# Update the Firmware

### Latest Firmware

If you're looking for what's new, you can find the latest firmware revision on our GitHub, along with the full revision history.

{% embed url="<https://github.com/GridPlus/lattice-firmware-history>" %}

{% embed url="<https://www.youtube.com/watch?v=ZTFhcJoMdQk>" %}

### The Process

The Lattice1 will check for **updates to the HSM firmware** automatically every 6 hours. Once an update is available, the device will prompt you to confirm the installation of the new update manually.

<figure><img src="https://268056579-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZJQypB4fk8YIsDKCl_%2Fuploads%2FGVdMGY67fh43tLhXnlSX%2Fguides_How%20to%20upgrade%20firmware.png?alt=media&#x26;token=bd586556-94ab-467a-bf07-3bf07a7c4415" alt=""><figcaption></figcaption></figure>

Then all you need to do is kick back and watch the progress bar for a minute or two. Your device will reboot and you’ll be back in action with an upgraded Lattice1.

The HSM update will never be installed **without your approval**. However, we strongly recommend you upgrade to every single new update available.

{% hint style="success" %}
You can also check if an update is available **manually** without waiting for the regular 6-hour scan if you go to **System Preferences → Software Update** on your Lattice1.

Also, if you want to make sure what **firmware revision** you have in your device, you can check this if you go to **System Preferences → Device info**.
{% endhint %}

Check out the current version of our firmware with explanation for each function here:

{% embed url="<https://docs.gridplus.io/lattice1/lattice1-firmware-reference>" %}

{% hint style="danger" %}
Never unplug the Lattice while it's installing a firmware update!

It's also possible to encounter the firmware update failing, if this happens to you, just wait for 5-10 minutes and try again. If this doesn't help, try powercycling the Lattice - unplug it and plug it back in. Only do this if the device is **not** currently installing the update.
{% endhint %}

### Update Security

How can we safely update your secure hardware over the air like this? Every release must be signed by **multiple GridPlus private keys** which are separated geographically so your device can verify the provenance of the release. The **secure bootloader** will reject any updates that do not meet these strict criteria before installing anything. You can also use the [**verification tool**](https://docs.gridplus.io/lattice1/lattice1-guides/how-to-verify-that-your-lattice1-is-authentic) to make sure your Lattice1 is authentic - no other device can receive our update.

The device is made up of two elements (the HSM/SCE and the GCE) - the **GCE** that runs a simple Linux system updates automatically (far less often than the SCE), but every single part of the device is constructed with the **idea that the GCE is vulnerable at all times** - this means that no part of the system that handles secure data is ever exposed to the update.

In other words, **funds are safu**.

{% hint style="info" %}
The **Linux GCE is also updated** - the updates are very infrequent and automatic - you're not prompted to approve them. These happen completely outside of the secure chip running the firmware and do not touch any secure data or private keys.
{% endhint %}