In this short tutorial I'll explain how to step up your Hardware-Wallet security game using something brand-spanking-new called PSBT (https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki).
First time using your ColdCard Mk2 (see https://coldcardwallet.com/docs/quick) you'll need to securely generate the seed (using real dice is possible!) setup a pincode and export a wasabi skeleton json-file to a microSD card. This file contains the xpub or public key that the WasabiWallet can import at the HardwareWallet tab in the opening screen.
With that first step done, you can get started with:
The fully air-gapped PSBT signing flow
This allows you to have the highest security level with you hardware wallet, as you never plug it in to your internet connected computer that is running the Wasabi-Wallet software.
Here is an example of going through the offline signing workflow:
You build the transaction you want to do with your cold-storage coins (should be mixed beforehand in hot-Wasabi), export the Binary PSBT file to your microSD card, which is then inserted into the ColdCard.
As you can see that the signing process is done only on the offline ColdCard device which self-verifies its firmware and has several temper indicators.
After plugging the microSD back in the WasabiWallet machine, you click Import Transaction and select the finalized txn file from the microSD and then press Broadcast Transaction to make it publicly know to the Bitcoin network (in private via Tor!)
That's all folks! Hope this guide helps you with going full air-gap security and if you have any questions you can reach me on https://twitter.com/@KevinR4v