Check the hardware integrity of your Ledger Nano X device to check that it has not been tampered with. This article contains detailed technical information about the security of your device.
Please handle the Ledger Nano X device with high care while you proceed. Be aware that once opened, your device will not be refundable or exchangeable.
The Secure Element checks the full microcontroller flash at boot, as described in this blog post. If it has been modified, you'll get a warning at boot. As an additional check, you can open the device to verify that no additional chip has been added, compared with the images below, and that the MCU is an STM32WB55.
- Black PCB
Front of the PCB
Back of the PCB
Secure Element attestation
The Secure Element itself is personalized at factory with an attestation proving that it has been manufactured by Ledger. You can verify it by running
pip install --no-cache-dir ledgerblue
Then, on firmware 1.1.6
python -m ledgerblue.checkGenuine --targetId 0x33000004
The source code is available here.
When opening an application, a Non Genuine warning is displayed if the app has not been signed by Ledger. A modified User Interface (as found in https://github.com/LedgerHQ/nanos-ui) will also display a warning message on boot.
Root of trust
The root of trust for the current batch is the following secp256k1 public key:
- as checked here Genuine.py