Check hardware integrity

All Ledger devices pass the genuine check during the onboarding process and then each time when they connect to Manager in Ledger Live. Genuine Ledger devices hold a secret key that is set during manufacture. Only a genuine Ledger device can use its key to provide the cryptographic proof required to connect with Ledger’s secure server.

Advanced users additionally can check the hardware integrity of the Ledger device to check that it has not been tampered with. This article contains detailed technical information about the security of your device. 

Important notice

  • Please note that opening your Ledger device will void the warranty.
  • Once opened, your Ledger device will no longer be refundable or exchangeable.
Ledger Nano X Ledger Nano S Ledger Nano S Plus

Microcontroller (MCU)

The Secure Element checks the full microcontroller flash at boot, as described in this blog post. If it has been modified, you'll get a warning at boot. As an additional check, you can open the device to verify that no additional chip has been added, compared with the images below, and that the MCU is an STM32WB55 (on revisions 1, 2, 3) and STM32WB35 (on revision 4).

Hardware revisions

Revision 4

  • Green PCB

revision_4_front.jpg

Front of the PCB

revision_4_back.jpg

Back of the PCB

Revision 3

  • Black PCB

revision_3_front.jpg

Front of the PCB

revision_3_back.jpg

Back of the PCB

Revision 2

  • Black PCB

LedgerNanoX_PCB_rev1.jpg

Front of the PCB

LedgerNanoX_PCBrev1_2.jpg

Back of the PCB

Revision 1

  • Black PCB

LedgerNanoX_PCB_rev1.jpg

Front of the PCB

LedgerNanoX_PCBrev1_2.jpg

Back of the PCB

Secure Element attestation

The Secure Element itself is personalized at factory with an attestation proving that it has been manufactured by Ledger. You can verify it by running

pip install --no-cache-dir ledgerblue
python -m ledgerblue.checkGenuineRemote --targetId 0x33000004

The source code is available here.

Application verification

When opening an application, a Non Genuine warning is displayed if the app has not been signed by Ledger. A modified User Interface (as found in https://github.com/LedgerHQ/nanos-ui) will also display a warning message on boot.

Root of trust

The root of trust for the current batch is the following secp256k1 public key:

0490f5c9d15a0134bb019d2afd0bf2971497384597
06e7ac5be4abc350a1f818057224fce12ec9a65de18ec34
d6e8c24db927835ea1692b14c32e9836a75dad609

- as checked here Genuine.py

Was this article helpful?