Ledger devices use smartcard chips also called Secure Elements—they are the best technology implementing several hardware countermeasures against potential attacks even with a physical access.
Smartcard technologies also allow a root of trust, enabling the secure element to prove they are genuine and not tampered, thus can be trusted even in complex supply chain scenarios. Because this know-how is the IP of manufacturers, they don’t want it leaked, preventing Ledger’s firmware from being fully open source.
Here at Ledger we strongly believe in open source. It’s one of our core values, a great philosophy that advocates openness, and verifiability. Open source allows developers and security experts to review the code and ensure it is secure and not malicious.
Open source means you don’t need to trust. That’s why we have decided to accelerate our open-sourcing roadmap.
The roadmap
Most of our products are already open source. Many developers contribute to Ledger Live, Ledger devices, and more. Together, we built over 150 open-source apps that run on our different devices.
We recently open-sourced our cryptography library (which is part of our OS), and we will publish the whitepaper of Ledger Recover very soon, allowing everyone to audit the cryptographic protocols and enable people to build their own fragments backup provider. We will not launch Ledger Recover until the code is published.
We’ll gradually open-source most of our OS, starting with Ledger Recover, to make it as auditable as possible. We’ll release the Ledger Recover product as soon as this firmware part of the code is published.
The other parts will take a little more time since it needs to be refactored to abstract the chip-specific characteristics under NDA from our OS.
Open-sourcing has always been at the core of our roadmap, and recent events emphasize the importance of accelerating our initiative to bring greater verifiability to everything we do at Ledger.