By Jemima Conlon
Oct 24, 2023 | Updated Jul 19, 2024
Read 8 min
Beginner
| KEY TAKEAWAYS: |
| — The Ledger, consisting of both hardware and software, stands for security first, but it also is committed to open sourcing as much of its tech as possible to make its ecosystem as trustless as possible. — Ledger Live is fully open source, with parts of the OS following suit, including the cryptographic library, Ledger Recover and more. — Ledger devices have never been hacked; due to the Ledger Security Model protecting each of its devices and apps. |
The Ledger ecosystem goes way beyond hardware, aiming to give users the knowledge and power to look after their own assets. Offering world-class security is at the core of Ledger’s ethos—not just for its hardware but for its software too. A team of world-class engineers and the white hat hackers in the Ledger Donjon work together to protect your assets from physical and digital threats when transacting within the ecosystem.
Alongside this focus on security, Ledger also has a few other core tenets; namely, a dedication to trust and self-custody.
So on the topic of trust, you may wonder which parts of the Ledger ecosystem are available to review. So, let’s explore the Ledger ecosystem to understand the approach.
Is Ledger Open Source?
Firstly, let’s make it clear that Ledger is committed to transparency, releasing as much of its code as possible for review. But when faced with choosing to fully open-source our code versus offering uncompromising security, Ledger chooses the more secure approach.
Let’s dive into the Ledger ecosystem’s codebase to understand how.
Is Ledger Live Open Source?
Yes, Ledger Live code is completely open source under an MIT license, meaning you are free to copy or fork it at will. That means anyone can become a developer of an app on Ledger Live. Some developers might create a solo integration where there is no interaction with Ledger, no code review, or Ledger-led support for your community. This is completely fine, but the rarer of the two options.
The other option is to launch your blockchain app fully in Ledger Live. This involves various Ledger teams, including product, and support, which will help you release an app that pleases everyone. But no matter which you choose, Ledger Live code is completely open-source: the choice is yours.
Is Ledger’s Operating System (OS) Open Source?
Ledger’s operating system is partially reviewable and verifiable. The code for the commands dispatcher and the Ledger Recover entry points implementation is available for review and verification, however, Ledger’s agreement with the maker and provider of this chip, STMicroelectronics, legally prevents us from exposing the low-level code that talks to the hardware blocks of the Secure Element.
This is simply because the designers of the Secure Element have invested billions over the last decades in building an effectively secure chip. They want to keep their competitive advantage and so prevent firmware developers from disclosing parts of the code that are circuit-dependent.
Ledger’s reasoning for opting for the Secure Element is simple: it’s designed for security, drastically improving its resistance against side-channel, fault, and software attacks.
Given the choice of using the Secure Element and open-sourcing the majority of our code, versus using a less secure chip and open-sourcing the entire OS; Ledger chooses the more secure approach.
This is for a few key reasons. First of all, all chips rely on low-level code, so whichever chip a hardware wallet provider opts for, there will always be a level of trust involved. Secondly, Secure Element chips offer unparalleled anti-tamper measures that allow you to trust the integrity of your device’s operating system.
So which parts of the Ledger ecosystem are open source or available to review?
Most of Ledger’s products are open source or available to review, including; Ledger Live app, our Wallet API, Secure SDK (including crypto library and its documentation), embedded applications, the OS commands dispatcher and the Entry points of Ledger Recover implementation.
So while Ledger’s Operating System is not fully reviewable, lots of elements within it are. Transparency has always been a key consideration for Ledger, as outlined in our review-ready roadmap here.
How Can I Trust Closed Source Code?
Firstly, Ledger has implemented a “genuine check” allowing you to check the authenticity of your device and its OS. Plus, all of the firmware is thoroughly battle-tested for bugs and vulnerabilities in the Ledger Donjon.
To ensure our operating system is safe, even from potentially malicious code deployed by a rogue employee, Ledger uses a renowned third-party security laboratory to audit our operating system entirely. The audits are conducted before each OS release, so you can rest assured there are no backdoors and no vulnerabilities at the OS level.
Is My Crypto Safe on a Ledger?
Yes—your crypto is safe within the Ledger ecosystem: Ledger devices have never been hacked. This is due to a combination of security measures:
Firstly, Ledger devices sign transactions offline and operate separately from your internet-connected device, protecting your assets from malware and spyware. It also uses a secure Element chip, which protects your device from physical attack. The screen of a Ledger device stands out for being driven directly by the Secure Element, meaning it will always show accurate transaction details. And of course, BOLOS provides the all-important encryption, guaranteeing your apps remain isolated. These pieces, alongside the rest of Ledger’s proven security model, keep your digital assets safe from remote and physical attacks, and sometimes even your own mistakes.
Ledger Can’t Protect You From Human Error
However, transactions from apps outside the ecosystem may not be so easy to understand. Unfortunately, the Ledger ecosystem can not protect you from mistakes. Thus, it’s imperative to be vigilant of malicious smart contracts that prompt you to sign away your assets when using a Ledger device in conjunction with a third-party wallet.
In the same vein, you should make sure never to reveal your secret recovery phrase or private keys. While Ledger devices can protect your private keys from online threats, they cannot prevent you from revealing your secret recovery phrase by storing it in the cloud or in an unsafe environment. Make sure to keep your secret recovery phrase in a safe and secret location so that the only person with access to your account is you.
With self-custody comes responsibility, so ultimately the final gatekeeper is you.
