Application Isolation

Checking the apps on the Ledger Nano S

Estimated reading time: 2 minutes

So how do I know that the apps I’m running on my Ledger devices are doing what I intend them to do? What protects me from getting a virus on my Ledger devices?

Ledger solves these problems by utilizing the application isolation technology available in the Secure Element - the ARM Memory Protection Unit and Operating Modes. The Memory Protection Unit is used to natively isolate each app to its own memory region, and apps run in User mode whereas the operating system runs in Supervisor mode. By restricting the device to a single-task model where only one app can run at a time, and each app is isolated from the rest of the device, apps are prevented from accessing your cryptographic secrets on the device unless you explicitly give them permission to.

The access that applications have to cryptographic secrets managed by the operating system can be configured when loading an application onto the device. Instead of accessing secrets like the device’s master seed directly, applications instead have to request the operating system to derive a node from the master seed by providing the operating system with a path to the requested node. When the application is loaded, the BIP 32 paths that the application is permitted to derive nodes from are specified. If the application requests the operating system to derive a node on a path that it is not permitted to use, the request is denied. In this way, many different applications can be loaded onto the device, and each of them can be restricted to a specific subtree of the HD tree depending on the application’s purpose. This process of requesting the operating system to perform an operation as Supervisor is called a syscall, it is discussed in this section.

Still, the importance of only installing apps that you can trust should not be understated. In the next section, we’ll talk about how Ledger’s operating system provides attestation features that allow the device to verify the authenticity of the apps that you’re installing by checking a digital signature that is sent along with apps when they’re loaded onto the device. Additionally, we’ll discuss how Ledger’s platform is open-source friendly which enables you to review the apps that you’re using to manage your assets.

---

Did you find this page helpful?

How would you improve this page for developers?

I am a developer.
Contributors will be chosen randomly to receive rewards. Check this box to send your email and participate.

Ledger collects your email address to send you rewards for your contribution to improve the Developer Portal documentation. Learn more about how we manage your data and your rights.

By providing your email address, you consent that Ledger may contact you for rewards delivery purposes. If you are part of the randomly selected contributors, we will send you an email to ask for your physical address and if necessary, ask you for additional information on the suggestion you made. Your information will only be available to Ledger and will be retained for no longer than 90 days. It may be transferred to non-European countries that ensure an adequate level of protection or under the standard contractual clauses adopted by the EU Commission.

Please note that you may withdraw your consent at any time, access your data and request their rectification or deletion. You may also request the limitation of the processing of your data. To exercise your rights or for any question on the processing of your data, please contact LEDGER’s Data Protection Officer here. If nevertheless you believe LEDGER did not adequately address your concerns and mishandled your data, you may lodge a complaint with the personal data protection authority of your country.

Applications for HD Trees

← Previous

Introduction

Next →