From cebe7c178dddbad849c7a4dfb39ccea3b3f15d63 Mon Sep 17 00:00:00 2001
From: mineracks <git@mineracks.com>
Date: Fri, 26 Jun 2026 14:32:44 +1000
Subject: [PATCH] README: add a plain-language 'what is an HSM' explainer

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index adedfa5..a355e63 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,12 @@
 **An automated treasury tier that signs its own cold→hot refills under on-device policy — with no human
 in the loop, and no single machine able to move a satoshi.**
 
+> **New to the term "HSM"?** A *Hardware Security Module* is a dedicated, tamper-resistant device that holds a
+> private key and signs with it **on the device** — the key is generated inside the chip and can never be
+> extracted, even by the computer it's attached to. Banks and certificate authorities have relied on HSMs for
+> decades to keep signing keys out of reach of a compromised server. Here, each of the three signers is a
+> **Coldcard running in HSM mode**, and a spend needs two of them to independently approve it under policy.
+
 Three hardware signers (Coldcards in HSM mode), each on a separate host — ideally a separate site. A
 **keyless** coordinator builds the refill transaction and fans it to any two of the three. Each device checks
 the transaction against **its own on-device spending policy** (per-transaction cap, velocity limit, address