Open-source firmware and hardware for CashStick Bitcoin bearer device combining RP2040 microcontroller with SE050 secure element for hardware-level Bitcoin security.

• 🔐 Hardware Security: SE050 secure element with EAL 6+ certification
• ₿ Native Bitcoin Support: secp256k1 key generation using SE050 built-in cryptography
• 🛡️ Tamper-Evident Design: Physical security reveals keys when seal broken for Bitcoin recovery
• 💡 LED Status Indicators: Blue (new), Green (sealed), Red (compromised), Yellow (busy)
• 📱 Drag-and-Drop Installation: No technical knowledge required (.uf2 files)
• 🔍 Open Source & Auditable: Complete transparency for security verification
• ⚡ USB 2.0 Interface: Mass storage mode and communication

1. Download latest firmware (.uf2 file) from Releases
2. Hold BOOT button while connecting CashStick to USB port
3. Drag and drop firmware file to "RPI-RP2" drive that appears
4. Device reboots automatically with new firmware installed

1. Connect CashStick after firmware installation
2. LED shows blue indicating new/uninitialized state
3. Press TEST button to generate Bitcoin keys using SE050
4. LED turns green when keys generated and device sealed
5. Bitcoin address appears in virtual files for funding

Normal Operation:

• Device shows green LED when secure and intact
• Access Bitcoin address through USB mass storage files
• Fund the address with Bitcoin from any wallet

After Tamper (Key Revelation):

• Physical seal break triggers tamper detection
• LED turns red indicating compromise
• Private key appears in plaintext files for sweeping
• Import private key to any Bitcoin wallet to access funds

CashStick implements a bearer instrument security model:

1. Sealed State 🟢

   • Device generates Bitcoin keys using SE050 hardware RNG
   • Only public key and Bitcoin address are accessible
   • Private key secured within SE050 tamper-resistant boundary

2. Tamper Detection 🔴

   • Physical circuit monitoring detects seal compromise
   • SE050 internal tamper detection provides hardware-level security
   • Cryptographic integrity verification ensures authenticity

3. Key Revelation 📋

   • When tamper detected, device reveals private key in plaintext files
   • Owner can sweep Bitcoin using any standard wallet
   • Device becomes "spent" after tamper - single-use security

# Install ARM toolchain
sudo apt install gcc-arm-none-eabi cmake build-essential

# Clone and set up Pico SDK
git clone https://github.com/raspberrypi/pico-sdk.git --recurse-submodules
export PICO_SDK_PATH=/path/to/pico-sdk

# Clone the repository
git clone https://github.com/Cash-Stick/cashstick-firmware.git
cd cashstick-firmware

# Create build directory
mkdir build && cd build

# Configure and build
cmake ..
make -j4

• cashstick_firmware.uf2 - Drag-and-drop installation file
• cashstick_firmware.elf - Debug binary with symbols
• cashstick_firmware.bin - Raw binary for advanced users

CashStick firmware is designed for seamless manufacturing integration:

1. Assembled PCBs delivered with bootloader pre-installed
2. End users download firmware from cashstick.org
3. Drag-and-drop installation requires no technical expertise
4. Quality assurance built-in testing and verification

• Website: cashstick.org
• Community: Telegram @bitcoinmint
• Support: GitHub Issues

This project is licensed under the MIT License - see the LICENSE file for details.

We chose MIT License to ensure:

• Maximum transparency for security auditing
• Commercial compatibility for manufacturing
• Community adoption without restrictions
• Innovation encouragement in Bitcoin hardware security