Foundation Passport Prime — Institutional Custody Risk Rating
LISR assessment produced by the Linkmerica Research Team. Informational only — not financial advice.
At a Glance
MODERATE RISKOfficial Product Page (External)
Affiliate disclosure: Linkmerica may earn a commission on purchases through this link at no additional cost to you. This does not influence LISR scores or risk tiers.
Key Risk Flags
- KeyOS microkernel ~2 months in production; limited adversarial exposure of novel trusted computing base
- Designed-in Bluetooth wireless surface (dedicated chip, claimed post-quantum encryption); unverified cryptanalysis
- Expanded attack surface: 2FA vault, file storage, app platform, FIDO beyond core wallet function
- Immature production track record reduces confidence in operational resilience
Category Breakdown
Score range 0.0–10.0. Lower score = lower risk in that category.
| Category | Score | Assessment |
|---|---|---|
| Security Architecture | 3.8 / 10.0 |
|
| Firmware Integrity | 4.0 / 10.0 |
|
| Supply Chain Risk | 2.9 / 10.0 |
|
| Key Management | 3.5 / 10.0 |
|
| Operational Security | 5.8 / 10.0 |
|
| Recovery Risk | 4.8 / 10.0 |
|
Category breakdown reflects several structural risk properties assessed under the LISR framework. Weights and methodology are proprietary.
Analyst Notes
Passport Prime is the first device added to the Linkmerica LISR index with an independent published hardware security audit (Keylabs), and the first with designed-in wireless connectivity—both notable firsts. The full three-layer open-source model (hardware, KeyOS firmware, Envoy app) and dedicated key isolation hardware are genuine institutional-grade strengths. However, the device has been in general availability for only ~2 months (since May 2026), and KeyOS is a novel custom microkernel with minimal real-world adversarial exposure; this immaturity materially constrains confidence in operational resilience. The Bluetooth surface—even via a dedicated chip with claimed post-quantum encryption—represents a structural departure from air-gapped custody norms, and cryptanalytic validation of Foundation's wireless claims is not yet publicly available. The expanded scope (2FA vault, file storage, FIDO, app platform) increases attack surface and complexity beyond single-purpose signers, raising operational and key management risk. MODERATE-tier (4.2) reflects a device with strong architectural foundations but insufficient production history to warrant higher confidence; institutional deployers should monitor for disclosure of vulnerabilities and independent cryptanalysis of QuantumLink as the platform matures.
Produced by: The Linkmerica Research Team · LISR v1.0 · Period: 2026-07 · Node: LM-NODE-01
Quantum Resistance Assessment
QRR HIGH| QRR Category | Score | Risk Bar |
|---|---|---|
| Post Quantum Algorithm Support | 8.5 | |
| Migration Roadmap | 8.2 | |
| Firmware Upgrade Path | 3.5 | |
| Key Migration Tooling | 8.5 | |
| Regulatory Alignment | 7.8 |
LISR Framework — Score Tiers
| Score Range | Risk Tier | Institutional Guidance |
|---|---|---|
| 0.0 – 3.5 | LOW | Suitable for institutional consideration with standard diligence |
| 3.6 – 6.0 | MODERATE | Requires additional controls or policy mitigations |
| 6.1 – 8.0 | HIGH | Significant risk factors — limited institutional suitability |
| 8.1 – 10.0 | CRITICAL | Not recommended for institutional custody use |
What This Rating Covers
- Security architecture and cryptographic implementation
- Firmware integrity, transparency, and update controls
- Supply chain provenance and anti-tamper mechanisms
- Key management, entropy quality, and recovery standardisation
- Operational security controls and physical attack resistance
Limitations
- Product security posture can change with firmware or hardware updates.
- User operational security dominates many real-world loss outcomes.
- Internal scoring weights and evidence methodology are proprietary.
- This is not financial advice and Linkmerica does not provide custody services.
FAQ
What does the Linkmerica Foundation Passport Prime LISR rating represent?
A deterministic, versioned institutional custody risk assessment. Lower scores indicate lower risk. Informational only — not financial advice.
Does a lower LISR score mean funds cannot be lost?
No. Loss can still occur due to phishing, compromised recovery material, user procedural failures, or device tampering.
Does Linkmerica provide custody services or financial advice?
No. Linkmerica does not provide custody services and does not provide financial advice.
How often can the LISR rating change?
Ratings are versioned and locked at publication. New versions are issued following material firmware updates, security incidents, or scheduled review periods.