Check hardware integrity

Check the hardware integrity of your Ledger Nano X device to check that it has not been tampered with. This article contains detailed technical information about the security of your device. 

  Caution

Please handle the Ledger Nano X device with high care while you proceed. Be aware that once opened, your device will not be refundable or exchangeable.

Microcontroller (MCU)

The Secure Element checks the full microcontroller flash at boot, as described in this blog post. If it has been modified, you'll get a warning at boot. As an additional check, you can open the device to verify that no additional chip has been added, compared with the images below, and that the MCU is an STM32WB55.

Hardware revisions

Revision 1

  • Black PCB

LedgerNanoX_PCB_rev1.jpg

Front of the PCB

LedgerNanoX_PCBrev1_2.jpgBack of the PCB

Secure Element attestation

The Secure Element itself is personalized at factory with an attestation proving that it has been manufactured by Ledger. You can verify it by running

pip install --no-cache-dir ledgerblue

Then, on firmware 1.1.6

  python -m ledgerblue.checkGenuine --targetId 0x33000004

The source code is available here.

Application verification

When opening an application, a Non Genuine warning is displayed if the app has not been signed by Ledger. A modified User Interface (as found in https://github.com/LedgerHQ/nanos-ui) will also display a warning message on boot.

Root of trust

The root of trust for the current batch is the following secp256k1 public key:

0490f5c9d15a0134bb019d2afd0bf297149738459706e7ac5be4abc350a1f818057224fce12ec9a65de18ec34d6e8c24db927835ea1692b14c32e9836a75dad609

- as checked here Genuine.py

Was this article helpful?
1 out of 4 found this helpful