diff --git a/releases/ChangeLog.md b/releases/ChangeLog.md
index ea5f51a8..6e5afa61 100644
--- a/releases/ChangeLog.md
+++ b/releases/ChangeLog.md
@@ -1,3 +1,7 @@
+## 5.2.2 - 2023-12-21
+
+- Bugfix: Re-enable `Lock Down Seed` which was disabled by accident
+
 ## 5.2.1 - 2023-12-19
 
 - New Feature: Temporary Seed import from a COLDCARD encrypted backup.
diff --git a/shared/actions.py b/shared/actions.py
index ec107469..428c9dfd 100644
--- a/shared/actions.py
+++ b/shared/actions.py
@@ -566,25 +566,26 @@ async def convert_ephemeral_to_master(*a):
         return
 
     words = settings.get("words", True)
-    msg = 'Convert currently used '
-    msg += 'BIP-39 passphrase ' if bip39_passphrase else 'temporary seed '
-    msg += 'to main seed. '
+    _type = 'BIP-39 passphrase ' if bip39_passphrase else 'temporary seed '
+    msg = 'Convert currently used %s to master seed. Old master seed' % _type
     if words or bip39_passphrase:
-        msg += 'Main seed words themselves are erased forever, '
+        msg += ' words themselves are erased forever, '
     else:
-        msg += 'Main seed is erased forever, '
+        msg += ' is erased forever, '
 
-    msg += 'but effectively there is no other change. '
+    msg += ('and its settings blanked. This action is destructive '
+            'and may affect funds, if any, on old master seed. ')
 
     if bip39_passphrase:
-        msg += ('BIP-39 passphrase is currently in effect, its value '
+        msg += ('BIP-39 passphrase '
                 'is captured during this process and will be in effect '
                 'going forward, but the passphrase itself is erased '
                 'and unrecoverable. ')
     if not words:
         msg += 'The resulting wallet cannot be used with any other passphrase. '
 
-    msg += 'A reboot is part of this process. PIN code, and funds are not affected.'
+    msg += 'A reboot is part of this process. '
+    msg += ('PIN code, and %s funds are not affected.' % _type)
     if not await ux_confirm(msg):
 
         return await ux_aborted()
diff --git a/shared/pincodes.py b/shared/pincodes.py
index 4ebad4ef..15797d3d 100644
--- a/shared/pincodes.py
+++ b/shared/pincodes.py
@@ -366,7 +366,8 @@ class PinAttempt:
 
     def change(self, **kws):
         # change various values, stored in secure element
-        if self.tmp_value: return
+        if not kws.pop("tmp_lockdown", False):
+            if self.tmp_value: return
 
         self.roundtrip(3, **kws)
 
diff --git a/shared/seed.py b/shared/seed.py
index 569cc50b..c59c4a84 100644
--- a/shared/seed.py
+++ b/shared/seed.py
@@ -682,18 +682,29 @@ async def set_bip39_passphrase(pw, bypass_tmp=False, summarize_ux=True):
 async def remember_ephemeral_seed():
     # Compute current xprv and switch to using that as root secret.
     import stash
-    from glob import dis
+    from nvstore import SettingsObject
+    from glob import dis, settings
 
-    dis.fullscreen('Check...')
-    with stash.SensitiveValues() as sv:
-        nv = sv.encoded_secret()
+    # we are already at temporary seed, with correct
+    # settings in use - no need to call new_main_secret
+    # at the end
+
+    # locking down temporary as new master
+    # old master settings are destroyed
+    dis.fullscreen("Cleanup...")
+    assert pa.tmp_value, "no tmp"
+    assert settings.master_nvram_key, "master nvram k"
+    old_master = SettingsObject(settings.master_nvram_key)
+    old_master.load()
+    old_master.blank()
+    del old_master
 
     dis.fullscreen('Saving...')
-    pa.change(new_secret=nv)
+    pa.change(new_secret=pa.tmp_value, tmp_lockdown=True)
 
-    # re-read settings since key is now different
-    # - also captures xfp, xpub at this point
-    pa.new_main_secret(nv)
+    # not needed - will be handled by reboot
+    settings.master_nvram_key = None
+    settings.master_sv_data = {}
 
     # check and reload secret
     pa.reset()