Dec 10

A Closer Look Into Ledger Security: Our Custom Operating System – BOLOS

Ledger designed its own Operating System called Blockchain Open Ledger Operating System (or abbreviated: BOLOS).

What is an Operating System?

“An operating system (OS) is system software that manages computer hardware and software resources and provides common services for computer programs.”
Wikipedia

A good example of an OS that you use everyday can be found on your computer. By having an Operating System, for example Windows or Mac OS, you can install applications (example: Microsoft Word) to make using your computer much more user-friendly and accessible.

Why make a custom Operating System?

Specific devices need specific Operating Systems. You would not use the same OS you have on your mobile phone to handle your cars’ audio and navigation system. To get the most out of our hardware wallets, we have developed BOLOS to increase its security and to create a user-friendly interface.

If your firmware is designed in a very monolithic way, meaning all your applications are set in the firmware once and for all, you don’t need to have an Operating System approach – everything can be packaged in your firmware. Many hardware wallets producers do not use an OS, but rather store everything in a single application: the device’s firmware. This approach, using one single application, is called monolithic. For hardware wallets, it means that your firmware has all the coding for all of your crypto assets. While it does work, this single application architecture does have some major drawbacks, however.

If the crypto assets are all in the same application, it will mean that they are all connected to each other. Should any problem occur for one crypto asset, it will influence the rest as well – the entire firmware would then need to be updated. The same goes for when you want to add a new crypto asset, making third party development a much more difficult process.  

“Each cryptocurrency should be its own application, just for security reasons.”
– Nicolas Bacca, CTO at Ledger

We wanted to be multi-application by design to increase the security of your crypto assets and allow for third parties to be able to develop their applications securely, isolated from the other ones in case of potential flaws. BOLOS equally gives us more portability for our applications: generally speaking, the applications developed would not need too many adaptations to be useable on a different device (exceptions exist).

Hardware wallet providers working with an Operating System use an off-the-shelf one. Secure Elements can be purchased in one of two ways:

  • A Secure Element with a generic OS already on it.
  • A completely blank Secure Element, not having any Operating System.

The generic OS on the Secure Element does not fit the requirements for developing blockchain applications, whereas BOLOS does.

Why is Ledger the only one to combine a Secure Element and custom Operating System?

As discussed in the previous article, a Secure Element adds preventions to many types of attacks. It is the standard for many solutions that protect critical data against attackers with physical access. BOLOS helps leveraging these added security features even further.

To create a custom Operating System on a Secure Element, you would need full access to the datasheets of it. This is not an easy task as these type of chips are highly confidential. Gaining access to the datasheets requires going through a lengthy process, comparable to asking for the information of materials used to print fiat money.

Several people at Ledger, including some of the founders, have extensive experience in the smartcard industry which uses this kind of chips. Adding to that, Ledger is a trusted brand, which has helped in gaining access. Other hardware wallet manufacturers have not been able to receive this access yet, or may mistakenly believe it to not be an advantage, making Ledger devices the only ones to combine a Secure Element with a custom OS.

How does BOLOS help make Ledger hardware wallets special?

Cryptocurrency Applications & Isolation:
As mentioned previously, BOLOS allows for installing apps which are isolated from each other. BOLOS also keeps your 24-word recovery phrase isolated from the apps. Private data, such as your private keys will be protected and never leave the device due to the combination of BOLOS and the Secure Element.

As shown in the schematic above, applications do not have an opportunity to interact with each other. Their communication goes directly and only to BOLOS, with no exceptions possible even for a malicious users or developers. Apps cannot share private information either due to this architecture.

Open: Anyone can develop and load their own apps.
Thanks to the isolation and flexibility that BOLOS brings, third parties can easily develop applications for Ledger devices as well. These are released during our monthly event called CryptoTuesday. Naturally, there is a process for being accepted as an official app on Ledger Live, which can be found here.

Signature and Genuineness Mechanisms:
BOLOS allows the use of a system called a Root of Trust. Through it, we can verify the genuineness mechanism of your device when connecting it to Ledger Live (and Ledger Manager) – a genuine check will be performed. It does the same for the installation for apps and updating your firmware. We will discuss this topic more in-depth in our next article.

Leveraging Secure Element Features and Upgrade Capabilities:
BOLOS provides extra security features and countermeasures that complement the Secure Element’s features. BOLOS allows for firmware patching as well. This is extremely useful: we wanted to ensure that we could further strengthen our security in the future or expand your devices’ functionalities, without having to create a brand-new device.

Verifying Your Transactions Physically:
BOLOS also ensures that a physical confirmation needs to be given for each cryptocurrency transaction by the user through pressing either the left button (reject) or the right button (confirm). The device’s screen shows you the true details of the transaction you are about to make – your computer’s screen could be manipulated by a hacker. This cannot happen to your device’s screen.

Conclusion

An Operating System on a device is vital for making it more user-friendly and for increasing its security. At Ledger, we believe it best to not use a generic OS for hardware wallets. We have developed BOLOS to make the most out of our hardware wallets for flexibility, security and user-experience reasons. BOLOS is designed to make full use of the features of a Secure Element. Ledger can proudly say that we have the only hardware wallet currently in the market that uses a Secure Element in combination with a custom Operating System.

BOLOS equally allows usage of a Root of Trust implementation. This is a digital signature proving the genuineness of a device or its connection. In the next article, we will take a closer look into the Root of Trust.