana devnet only and has not been audited. Don't put funds you care about on development hardware — mine or anyone's. When that changes, this box will change first.