We like to be as transparent as possible, not only so our users can audit and verify our work, but also so you can stay as well-informed as possible when it comes to your security. In this article we’re going to talk about the process of releasing firmware updates for Trezor devices.

Updating your firmware is a task with a lot of question marks attached to it: How do I know this is legitimate? Why do I have to do this every month? Where did this update come from? So let’s take a look at the entire process, from GitHub to Trezor Wallet, and see if we can’t answer some of your questions.

Updates when?

We set up a fixed release cycle, which means that on the first Wednesday of every month there might be a new firmware release. We won’t always release a new firmware update every month, but when we do, it will always be on the first Wednesday.

Updates how?

Every firmware update starts with our development team working with GitHub. Think of it like chefs cooking up a brand new recipe for the menu in a restaurant.

Basically, every month the SatoshiLabs dev team has milestones on GitHub. Each milestone is like a folder full of “issues,” which you can look at on the official Trezor GitHub. Issues can be new feature requests, bugs, improvements, and other things like that. Here’s the milestone from the firmware update on 2 October. If the devs are chefs, then the milestone is the list of ingredients for the new dish — er, firmware.

The developers…you know, develop (we’ll cover this part of the process in more detail in a later article)…and then they run their code through some tests, some other tests, and some more tests. BUT it’s still not downloading time. About ten days before the first Wednesday of the following month, when the issues that belong to that month’s milestone have been worked on, we do something called a Freeze.

During the Freeze we take all the work that’s been done up until that point and use it to create the new firmware, which we pass to our Quality Assurance (QA) team. The QA run a number of manual test scenarios to make sure the firmware works as expected. At this point the developers are already working on the next milestone, so as not to waste any time!

If everything works, the QA gives the go ahead and the firmware is signed with the company’s private keys — this signature is how you (and your device) know that the firmware is genuine, and safe to download.

Then we go to the next step, which is beta testing in Beta Wallet.

Beta is a copy of the stable Trezor Wallet for anyone interested in our beta testing program, aka taste-testing the new recipe. Here, after registering for the program, beta testers can try out new firmware (including brand new features before they’re released to the public). A release to Beta is also on the first Wednesday of the month.

Dinner is served.

Moving into the final phase from beta testing, the firmware is fully cooked and ready for wide release. We add the new dish to the menu —uh, I mean we move the firmware from Beta to the main Wallet, and change all the links on our websites to reflect the release of the firmware update. On the first Wednesday of the month, we announce to all of you that a new firmware update is available to download. Delicious.

If you want to keep track of the latest firmware updates and see what you’re downloading (which we absolutely recommend), you can always check our firmware changelog.