You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You can access the JTAG of the unsecured chip on Ledger Nano X, this allows you to verify the loaded firmware.
This seems outdated. Ledger saying in another place which I quote below that the JTAG interface has been disabled. This I reported already in 2021. (LedgerHQ/ledger-live-desktop#3672) Which lead to the following criticism:
This is misleading, because Ledger currently does not actually publish any hashes that would make it possible to check the memory contents against a known firmware image.
Not a good practice to redirect public security / documentation related issues to private.
Contacting https://support.ledger.com/ is a dead-end. In my experience, no useful answers ever or any meaningful follow-up. It doesn't result in anyone with permission and knowledge to make any changes having a ticket created and ever taking action. Hence, a waste of time.
If you're interested in actually ever fixing this, please provide a public issue tracker. Otherwise and most likely, I consider this a wontfix.
on the other end, this repository is only about the frontend parts of our stack and is only watched by Ledger Live developers. (which we tried to make clearer on the template https://github.com/LedgerHQ/ledger-live/issues/new/choose )
Impacted Library name
FAQ
Impacted Library version
2023
Describe the bug
Quote https://support.ledger.com/hc/en-us/articles/360015216913-Frequently-asked-questions
This seems outdated. Ledger saying in another place which I quote below that the JTAG interface has been disabled. This I reported already in 2021. (LedgerHQ/ledger-live-desktop#3672) Which lead to the following criticism:
Quote https://blog.kraken.com/post/5590/kraken-security-labs-supply-chain-attacks-against-ledger-nano-x/
Quote https://www.ledger.com/enhancing-the-ledger-nano-xs-security
Please update FAQ regarding:
Expected behavior
Up-to-date FAQ.
Additional context
No response
The text was updated successfully, but these errors were encountered: