coldcard/firmware
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rename file

Browse Source 
(cherry picked from commit ffb4cd32e9)
This commit is contained in:
Peter D. Gray 2023-06-23 10:20:42 -04:00 committed by doc-hex
parent 14350452f0
commit dd3f79dc80
1 changed files with 236 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

236
releases/Mk3ChangeLog.md Normal file
View File

@ -0,0 +1,236 @@
## 4.1.8 - Jun 19, 2023
- Bugfix: "Validating..." screen would be shown twice in some cases. Improves signing performance.
- Bugfix: Reproducible builds corrected.
## 4.1.7 - Nov 15, 2022
- Bugfix: Upgrades to 4.1.6 version using SD Card did not work due to an obscure alignment
bug. USB upgrade did work. A workaround to this issue has been added for this release.
## 4.1.6 - Oct 5, 2022
- Bugfix: order of multisig wallet registration does NOT matter in PSBT signing
- Bugfix: allow unknown scripts in HSM mode
- Enhancement: `OP_RETURN` is now a known script and is displayed in ascii if possible
## 4.1.5 - May 4, 2022
- Enhancement: Support P2TR outputs (pay to Taproot) in PSBT files. Allows
on-screen verification of P2TR destination addresses (`bc1p..`) so you can send
your BTC to them. Does **not** support signing, so you cannot operate a Taproot
wallet with Mk3 COLDCARD as the signing device.
- Bugfix: Yikes error shown during BIP-85 menu operation.
- Enhancement: Rename "Derive Entropy" to "Derive Seed B85" to match Mk4 menus
## 4.1.4 - Apr 26, 2022
- Enhancement: if an XFP of zero is seen in a PSBT file, assume that should be replaced by
our current XFP value and try to sign the input (same for change outputs and change-fraud
checks). This makes building a workable PSBT file easier and could be used to preserve
privacy of XFP value itself. A warning is shown when this happens.
- Enhancement: "Advanced > Export XPUB" provides direct way to show XPUB (or ZPUB/YPUB) for
BIP-84 / BIP-44 / BIP-49 standard derivations, as a QR. Also can show XFP and master XPUB.
- Bugfix: Updated domain name from `coldcardwallet.com` to `coldcard.com` in docs and few
on-screen messages.
- Bugfix: allow sending to scripts that we cannot parse, with a warning, to support
`OP_RETURN` and other outputs we don't understand well (yet).
## 4.1.3 - Sep 2, 2021
- Enhancement: support "importdescriptors" command in Bitcoin Core 0.21 so that
a descriptor-based wallet is created. PSBT files are then supported natively by
Core, and the resulting desktop wallet can be used for spending (ie. create PSBT
via GUI) and also watching. Translation: Easy air-gap PSBT operation with Bitcoin Core!
- Enhancement: remove "m/0/0" derivations from public.txt and address explorer,
since that path is obsolete and not used by any major wallets now. We can still
sign PSBT files with that path, but it's an unnecessary risk to show derived
addresses for a type of wallet that doesn't exist anymore.
- Enhancement: if PSBT input sections don't contain the key path information we need,
show a more specific error message.
- Bugfix: a PSBT which provided the wrong pubkey (based on UTXO being spent) was not
flagged as invalid, but instead we proceeded to do nothing. Now says "pubkey vs. address wrong".
- Bugfix: if asked to serialize a partially-signed transaction, we did. Now fails properly.
- Bugfix: if multiple copies of the same BIP-39 passphrase were saved to a card, the menu
would not display correctly and you might not be able to select your saved value.
## 4.1.2 - July 28, 2021
- Enhancement: Shows QR code with BIP-85 derived entropy value if you press (3) while
value shown on-screen. Thanks to [@opennoms](https://twitter.com/openoms) for idea.
Works with 12/18/24-words, XPRV, privatekey and even hex cases.
- Enhancement: Offer to show QR in other places:
- Coldcard's main XPUB, in Advanced > View Identity
- Seed words, during picking process (before the quiz)
- Stored seed words: Advanced > Danger Zone > Seed Functions > View Seed Words
- TXID of just-signed transaction (64 hex digits)
- Encryption password for the system backup file (12 words)
- Enhancement: We now grind a nonce so that our signatures are always 71 bytes or shorter.
This may save a byte in transaction size, and makes our signatures identical to those
produced by Bitcoin Core, improving anonymity on-chain. Thanks to
[@craigraw](https://twitter.com/craigraw) for detecting this.
- Bugfix: On a blank Coldcard, after importing a seed phrase using the
[Seed XOR feature](https://seedxor.com/), the main menu was not updated to show
system is "Ready To Sign".
- Bugfix: Red caution light could happen (a false positive) if a specific sequence of
firmware upgrades and reboots occurred in the right order. Issue could only occur once
during lifetime of any particular Coldcard.
## 4.1.1 - April 30, 2021
- Bugfix/Enhancement: [Unchained Capital](https://unchained-capital.com/)
was using the P2SH (BIP-45) value we exported in our multisig
wallet file (removed in 4.1.0). So we've restored that, added
BIP-45 path to our generic JSON export (if account number is zero),
and added a dedicated menu item: Advanced > MicroSD > Export > Unchained Capital
## 4.1.0 - April 29, 2021
- New feature: Seed XOR -- split your secret BIP-39 seed into 2 (or 3 or 4) new seed phrases
- any combination of found seed word phrases is a fully working wallet (great for duress)
- still 24 words, and can be encoded onto a SEEDPLATE
- all parts are required to be known to get back to original
seed phrase (**not** M of N, always N of N),
- your existing seed can be split by Coldcard (one already in use)
- you can do the math on paper, and it's possible to split/combine without the Coldcard
- see [docs/seed-xor.md](docs/seed-xor.md) for more, and the paper tools you need
are available at <https://github.com/Coldcard/wordlist-paper>
- Enhancement: Add support for BIP-48 derivations when exporting generic JSON (including
the accounts number) under Advanced > MicroSD Card > Export Wallet > Generic JSON.
These are targeted towards multisig wallets, such as
[Sparrow](https://sparrowwallet.com/docs/coldcard-wallet.html)
- Enhancement: Ask for account number when creating Multisig Wallets via air-gapped
Coldcards. Use account zero for compatibility with previous versions. No need to
use same account number on each participating Coldcard, but we recommend that. Creating
new P2SH (BIP-45) type air-gapped wallets has been removed since it cannot support
multiple accounts.
- Enhancement: Show new firmware version number and date before installing firmware update.
- Bugfix: Could not clear PIN codes, including the duress PIN, so was not possible to wipe
the main secret, if a duress PIN had been set. 999999-999999 works again now.
- Bugfix: Deleting a multisig wallet that was identical to another wallet, except
for different address type, would lead to an error.
- Bugfix: Standardize on BIP-nn in place of BIPnn in source code, messages and docs.
## 4.0.2 - April 7, 2021
- New feature: "Countdown and Brick" (Mk3 only)
- set a special PIN code, and when used, the Coldcard is immediately bricked while a
normal-looking countdown for login is shown (default 1 hour). As an alternative to
bricking, you can make it consume all but the final PIN attempt.
- Enhancements to "Login Countdown" feature:
- turning off the Coldcard will not clear the countdown, it continues on next power-up.
- login countdown time delays are more accurate now.
- Important: for the first login when firmware runs (immediately after upgrade),
the login countdown delay, if you had previously enabled it, will **not** be
enforced. However, the setting is then migrated to a new spot and takes effect going
forward without any action needed.
- Enhancement: Settings > Display Units: Select how to show Bitcoin amounts when displayed
on-screen. Choices are _BTC_ (default), _mBTC_ (millibit), _bits_ (aka uBTC),
and _sats_ (an integer).
- Enhancement: Settings > Disable USB: New setting to disable USB port if your plan
is air-gap only. Default remains USB port enabled.
- Bugfix: Formatting of larger SD Cards works again (FAT32 support).
- Bugfix: Reject transactions whose outputs are greater than inputs.
- Downgrades to v3 no longer supported.
## 4.0.1 - March 29, 2021
- Fixes security issue in v4.0.0. (3.x.x Unaffected)
- Known issue: formatting of SD Card does not work and leads to a crash.
## 4.0.0 - March 17, 2021
- Major internal changes.
- now using [Bitcoin Core's "libsecp256k1"](https://github.com/bitcoin-core/secp256k1)
for all EC crypto operations
- super fast pure-assembly AES256-CTR code makes USB communications faster
- newly optimized SHA256 and SHA256(SHA256) code
- all crypto and BIP39 related code replaced
- huge thanks to [@switck](https://twitter.com/switck) for the new library!
- Enhancement: During seed phrase import, after 23 words provided, Coldcard will
calculate the correct checksum and show the valid choices for the last word (there
will be 8 typically). This means you can pick seed words by drawing from a hat.
- New feature: Secure Device Cloning. Using a MicroSD card, copy your Coldcard's secrets
and settings to a blank Coldcard. Very quick and easy, uses public key encryption
(Diffie-Hellman key exchange) and AES-256-CBC for the transfer.
- Bugfix: CSV of addresses explorer export via Address Explorer, when account number
was used, did not reflect the (non-zero) account number.
- Enhancement: Reproducible builds! Checkout code, "cd stm32; make repro" should do it all.
- Enhancement: Paper wallet feature restored as it was previously. Same cautions apply.
- Enhancement: Inside encrypted backup files (7z), the cleartext filename is no longer
fixed as `ckcc-backup.txt`. Instead it's a random word and number. Improves plausible
deniability when backup files discovered.
- Enhancement: Show a progress bar during slow parts of the login process.
- Enhancement: Long menus, like the seed-word picking system, now wrap around from top/bottom, so
you can get to Z by going up from A.
- Limitation: Mk2 (older hardware, with less memory) may struggle with some of the new
features, but can still run this firmware release... so you can clone it to your new Mk3!
- HSM/CKBunker mode changes:
- IMPORTANT: users with passwords will have to be reconstructed as hash algo has changed
- when unlocking HSM mode from "boot to HSM mode" (using secret PIN immediately after bootup)
the HSM policy is no longer removed automatically.
- time limit to escape "boot to HSM" mode has doubled from 30 seconds to 1 minute.
- Remaining GPL code has been removed, so license is now MIT+CC on everything.
## 3.2.2 - Jan 14, 2021
- Major Address Explorer enhancements! Thanks go to [@switck](https://twitter.com/switck)
for this major feature bump.
- View sub-accounts as exported, just enter the account number.
- Multisig wallet support! (Caveat: addresses are for verification purposes
and never for direct use as deposit, so they are partially redacted)
- Enter any custom derivation path, by entering numbers directly; for gurus.
- Warning screen can be suppressed after reading first time (press 6)
- Export of addresses now named "addresses.csv" not ".txt"
- Bugfix: Disable a few more path derivation checks for "Skip Checks" for
multisig compatibility. Handles error shown when working
with previously-imported Specter multisig wallets (ie. `multisig.py: 891`).
- Bugfix: Generic wallet export (JSON) name for BIP49 wallets changed
from "p2wpkh-p2sh" to "p2sh-p2wpkh". Thanks [@craigraw](https://twitter.com/craigraw)
## 3.2.1 - Jan 8, 2021
- Major Multisig improvements! If you are using multisig features, please backup
your Coldcard before upgrade, just in case (but shouldn't be a problem).
- Tracks derivation path for each co-signer and no longer assumes
they all use a shared derivation path. Blocks multiple instances of same XFP in the
wallet (not supported anymore, bad idea). Various displays updated to reflect
derivation path change. Text file import: "Derivation:" line can be repeated,
applies to all following xpubs.
- Show Ypub/Zpub formated values from SLIP-132 when viewing details of wallet.
- Standardize on "p2sh-p2wsh" nomenclature, rather than "p2wsh-p2sh", thanks
to [@humanumbrella](https://github.com/humanumbrella). For airgaped multisig wallet
creation, you must use same firmware verison on all Coldcards or this change can
make trouble.
- Address type (p2sh-p2wsh, p2sh, p2wsh) is captured from MS wallets created
by PSBT file import.
- Can now store multiple wallets involving same set of XFP values, if they
have differing subkey paths and/or address formats.
- New mode which disables certain multisig checks to assist bug compatibility.
- Enhancement: Add support for signing Payjoin PSBT files based on
[BIP-78](https://github.com/bitcoin/bips/blob/master/bip-0078.mediawiki).
- Enhancement: Promoted the address explorer to the main menu. It's useful!
(credit to @matt_odell)
- Bugfix: zero-length BIP39 passphrase, when saved, would cause a crash when
restore attempted. We recommend longer passphrases, but fixed the issue.
- Enhancement: Move the "blockchain" setting deeper into the "Danger Zone" and add
warning screen. This mitigates a concern raised by @benma (Marko Bencun) where
an attacker could socially-engineer you to sign a transaction on Testnet, which
corresponds to real UTXO being stolen. Only developers should be using Testnet.
- Bugfix: Display of amounts could be incorrect by a few sats in final digits.
- Bugfix: Incorrect digest method picked when P2SH-P2WSH incorrectly identified as plain P2SH.
- Bugfix: Better error reporting when importing bogus multisig wallet files.
- Enhancement: Files created on MicroSD will have date and time determined by the version
of firmware that made them. Downstream systems might use this to know when the Coldcard
should be upgraded, or which firmware version created the data. Idea from
[@sancoder](https://twitter.com/sancoder)
- Enhancement: Show version of secure element, under Advanced > Upgrade > Show Version.
- Enhancement: Improve 'None of the keys involved...' message to show XFP value actually
found inside PSBT file.
- Enhancement: "Invalid PSBT" errors are shown with more information now.
- Paper Wallet features temporarily removed to free space; will return in future version.
- License changed from GPL to MIT+CC on files for which the GPL doesn't apply.
*See History.md for older entries*