Ledger Start - Getting Started

The **Secure Element (SE)**, utilized in Ledger devices, is a specialized chip (CC EAL5+ certified) that functions as a highly secured microprocessor. Unlike standard microcontroller units (MCUs) found in regular USB drives, the SE is specifically designed to resist both physical and digital attacks. This chip is where your **private keys are generated and permanently stored**. Critically, the private keys are never exposed to the outside world—not to your computer, not to Ledger Live, and not even to Ledger’s servers.

The SE is responsible for all cryptographic operations, including **key generation** using a certified True Random Number Generator (TRNG) and **transaction signing**. When you initiate a transaction, the unsigned data is sent to the SE, which then performs the signing process internally. The signed transaction, which proves ownership, is the only data that leaves the chip. This architecture makes the Ledger device immune to malware, viruses, and phishing attempts that target your computer, as these threats cannot access the keys or manipulate the signing process without your physical button confirmation. This hardware isolation is the core feature that distinguishes a hardware wallet from a software wallet.

Firmware Integrity and OS

The Ledger device runs a proprietary operating system called **BOLOS (Blockchain Open Ledger Operating System)**. BOLOS enforces strict isolation between different crypto applications installed on the device, ensuring that, for instance, a Bitcoin application cannot access or interfere with the Ethereum app's operations. Furthermore, BOLOS is responsible for displaying transaction details on the small, **trusted screen** of the device. Since this screen is physically attached to the Secure Element, you are guaranteed that the address and amount you see displayed is the *exact* data being cryptographically signed, preventing "what-you-see-is-not-what-you-sign" attacks. Regular firmware updates, always managed through Ledger Live after a genuine check, are essential for maintaining this security boundary.

The **24-word Recovery Phrase** is derived from the **BIP-39 standard**, a technical specification that maps the device's generated seed (a large binary number) into an easily recordable list of words. This is your mnemonic phrase. It is the cryptographic root of your entire hardware wallet structure. The device performs a key stretching function (PBKDF2) on these 24 words to generate the final master seed from which all your individual account keys are deterministically derived.

This deterministic process is governed by **BIP-44**, which defines the hierarchical structure. This means the 24 words can generate an unlimited number of accounts for different cryptocurrencies, all organized under a single master key. For example, your Bitcoin, Ethereum, and Solana accounts (among the **5,500+ assets supported**) all stem from the exact same 24 words but are separated by their unique **derivation path**. This makes recovery simple: restore the 24 words, and all your accounts are instantly available.

Critical Storage Requirements:

• **Physical Only:** The phrase must never touch a digital environment. Do not use cloud storage, email, mobile phones, or password managers.
• **Avoid Phishing:** Ledger will **never** ask you for your 24-word phrase via email, pop-up, or support ticket. Any prompt asking for this phrase outside of a physical restoration on the device itself is a malicious attempt to steal your crypto.
• **Durability:** Use the paper sheets provided, or consider a metal backup solution for protection against fire, water, and deterioration. Store this backup in a different location than your Ledger device itself.

Understanding this hierarchy is vital. Your funds are not "in" the device; they are secured by the private key derived from your 24 words. Losing the device is recoverable; losing the phrase is equivalent to losing your funds forever. The entire self-custody model hinges on your ability to secure and recover this critical 24-word sequence.

Ledger Live is the mandatory, desktop and mobile companion application. It acts as the secure bridge between your computer and the Ledger device. Critically, Ledger Live is an open-source client application that **never handles your private keys**. It only interacts with the public addresses and communicates transaction requests to the hardware wallet.

The Genuine Check Protocol:

When you connect a new device via **Ledger.com/Start** and launch the Live software, the Genuine Check automatically runs. This is an authentication challenge performed using a cryptographic key embedded in the Secure Element at Ledger’s factory. Ledger Live checks the response against Ledger's own servers. If the device is fake, tampered with, or contains an unauthorized chip, the Genuine Check will fail immediately. **You must only proceed if this check passes.** This process guarantees the integrity of your hardware before you transfer any funds.

App Installation and Updates:

Ledger Live is also used to install the necessary coin applications onto your Ledger Nano. Due to the limited storage space on the device, you only install the apps you actively use (e.g., Bitcoin, Ethereum, Cardano). The apps manage the specific cryptographic rules for each blockchain. Firmware updates for the device are also managed through Ledger Live and are critical for patching vulnerabilities and expanding coin support. Never install apps or update firmware from unofficial sources.

The security model is collaborative: the **Secure Element** provides the cryptographic power and protection, and **Ledger Live** provides the user interface and the verified connection to the blockchain networks, all while keeping the critical private keys isolated.

The **Passphrase** (sometimes called the 25th word or a hidden wallet) is an optional, advanced security feature. It acts as an additional layer of security by modifying the master seed derived from your 24 words, creating an entirely separate, cryptographically distinct set of accounts.

Plausible Deniability

The primary use of the passphrase is for **plausible deniability**. When you first set up your Ledger, you create a "Standard" wallet secured only by the 24 words. If you then enable a passphrase (a secret word you choose), you create a "Hidden" wallet. If you are ever forced to unlock your device under duress, you can enter the PIN associated with your standard wallet, revealing only a decoy account with minimal funds. Your major holdings, secured by the passphrase, remain hidden and inaccessible.

**WARNING:** The passphrase is **case-sensitive** and must be backed up as securely as your 24-word phrase, as it is **not included** in the 24 words. If you forget your passphrase, those funds are permanently lost, even if you still have your 24 words. This feature is recommended only for experienced users.

Key Safety Checklist Summary

• **Always Confirm on Device:** Never sign a transaction unless you have verified the recipient address and amount on the Ledger's physical screen.
• **Keep PIN Secure:** If you input the wrong PIN three times, the device wipes itself, forcing you to use your 24-word phrase for recovery.
• **Buy Directly:** Only purchase Ledger devices from the official Ledger store to ensure a genuine device with an untainted Secure Element.
• **Avoid Side Loading:** Only install apps and firmware through the verified Ledger Live application.