Beware of phishing attacks, Ledger will never ask for the 24 words of your recovery phrase. Never share them. Learn more

Ledger’s approach to open-source software

At Ledger, we strongly believe in an open-source approach. It's a great set of principles that advocates openness and transparency, some of our core values. That's why we're constantly working towards making source code components available, reviewable, and auditable.

What's open-source

Most of Ledger’s code is open source. Here is where you can review it:

What's available for review and verification

The following components of the Ledger OS are available for review and verification. You can review them yourself:

We are actively working in gradually releasing additional parts of the Ledger OS. 

What’s closed-source

Ledger devices use smartcard chips called Secure Elements (SE) — the advanced technology implementing several hardware countermeasures against potential attacks even with physical access. In the Ledger OS, some part of the code is tied to the security peripherals of the Secure Element. These peripherals are Secure Elements manufacturer’s proprietary intellectual property (IP). Revealing how the software drives these peripherals would reveal information protected by IP.

Why do we use Secure Elements?

As part of their security capabilities, Secure Elements allow businesses to implement a robust root of trust through this protection and prove that their products are genuine and not tampered with, including in complex supply chain environments. Secure Element adds a security layer, leveraged by the OS, which drastically improves the resistance against side-channel, fault, and software attacks.

Open-source software reduces the need for trust from users, however, it's not entirely bulletproof. Open-source software on non-secure chips will still be highly vulnerable to side-channel and fault attacks. Given the choice of using the Secure Element and being almost completely open-source vs using a non secure chip and being fully open-source, Ledger chooses the more secure approach. 

Ensuring security and integrity of OS releases

With every OS release, our team of cybersecurity experts Donjon performs a security audit before a new version is in production. The audit includes a Secure Element code review to make sure that there are no vulnerabilities to attacks such as side-channel, fault, and software attacks. 

In addition, Ledger is partnering with a renowned third-party security laboratory (under an NDA) that will be able to audit our OS entirely, including the closed-source part, and ensure that there is no malicious code or backdoor injected. This audit will be done before every OS release.

What does the OS audit process look like?

  • The third-party security laboratory will review the entire code of our OS, including the one that is closed-source. 
  • Their main focus will be on the parts where malicious code or backdoor can be implemented.
  • The laboratory will create a report and describe the context of the audit, architecture of the system, hash to confirm that specific code was audited, timeline, version history, and finally - results.

Ledger is also working with another renowned third-party laboratory (under NDA) that can audit Ledger's products in full, including hardware, OS, and application mechanisms, granting CSPN security certification. 

This audit is done every time a new Ledger hardware wallet is released (but not every OS release):

To sum up 

Ledger’s main focus is security. For that purpose, we have multiple lines of defense including the use of Secure Elements, internal and external audits, and a bounty program. Additionally, we want to reduce the need for trust by making more of our code available for review and verification, and by publishing more of our OS components while respecting the intellectual property of our Secure Element vendor.

Was this article helpful?