v0.11.1

This release contains an important security feature, improved camera scanning,
easier building on macOS. Upgrading is strongly encouraged for the improved
security.

Constant time engraving

Before this release nearby attackers could deduce a seed phrase from the
sound of the engraving needle during engraving.

This release engraves seed phrases and seed QR codes such that the sound
profile of the needle is independent of the seed. That is, two recordings
of the needle engraving two different seeds of the same length will look
the same and are therefore useless to extract the seeds.

Note that only the seed words and QR codes are engraved in this manner;
the sound profile still leaks:

• The length of your seed (e.g. 12 vs 24 words)
• The master fingerprint
• The output descriptor

None of which can be used for spending from the wallet, but can be used by
an attacker to reconstruct a watch-only wallet to monitor transactions and
balance.

Improved camera scanning

Before this release, there were two inefficiencies in QR code scanning:

The RaspberryPi first generation camera has a fixed focus at around 50cm
from the camera lens. This means that bringing, say, a QR code closer to the
camera is counter-productive: the increased resolution gained from the smaller
distance is lost to blurryness of the focus loss.

The CPU of the Raspberry Pi Zero cannot detect QR codes in the full resolution of
the camera at interactive speeds. To counter that, scanning would process
a down-scaled image, leading to further loss of resolution.

This release implements scanning of a digitally zoomed, not scaled, version of the full
resolution of the camera sensor. No scaling means no loss of resolution, and
zooming means that QR codes must be moved further away from the lens, gaining
sharpness from focus.

As an additional tuning, the auto-exposure algorithm is now configured to avoid over-
exposing highlights. This helps scanning QR codes off a bright screen in a dark
environment.

Certain lighting conditions makes the QR codes appear lighter than their backgrounds on
steel plates. This release adds detection of such inverted codes.

Optimized display driver

This release implements support for the Linux panel-mipi-dbi driver for the Waveshare
display, resulting in a more responsive user interface. As a bonus, any crashes
will print the crash message to the screen instead of just freezing the display.
Using the Linux driver also makes supporting other display hardware easier.

Easier building on macOS

The build process no longer needs a separate Linux virtual machine when building
on macOS. In other words, Nix is now the only prerequisite for building a complete
image from source.

Building from source is always preferable to trusting our (or other users') disk
images, in particular because builds are not yet reproducible.

Minor changes

• Reduced move speed for higher quality engravings
• Support multisig wallets with only one key. Wallets such as Sparrowcan generate single key wallets in a multisig configuration.
• Disable Raspberry Pi powersaving to squeeze out more performance from the CPU.The camera scanning screen now scans 10-15% faster.
• Upgrade to Linux kernel 6.1
• Upgrade to libcamera 0.0.5
• Use gcc everywhere instead of a mix of gcc and clang.
• Exercise the engraving needle a bit to avoid it being stuck in the first part of an engraving.
• Reject Electrum seeds with a better error message.
• Use the "dwc2" Linux USB driver instead of "dwc_otg" for better compatibility and simpler debugging.
• Fix a potential crash scanning QR codes containing text seed phrases.
• Reject QR seeds with invalid checksum.
• After successfully engraving a plate, leave the seed screen to allow more intuitive input of another.