edits

releases/ChangeLog.md

@@ -4,65 +4,64 @@ This lists the changes in the most recent firmware, for each hardware platform.
 
 # Shared Improvements - Both Mk4 and Q
 
-- New signing features:
-    - Sign message from note text, or password note
-    - JSON message signing. Use JSON object to pass data to sign in form
-        `{"msg":"<required msg>","subpath":"<optional sp>","addr_fmt": "<optional af>"}`
-    - Sign message with key resulting from positive ownership check. Press (0) and
-      enter or scan message text to be signed.
-    - Sign message with key selected from Address Explorer Custom Path menu. Press (2) and
-      enter or scan message text to be signed.
-- Enhancement: New address display format improves address verification on screen (groups of 4).
-- Deltamode enhancements:
-    - Hide Secure Notes & Passwords in Deltamode. Wipe seed if notes menu accessed. 
-    - Hide Seed Vault in Deltamode. Wipe seed if Seed Vault menu accessed. 
-    - Catch more DeltaMode cases in XOR submenus. Thanks [@dmonakhov](https://github.com/dmonakhov)
-- Enhancement: Add ability to switch between BIP-32 xpub, and obsolete SLIP-132 format
-  in `Export XPUB`
-- Enhancement: Use the fact that master seed cannot be used as ephemeral seed, to show message 
-  about successful master seed verification.
-- Enhancement: Allow devs to override backup password.
-- Enhancement: Add option to show/export full multisg addresses without censorship. Enable
-  in `Settings > Multisig Wallets > Full Address View`.
-- Enhancement: If derivation path is omitted during message signing, derivation path
-  default is no longer root (m), instead it is based on requested address format
-  (`m/44h/0h/0h/0/0` for p2pkh, and `m/84h/0h/0h/0/0` for p2wpkh). Conversely,
-  if address format is not provided but subpath derivation starts with:
-  `m/84h/...` or `m/49h/...`, then p2wpkh or p2sh-p2wpkh respectively, is used.
-- Bugfix: Sometimes see a struck screen after _Verifying..._ in boot up sequence.
-  On Q, result is blank screen, on Mk4, result is three-dots screen.
-- Bugfix: Do not allow to enable/disable Seed Vault feature when in temporary seed mode.
-- Bugfix: Bless Firmware causes hanging progress bar.
-- Bugfix: Prevent yikes in ownership search.
-- Bugfix: Factory-disabled NFC was not recognized correctly.
-- Bugfix: Be more robust about flash filesystem holding the settings.
-- Bugfix: Do not include sighash in PSBT input data, if sighash value is `SIGHASH_ALL`.
-- Bugfix: Allow import of multisig descriptor with root (m) keys in it.
-  Thanks [@turkycat](https://github.com/turkycat)
-- Change: Do not purge settings of current active tmp seed when deleting it from Seed Vault.
-- Change: Rename Testnet3 -> Testnet4 (all parameters unchanged).
+- Huge new feature: CCC - ColdCard Cosign
+    - COLDCARD holds a key in a 2-of-3 multisig, in addition to the normal signing key it has.
+    - it applies a spending policy like an HSM:
+        - velocity and magnitude limits
+        - whitelisted destination addresses
+        - 2FA authentication using phone app ([RFC 6238](https://www.rfc-editor.org/rfc/rfc6238))
+    - but will sign its part of a transaction automatically if those condition are met, 
+      giving you 2 keys of the multisig and control over the funds
+    - spending policy can be exceeded with help of the other co-signer (3rd key), when needed
+    - cannot view or change the CCC spending policy once set, policy violations are not explained
+    - existing multisig wallets can be used by importing the spending-policy-controlled key
+
+- New Feature: Multisig transactions are finalized. Allows use of [PushTX](https://pushtx.org/)
+  with multisig wallets.  Read more [here](https://github.com/Coldcard/firmware/blob/master/docs/limitations.md#p2sh--multisig)
+- New Feature: Signing artifacts re-export to various media. Now you have the option of
+  exporting the signing products (transaction/PSBT) to different media than the original source.
+  Incoming PSBT over QR can be signed and saved to SD card if desired.
+- New Feature: Multisig export files are signed now. Read more [here](https://github.com/Coldcard/firmware/blob/master/docs/msg-signing.md#signed-exports)
+- Enhancement: NFC export usability upgrade: NFC keeps exporting until CANCEL/X is pressed
+- Enhancement: Add `Bitcoin Safe` option to `Export Wallet`
+- Enhancement: 10% performance improvement in USB upload speed for large files
+- Bugfix: Do not allow change Main PIN to same value already used as Trick PIN, even if
+  Trick PIN is hidden.
+- Bugfix: Fix stuck progress bar under `Receiving...` after a USB communications failure
+- Bugfix: Showing derivation path in Address Explorer for root key (m) showed double slash (//)
+- Bugfix: Can restore developer backup with custom password other than 12 words format
+- Bugfix: Virtual Disk auto mode ignores already signed PSBTs (with "-signed" in file name)
+- Bugfix: Virtual Disk auto mode stuck on "Reading..." screen sometimes
+- Bugfix: Finalization of foreign inputs from partial signatures. Thanks Christian Uebber
+- Bugfix: Temporary seed from COLDCARD backup failed to load stored multisig wallets
+- Change: `Destroy Seed` also removes all Trick PINs from SE2.
+- Change: `Lock Down Seed` requires pressing confirm key (4) to execute
 
 
 # Mk4 Specific Changes
 
-## 5.4.1 - 2025-02-13
+## 5.4.2 - 2025-04-16
 
-- Enhancement: Export single sig descriptor with simple QR.
+- All of the above, but not Key Teleport which requires QR scanner.
 
 
 # Q Specific Changes
 
-## 1.3.1Q - 2025-02-13
-
-- New Feature: Verify Signed RFC messages via BBQr
-- New Feature: Sign message from QR scan (format has to be JSON)
-- Enhancement: Sign/Verify Address in Sparrow via QR
-- Enhancement: Sign scanned Simple Text by pressing (0). Next screen query information
-  about which key to use.
-- Enhancement: Add option to "Sort By Title" in Secure Notes and Passwords. Thanks to
-  [@MTRitchey](https://x.com/MTRitchey) for suggestion.
-- Bugfix: Properly re-draw status bar after Restore Master on COLDCARD without master seed.
+## 1.3.2Q - 2025-04-16
 
+- Feature: Key Teleport -- Easily and securely move seed phrases, secure notes/passwords,
+  multisig PSBT files, and even full Coldcard backups, between two Q using QR codes
+  and/or NFC with helper website. See protocol spec in
+  [docs/key-teleport.md](https://github.com/Coldcard/firmware/blob/master/docs/key-teleport.md)
+    - can send master seed (words, xprv), anything held in seed vault, secure notes/passwords 
+      (singular, or all) and PSBT involved in a multisig to the other co-signers
+    - full COLDCARD backup is possible as well, but receiver must be "unseeded" Q for best result
+    - ECDH to create session key for AES-256-CTR, with another layer of AES-256-CTR using a
+      short password (stretched by PBKDF2-SHA512) inside
+    - receiver shows sender a (simple) QR and a numeric code; sender replies with larger BBQr
+      and 8-char password
+- Enhancement: Always choose the biggest possible display size for QR
+- Bugfix: Only BBQr is allowed to export Coldcard, Core, and pretty descriptor
 
 
 # Release History

releases/History-Mk4.md

@@ -1,5 +1,48 @@
 *See ChangeLog.md for more recent changes, these are historic versions*
 
+## 5.4.1 - 2025-02-13
+
+- New signing features:
+    - Sign message from note text, or password note
+    - JSON message signing. Use JSON object to pass data to sign in form
+        `{"msg":"<required msg>","subpath":"<optional sp>","addr_fmt": "<optional af>"}`
+    - Sign message with key resulting from positive ownership check. Press (0) and
+      enter or scan message text to be signed.
+    - Sign message with key selected from Address Explorer Custom Path menu. Press (2) and
+      enter or scan message text to be signed.
+- Enhancement: New address display format improves address verification on screen (groups of 4).
+- Deltamode enhancements:
+    - Hide Secure Notes & Passwords in Deltamode. Wipe seed if notes menu accessed. 
+    - Hide Seed Vault in Deltamode. Wipe seed if Seed Vault menu accessed. 
+    - Catch more DeltaMode cases in XOR submenus. Thanks [@dmonakhov](https://github.com/dmonakhov)
+- Enhancement: Add ability to switch between BIP-32 xpub, and obsolete SLIP-132 format
+  in `Export XPUB`
+- Enhancement: Use the fact that master seed cannot be used as ephemeral seed, to show message 
+  about successful master seed verification.
+- Enhancement: Allow devs to override backup password.
+- Enhancement: Add option to show/export full multisg addresses without censorship. Enable
+  in `Settings > Multisig Wallets > Full Address View`.
+- Enhancement: If derivation path is omitted during message signing, derivation path
+  default is no longer root (m), instead it is based on requested address format
+  (`m/44h/0h/0h/0/0` for p2pkh, and `m/84h/0h/0h/0/0` for p2wpkh). Conversely,
+  if address format is not provided but subpath derivation starts with:
+  `m/84h/...` or `m/49h/...`, then p2wpkh or p2sh-p2wpkh respectively, is used.
+- Bugfix: Sometimes see a struck screen after _Verifying..._ in boot up sequence.
+  On Q, result is blank screen, on Mk4, result is three-dots screen.
+- Bugfix: Do not allow to enable/disable Seed Vault feature when in temporary seed mode.
+- Bugfix: Bless Firmware causes hanging progress bar.
+- Bugfix: Prevent yikes in ownership search.
+- Bugfix: Factory-disabled NFC was not recognized correctly.
+- Bugfix: Be more robust about flash filesystem holding the settings.
+- Bugfix: Do not include sighash in PSBT input data, if sighash value is `SIGHASH_ALL`.
+- Bugfix: Allow import of multisig descriptor with root (m) keys in it.
+  Thanks [@turkycat](https://github.com/turkycat)
+- Change: Do not purge settings of current active tmp seed when deleting it from Seed Vault.
+- Change: Rename Testnet3 -> Testnet4 (all parameters unchanged).
+- Mk4 Specific Change:
+  - Enhancement: Export single sig descriptor with simple QR.
+
+
 ## 5.4.0 - 2024-09-12
 
 - New Feature: Opt-in support for unsorted multisig, which ignores BIP-67 policy. Use

releases/History-Q.md

@@ -1,5 +1,54 @@
 *See ChangeLog.md for more recent changes, these are historic versions*
 
+## 1.3.1Q - 2025-02-13
+
+- New signing features:
+    - Sign message from note text, or password note
+    - JSON message signing. Use JSON object to pass data to sign in form
+        `{"msg":"<required msg>","subpath":"<optional sp>","addr_fmt": "<optional af>"}`
+    - Sign message with key resulting from positive ownership check. Press (0) and
+      enter or scan message text to be signed.
+    - Sign message with key selected from Address Explorer Custom Path menu. Press (2) and
+      enter or scan message text to be signed.
+- Enhancement: New address display format improves address verification on screen (groups of 4).
+- Deltamode enhancements:
+    - Hide Secure Notes & Passwords in Deltamode. Wipe seed if notes menu accessed. 
+    - Hide Seed Vault in Deltamode. Wipe seed if Seed Vault menu accessed. 
+    - Catch more DeltaMode cases in XOR submenus. Thanks [@dmonakhov](https://github.com/dmonakhov)
+- Enhancement: Add ability to switch between BIP-32 xpub, and obsolete SLIP-132 format
+  in `Export XPUB`
+- Enhancement: Use the fact that master seed cannot be used as ephemeral seed, to show message 
+  about successful master seed verification.
+- Enhancement: Allow devs to override backup password.
+- Enhancement: Add option to show/export full multisg addresses without censorship. Enable
+  in `Settings > Multisig Wallets > Full Address View`.
+- Enhancement: If derivation path is omitted during message signing, derivation path
+  default is no longer root (m), instead it is based on requested address format
+  (`m/44h/0h/0h/0/0` for p2pkh, and `m/84h/0h/0h/0/0` for p2wpkh). Conversely,
+  if address format is not provided but subpath derivation starts with:
+  `m/84h/...` or `m/49h/...`, then p2wpkh or p2sh-p2wpkh respectively, is used.
+- Bugfix: Sometimes see a struck screen after _Verifying..._ in boot up sequence.
+  On Q, result is blank screen, on Mk4, result is three-dots screen.
+- Bugfix: Do not allow to enable/disable Seed Vault feature when in temporary seed mode.
+- Bugfix: Bless Firmware causes hanging progress bar.
+- Bugfix: Prevent yikes in ownership search.
+- Bugfix: Factory-disabled NFC was not recognized correctly.
+- Bugfix: Be more robust about flash filesystem holding the settings.
+- Bugfix: Do not include sighash in PSBT input data, if sighash value is `SIGHASH_ALL`.
+- Bugfix: Allow import of multisig descriptor with root (m) keys in it.
+  Thanks [@turkycat](https://github.com/turkycat)
+- Change: Do not purge settings of current active tmp seed when deleting it from Seed Vault.
+- Change: Rename Testnet3 -> Testnet4 (all parameters unchanged).
+
+- New Feature: Verify Signed RFC messages via BBQr
+- New Feature: Sign message from QR scan (format has to be JSON)
+- Enhancement: Sign/Verify Address in Sparrow via QR
+- Enhancement: Sign scanned Simple Text by pressing (0). Next screen query information
+  about which key to use.
+- Enhancement: Add option to "Sort By Title" in Secure Notes and Passwords. Thanks to
+  [@MTRitchey](https://x.com/MTRitchey) for suggestion.
+- Bugfix: Properly re-draw status bar after Restore Master on COLDCARD without master seed.
+
 
 ## 1.3.0Q - 2024-09-12
 

releases/Next-ChangeLog.md

@@ -2,64 +2,20 @@
 
 This lists the new changes that have not yet been published in a normal release.
 
-
 # Shared Improvements - Both Mk4 and Q
 
-- Huge new feature: CCC - ColdCard Cosign
-    - COLDCARD holds a key in a 2-of-3 multisig, in addition to the normal signing key it has.
-    - it applies a spending policy like an HSM:
-        - velocity and magnitude limits
-        - whitelisted destination addresses
-        - 2FA authentication using phone app ([RFC 6238](https://www.rfc-editor.org/rfc/rfc6238))
-    - but will sign its part of a transaction automatically if those condition are met, 
-      giving you 2 keys of the multisig and control over the funds
-    - spending policy can be exceeded with help of the other co-signer (3rd key), when needed
-    - cannot view or change the CCC spending policy once set, policy violations are not explained
-    - existing multisig wallets can be used by importing the spending-policy-controlled key
-
-- New Feature: Multisig transactions are finalized. Allows use of [PushTX](https://pushtx.org/)
-  with multisig wallets.  Read more [here](https://github.com/Coldcard/firmware/blob/master/docs/limitations.md#p2sh--multisig)
-- New Feature: Signing artifacts re-export to various media. Now you have the option of
-  exporting the signing products (transaction/PSBT) to different media than the original source.
-  Incoming PSBT over QR can be signed and saved to SD card if desired.
-- New Feature: Multisig export files are signed now. Read more [here](https://github.com/Coldcard/firmware/blob/master/docs/msg-signing.md#signed-exports)
-- Enhancement: NFC export usability upgrade: NFC keeps exporting until CANCEL/X is pressed
-- Enhancement: Add `Bitcoin Safe` option to `Export Wallet`
-- Enhancement: 10% performance improvement in USB upload speed for large files
-- Bugfix: Do not allow change Main PIN to same value already used as Trick PIN, even if
-  Trick PIN is hidden.
-- Bugfix: Fix stuck progress bar under `Receiving...` after a USB communications failure
-- Bugfix: Showing derivation path in Address Explorer for root key (m) showed double slash (//)
-- Bugfix: Can restore developer backup with custom password other than 12 words format
-- Bugfix: Virtual Disk auto mode ignores already signed PSBTs (with "-signed" in file name)
-- Bugfix: Virtual Disk auto mode stuck on "Reading..." screen sometimes
-- Bugfix: Finalization of foreign inputs from partial signatures. Thanks Christian Uebber
-- Bugfix: Temporary seed from COLDCARD backup failed to load stored multisig wallets
-- Change: `Destroy Seed` also removes all Trick PINs from SE2.
-- Change: `Lock Down Seed` requires pressing confirm key (4) to execute
+- tbd
 
 
 # Mk4 Specific Changes
 
-## 5.4.2 - 2025-04-17
+## 5.4.? - 2025-05-
 
-- All of the above, but not Key Teleport which requires QR scanner.
+- tbd
 
 
 # Q Specific Changes
 
-## 1.3.2Q - 2025-04-17
+## 1.3.?Q - 2025-05-
 
-- Feature: Key Teleport -- Easily and securely move seed phrases, secure notes/passwords,
-  multisig PSBT files, and even full Coldcard backups, between two Q using QR codes
-  and/or NFC with helper website. See protocol spec in
-  [docs/key-teleport.md](https://github.com/Coldcard/firmware/blob/master/docs/key-teleport.md)
-    - can send master seed (words, xprv), anything held in seed vault, secure notes/passwords 
-      (singular, or all) and PSBT involved in a multisig to the other co-signers
-    - full COLDCARD backup is possible as well, but receiver must be "unseeded" Q for best result
-    - ECDH to create session key for AES-256-CTR, with another layer of AES-256-CTR using a
-      short password (stretched by PBKDF2-SHA512) inside
-    - receiver shows sender a (simple) QR and a numeric code; sender replies with larger BBQr
-      and 8-char password
-- Enhancement: Always choose the biggest possible display size for QR
-- Bugfix: Only BBQr is allowed to export Coldcard, Core, and pretty descriptor
+- tbd