All Ledger devices pass the genuine check during the onboarding process and then each time when they connect to My Ledger in Ledger Live. Genuine Ledger devices hold a secret key that is set during manufacture. Only a genuine Ledger device can use its key to provide the cryptographic proof required to connect with Ledger’s secure server.
Advanced users additionally can check the hardware integrity of the Ledger device to check that it has not been tampered with. This article contains detailed technical information about the security of your device.
Important notice
- Please note that opening your Ledger device will void the warranty.
- Once opened, your Ledger device will no longer be refundable or exchangeable.
Microcontroller (MCU)
The Secure Element checks the full microcontroller flash at boot, as described in this blog post. If it has been modified, you'll get a warning at boot. As an additional check, you can open the device to verify that no additional chip has been added, compared with the images below, and that the MCU is an STM32WB55 (on revisions 1, 2, 3) and STM32WB35 (on revision 4).
Hardware revisions
Revision 4
- Green PCB
Front of the PCB
Back of the PCB
Revision 3
- Black PCB
Front of the PCB
Back of the PCB
Revision 2
- Black PCB
Front of the PCB
Back of the PCB
Revision 1
- Black PCB
Front of the PCB
Back of the PCB
Secure Element attestation
The Secure Element itself is personalized at factory with an attestation proving that it has been manufactured by Ledger. You can verify it by running
pip install --no-cache-dir ledgerblue
python -m ledgerblue.checkGenuineRemote --targetId 0x33000004
The source code is available here.
Application verification
When opening an application, a Non Genuine warning is displayed if the app has not been signed by Ledger. A modified User Interface (as found in https://github.com/LedgerHQ/nanos-ui) will also display a warning message on boot.
Root of trust
The root of trust for the current batch is the following secp256k1 public key:
0490f5c9d15a0134bb019d2afd0bf2971497384597
06e7ac5be4abc350a1f818057224fce12ec9a65de18ec34
d6e8c24db927835ea1692b14c32e9836a75dad609
- as checked here Genuine.py
Microcontroller (MCU)
The Secure Element checks the full microcontroller flash at boot, as described in this blog post. If it has been modified, you'll get a warning at boot. As an additional check, you can open the device to verify that no additional chip has been added (referring to the attached picture) and that the MCU is an stm2f042k6 (with 32 Kb flash, as a bigger flash could contain code fooling the Secure Element validation). Markings on the chip can vary but you should see the string "042K6".
Hardware revisions
Revision 1
- Blue PCB
- Black glue
Revision 2
- Green PCB
- Black or transparent glue [not pictured].
Revision 3
- Blue PCB
- Black glue
Revision 4
- Blue PCB
- Hole in the PCB
Revision 5
- Blue PCB
Revision 5 bis
- Blue PCB
Revision 6
- Blue PCB
Revision 7
- Blue PCB or Green PCB
- Thin display cable
Secure Element attestation
The Secure Element itself is personalized at factory with an attestation proving that it has been created by us. You can verify it by running
pip install --no-cache-dir ledgerblue
Then on firmware 1.3.1 or below
python -m ledgerblue.checkGenuineRemote --targetId 0x33000004
Or on firmware 1.4.1 and above
python -m ledgerblue.checkGenuineRemote --targetId 0x33000004
The source code is available here.
Application verification
When opening an application, a Non Genuine warning is displayed if it is not signed by Ledger. A modified User Interface (as found in https://github.com/LedgerHQ/nanos-ui) will also display a warning message on boot.
Root of trust
The root of trust for the current batch is the following secp256k1 public key :
0490f5c9d15a0134bb019d2afd0bf297
149738459706e7ac5be4abc350a1f818057224fce12ec9a65de18ec34d
6e8c24db927835ea1692b14c32e9836a75dad609
- as checked here Genuine.py
Microcontroller (MCU)
The Secure Element checks the full microcontroller flash at boot, as described in this blog post. If it has been modified, you'll get a warning at boot. As an additional check, you can open the device to verify that no additional chip has been added, compared with the images below, and that the MCU is an STM32F042K6U6.
Hardware revisions
(Front of the PCB)
(Back of the PCB)
Secure Element attestation
The Secure Element itself is personalized at factory with an attestation proving that it has been created by us. You can verify it by running:
pip install --no-cache-dir ledgerblue
python -m ledgerblue.checkGenuineRemote --targetId 0x33000004
The source code is available here.
Application verification
When opening an application, a Non Genuine warning is displayed if it is not signed by Ledger. A modified User Interface (as found in https://github.com/LedgerHQ/nanos-ui) will also display a warning message on boot.
Root of trust
The root of trust for the current batch is the following secp256k1 public key :
0490f5c9d15a0134bb019d2afd0bf297
149738459706e7ac5be4abc350a1f818057224fce12ec9a65de18ec34d
6e8c24db927835ea1692b14c32e9836a75dad609
- as checked here Genuine.py