Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
by
o_e_l_e_o
on 29/05/2023, 11:27:18 UTC
Quote from: Pmalek on Today at 09:42:50 AM
I doubt Ledger would ever admit that they could remove that physical confirmation any time they want, but are you both 100% sure that's how it works?
They certainly wouldn't. I suppose I couldn't prove it without engineering firmware which does exactly that, but have a look at the hardware architecture here: https://developers.ledger.com/docs/embedded-app/bolos-hardware-architecture/https://developers.ledger.com/docs/embedded-app/bolos-hardware-architecture/

The buttons feed in to the MCU, not to the secure element. The MCU is where the firmware is installed. If Ledger can write firmware which says "Perform action x if confirmed by a button press", then I see no reason they can't write firmware which simply says "Perform action x".