From efb7bf95699887965039e338e865052b6abbd4a8 Mon Sep 17 00:00:00 2001
From: Salvatore Ingala <6681844+bigspider@users.noreply.github.com>
Date: Mon, 26 Feb 2024 16:02:13 +0100
Subject: [PATCH] Clarify TODO about path restrictions in Makefile

---
 Makefile | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 3084033fa..9c8118869 100644
--- a/Makefile
+++ b/Makefile
@@ -21,7 +21,19 @@ endif
 
 include $(BOLOS_SDK)/Makefile.defines
 
-# TODO: compile with the right path restrictions
+# TODO: Compile with the right path restrictions
+#
+#       The right path restriction would be something like
+#         --path "*'/0'"
+#       for mainnet, and
+#         --path "*'/1'"
+#       for testnet.
+#
+#       That is, restrict the BIP-44 coin_type, but not the purpose.
+#       However, this wildcards are currently supported by the OS.
+#
+#       Note that the app still requires explicit user approval before exporting
+#       any xpub outside of a small set of allowed standard paths.
 
 # Application allowed derivation curves.
 CURVE_APP_LOAD_PARAMS = secp256k1