coldcard/firmware
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
bc511ee34c
firmware/releases/ChangeLog.md
Peter D. Gray d53dc15fa4
Bump to v4.1.9 and changelog
2023-06-26 08:02:40 -04:00

14 KiB
Raw Blame History

4.1.9 - Jun 26, 2023

  • Bugfix: QR codes could not be rendered in 4.1.8 release due to a regression.

4.1.8 - Jun 19, 2023

  • Bugfix: "Validating..." screen would be shown twice in some cases. Improves signing performance.
  • Bugfix: Reproducible builds corrected.

4.1.7 - Nov 15, 2022

  • Bugfix: Upgrades to 4.1.6 version using SD Card did not work due to an obscure alignment bug. USB upgrade did work. A workaround to this issue has been added for this release.

4.1.6 - Oct 5, 2022

  • Bugfix: order of multisig wallet registration does NOT matter in PSBT signing
  • Bugfix: allow unknown scripts in HSM mode
  • Enhancement: OP_RETURN is now a known script and is displayed in ascii if possible

4.1.5 - May 4, 2022

  • Enhancement: Support P2TR outputs (pay to Taproot) in PSBT files. Allows on-screen verification of P2TR destination addresses (bc1p..) so you can send your BTC to them. Does not support signing, so you cannot operate a Taproot wallet with Mk3 COLDCARD as the signing device.
  • Bugfix: Yikes error shown during BIP-85 menu operation.
  • Enhancement: Rename "Derive Entropy" to "Derive Seed B85" to match Mk4 menus

4.1.4 - Apr 26, 2022

  • Enhancement: if an XFP of zero is seen in a PSBT file, assume that should be replaced by our current XFP value and try to sign the input (same for change outputs and change-fraud checks). This makes building a workable PSBT file easier and could be used to preserve privacy of XFP value itself. A warning is shown when this happens.
  • Enhancement: "Advanced > Export XPUB" provides direct way to show XPUB (or ZPUB/YPUB) for BIP-84 / BIP-44 / BIP-49 standard derivations, as a QR. Also can show XFP and master XPUB.
  • Bugfix: Updated domain name from coldcardwallet.com to coldcard.com in docs and few on-screen messages.
  • Bugfix: allow sending to scripts that we cannot parse, with a warning, to support OP_RETURN and other outputs we don't understand well (yet).

4.1.3 - Sep 2, 2021

  • Enhancement: support "importdescriptors" command in Bitcoin Core 0.21 so that a descriptor-based wallet is created. PSBT files are then supported natively by Core, and the resulting desktop wallet can be used for spending (ie. create PSBT via GUI) and also watching. Translation: Easy air-gap PSBT operation with Bitcoin Core!
  • Enhancement: remove "m/0/0" derivations from public.txt and address explorer, since that path is obsolete and not used by any major wallets now. We can still sign PSBT files with that path, but it's an unnecessary risk to show derived addresses for a type of wallet that doesn't exist anymore.
  • Enhancement: if PSBT input sections don't contain the key path information we need, show a more specific error message.
  • Bugfix: a PSBT which provided the wrong pubkey (based on UTXO being spent) was not flagged as invalid, but instead we proceeded to do nothing. Now says "pubkey vs. address wrong".
  • Bugfix: if asked to serialize a partially-signed transaction, we did. Now fails properly.
  • Bugfix: if multiple copies of the same BIP-39 passphrase were saved to a card, the menu would not display correctly and you might not be able to select your saved value.

4.1.2 - July 28, 2021

  • Enhancement: Shows QR code with BIP-85 derived entropy value if you press (3) while value shown on-screen. Thanks to @opennoms for idea. Works with 12/18/24-words, XPRV, privatekey and even hex cases.
  • Enhancement: Offer to show QR in other places:
    • Coldcard's main XPUB, in Advanced > View Identity
    • Seed words, during picking process (before the quiz)
    • Stored seed words: Advanced > Danger Zone > Seed Functions > View Seed Words
    • TXID of just-signed transaction (64 hex digits)
    • Encryption password for the system backup file (12 words)
  • Enhancement: We now grind a nonce so that our signatures are always 71 bytes or shorter. This may save a byte in transaction size, and makes our signatures identical to those produced by Bitcoin Core, improving anonymity on-chain. Thanks to @craigraw for detecting this.
  • Bugfix: On a blank Coldcard, after importing a seed phrase using the Seed XOR feature, the main menu was not updated to show system is "Ready To Sign".
  • Bugfix: Red caution light could happen (a false positive) if a specific sequence of firmware upgrades and reboots occurred in the right order. Issue could only occur once during lifetime of any particular Coldcard.

4.1.1 - April 30, 2021

  • Bugfix/Enhancement: Unchained Capital was using the P2SH (BIP-45) value we exported in our multisig wallet file (removed in 4.1.0). So we've restored that, added BIP-45 path to our generic JSON export (if account number is zero), and added a dedicated menu item: Advanced > MicroSD > Export > Unchained Capital

4.1.0 - April 29, 2021

  • New feature: Seed XOR -- split your secret BIP-39 seed into 2 (or 3 or 4) new seed phrases
    • any combination of found seed word phrases is a fully working wallet (great for duress)
    • still 24 words, and can be encoded onto a SEEDPLATE
    • all parts are required to be known to get back to original seed phrase (not M of N, always N of N),
    • your existing seed can be split by Coldcard (one already in use)
    • you can do the math on paper, and it's possible to split/combine without the Coldcard
    • see docs/seed-xor.md for more, and the paper tools you need are available at https://github.com/Coldcard/wordlist-paper
  • Enhancement: Add support for BIP-48 derivations when exporting generic JSON (including the accounts number) under Advanced > MicroSD Card > Export Wallet > Generic JSON. These are targeted towards multisig wallets, such as Sparrow
  • Enhancement: Ask for account number when creating Multisig Wallets via air-gapped Coldcards. Use account zero for compatibility with previous versions. No need to use same account number on each participating Coldcard, but we recommend that. Creating new P2SH (BIP-45) type air-gapped wallets has been removed since it cannot support multiple accounts.
  • Enhancement: Show new firmware version number and date before installing firmware update.
  • Bugfix: Could not clear PIN codes, including the duress PIN, so was not possible to wipe the main secret, if a duress PIN had been set. 999999-999999 works again now.
  • Bugfix: Deleting a multisig wallet that was identical to another wallet, except for different address type, would lead to an error.
  • Bugfix: Standardize on BIP-nn in place of BIPnn in source code, messages and docs.

4.0.2 - April 7, 2021

  • New feature: "Countdown and Brick" (Mk3 only)
    • set a special PIN code, and when used, the Coldcard is immediately bricked while a normal-looking countdown for login is shown (default 1 hour). As an alternative to bricking, you can make it consume all but the final PIN attempt.
  • Enhancements to "Login Countdown" feature:
    • turning off the Coldcard will not clear the countdown, it continues on next power-up.
    • login countdown time delays are more accurate now.
    • Important: for the first login when firmware runs (immediately after upgrade), the login countdown delay, if you had previously enabled it, will not be enforced. However, the setting is then migrated to a new spot and takes effect going forward without any action needed.
  • Enhancement: Settings > Display Units: Select how to show Bitcoin amounts when displayed on-screen. Choices are BTC (default), mBTC (millibit), bits (aka uBTC), and sats (an integer).
  • Enhancement: Settings > Disable USB: New setting to disable USB port if your plan is air-gap only. Default remains USB port enabled.
  • Bugfix: Formatting of larger SD Cards works again (FAT32 support).
  • Bugfix: Reject transactions whose outputs are greater than inputs.
  • Downgrades to v3 no longer supported.

4.0.1 - March 29, 2021

  • Fixes security issue in v4.0.0. (3.x.x Unaffected)
  • Known issue: formatting of SD Card does not work and leads to a crash.

4.0.0 - March 17, 2021

  • Major internal changes.
    • now using Bitcoin Core's "libsecp256k1" for all EC crypto operations
    • super fast pure-assembly AES256-CTR code makes USB communications faster
    • newly optimized SHA256 and SHA256(SHA256) code
    • all crypto and BIP39 related code replaced
    • huge thanks to @switck for the new library!
  • Enhancement: During seed phrase import, after 23 words provided, Coldcard will calculate the correct checksum and show the valid choices for the last word (there will be 8 typically). This means you can pick seed words by drawing from a hat.
  • New feature: Secure Device Cloning. Using a MicroSD card, copy your Coldcard's secrets and settings to a blank Coldcard. Very quick and easy, uses public key encryption (Diffie-Hellman key exchange) and AES-256-CBC for the transfer.
  • Bugfix: CSV of addresses explorer export via Address Explorer, when account number was used, did not reflect the (non-zero) account number.
  • Enhancement: Reproducible builds! Checkout code, "cd stm32; make repro" should do it all.
  • Enhancement: Paper wallet feature restored as it was previously. Same cautions apply.
  • Enhancement: Inside encrypted backup files (7z), the cleartext filename is no longer fixed as ckcc-backup.txt. Instead it's a random word and number. Improves plausible deniability when backup files discovered.
  • Enhancement: Show a progress bar during slow parts of the login process.
  • Enhancement: Long menus, like the seed-word picking system, now wrap around from top/bottom, so you can get to Z by going up from A.
  • Limitation: Mk2 (older hardware, with less memory) may struggle with some of the new features, but can still run this firmware release... so you can clone it to your new Mk3!
  • HSM/CKBunker mode changes:
    • IMPORTANT: users with passwords will have to be reconstructed as hash algo has changed
    • when unlocking HSM mode from "boot to HSM mode" (using secret PIN immediately after bootup) the HSM policy is no longer removed automatically.
    • time limit to escape "boot to HSM" mode has doubled from 30 seconds to 1 minute.
  • Remaining GPL code has been removed, so license is now MIT+CC on everything.

3.2.2 - Jan 14, 2021

  • Major Address Explorer enhancements! Thanks go to @switck for this major feature bump.
    • View sub-accounts as exported, just enter the account number.
    • Multisig wallet support! (Caveat: addresses are for verification purposes and never for direct use as deposit, so they are partially redacted)
    • Enter any custom derivation path, by entering numbers directly; for gurus.
    • Warning screen can be suppressed after reading first time (press 6)
    • Export of addresses now named "addresses.csv" not ".txt"
  • Bugfix: Disable a few more path derivation checks for "Skip Checks" for multisig compatibility. Handles error shown when working with previously-imported Specter multisig wallets (ie. multisig.py: 891).
  • Bugfix: Generic wallet export (JSON) name for BIP49 wallets changed from "p2wpkh-p2sh" to "p2sh-p2wpkh". Thanks @craigraw

3.2.1 - Jan 8, 2021

  • Major Multisig improvements! If you are using multisig features, please backup your Coldcard before upgrade, just in case (but shouldn't be a problem).
    • Tracks derivation path for each co-signer and no longer assumes they all use a shared derivation path. Blocks multiple instances of same XFP in the wallet (not supported anymore, bad idea). Various displays updated to reflect derivation path change. Text file import: "Derivation:" line can be repeated, applies to all following xpubs.
    • Show Ypub/Zpub formated values from SLIP-132 when viewing details of wallet.
    • Standardize on "p2sh-p2wsh" nomenclature, rather than "p2wsh-p2sh", thanks to @humanumbrella. For airgaped multisig wallet creation, you must use same firmware verison on all Coldcards or this change can make trouble.
    • Address type (p2sh-p2wsh, p2sh, p2wsh) is captured from MS wallets created by PSBT file import.
    • Can now store multiple wallets involving same set of XFP values, if they have differing subkey paths and/or address formats.
    • New mode which disables certain multisig checks to assist bug compatibility.
  • Enhancement: Add support for signing Payjoin PSBT files based on BIP-78.
  • Enhancement: Promoted the address explorer to the main menu. It's useful! (credit to @matt_odell)
  • Bugfix: zero-length BIP39 passphrase, when saved, would cause a crash when restore attempted. We recommend longer passphrases, but fixed the issue.
  • Enhancement: Move the "blockchain" setting deeper into the "Danger Zone" and add warning screen. This mitigates a concern raised by @benma (Marko Bencun) where an attacker could socially-engineer you to sign a transaction on Testnet, which corresponds to real UTXO being stolen. Only developers should be using Testnet.
  • Bugfix: Display of amounts could be incorrect by a few sats in final digits.
  • Bugfix: Incorrect digest method picked when P2SH-P2WSH incorrectly identified as plain P2SH.
  • Bugfix: Better error reporting when importing bogus multisig wallet files.
  • Enhancement: Files created on MicroSD will have date and time determined by the version of firmware that made them. Downstream systems might use this to know when the Coldcard should be upgraded, or which firmware version created the data. Idea from @sancoder
  • Enhancement: Show version of secure element, under Advanced > Upgrade > Show Version.
  • Enhancement: Improve 'None of the keys involved...' message to show XFP value actually found inside PSBT file.
  • Enhancement: "Invalid PSBT" errors are shown with more information now.
  • Paper Wallet features temporarily removed to free space; will return in future version.
  • License changed from GPL to MIT+CC on files for which the GPL doesn't apply.

See History.md for older entries