Ledger’s Custom Operating System: BOLOS
KEY TAKEAWAYS: |
— Ledger hardware wallets use a tamper-proof chip called a Secure Element. This chip runs a custom operating system named BOLOS. — BOLOS runs your apps and makes sure each app on your Ledger device works separately. Thanks to this operating system, a transaction you make with one account doesn’t affect the security of another. — BOLOS is just one part of the Ledger security model designed to keep your assets safe. |
Most devices have an operating system (OS). For example, your computer likely runs Windows or Mac OS, allowing you to install applications (for example: Microsoft Word). Without an operating system, you can’t run apps.
But specific devices need specific Operating Systems. You wouldn’t want to control your mobile phone with an operating system designed to handle a vacuum cleaner. And the same can be said for hardware wallets.
So how does that fit in with Ledger devices?
If you have a Ledger hardware wallet, you might wonder how it works. Diving into Ledger’s security model, let’s explore BOLOS, Ledger’s custom operating system.
What is BOLOS?
BOLOS stands for the “Blockchain Open Ledger Operating System”, and it’s the operating system all Ledger devices rely on. Essentially, the operating system operates your apps within the Secure Element chip. Since the Secure Element chip is tamper-proof, your device operates securely. BOLOS drives your secure screen and allows you to manage your private keys directly with the Secure Element chip. It also keeps your information isolated so your apps are protected from each other too.
Understanding the Tech Behind BOLOS
BOLOS stands out as a hardware wallet operating system as a custom-made, multi-application operating system designed specifically to store and manage private keys. But how does the tech behind it work exactly?
BOLOS is a Custom Operating System
BOLOS operates on the Secure Element chip, and this is the key to why it’s custom-made.
To explain, Secure Element chips can be purchased in one of two ways: either containing a generic operating system; or completely blank, without an operating system at all. For Ledger devices, only the latter provided a reasonable solution as the generic operating system of a Secure Element is not designed for storing private keys and signing transactions.
BOLOS however, is designed specifically for storing private keys and allowing you to manage crypto assets securely.
BOLOS is Multi-Application By Design
Many hardware wallets don’t use an OS, opting to store everything in a single application: the device’s firmware. This is called monolithic firmware. This may seem convenient, however, this single-application architecture has some major drawbacks.
Put simply, apps managed by the same application can communicate. If there’s a vulnerability, the entire firmware must be updated. It’s also challenging to add new apps to the system as a third-party developer.
As such, Ledger devices are multi-application by design. Anyone can design an app, and each app operates separately from one another. This ensures your security when interacting with multiple apps which may require different sensitive information. To do this, Ledger devices rely on BOLOS.
What is BOLOS For?
BOLOS has four key features. It: keeps your apps isolated, allows anyone to develop an app, provides a genuine check, and allows you to verify transactions. Let’s dive into each of these pieces.
Cryptocurrency Applications & Isolation
BOLOS allows for installing applications that are isolated from each other. BOLOS also keeps your 24-word recovery phrase and private keys isolated from the applications.
Open: Anyone Can Develop Ledger Live Apps
Thanks to the isolation and flexibility that BOLOS brings, third parties can easily develop applications for Ledger devices. Not only that, there’s also a developer portal to help you on your journey. Start developing your own Ledger Live app following the process outlined here.
Signature and Genuineness Mechanisms
BOLOS allows the use of a system called a Root of Trust. Through it, you can verify your device is genuine when you connect it to Ledger Live. It does the same for the installation of applications and updating your firmware.
Verifying Your Transactions Physically
Ledger’s operating system BOLOS also ensures that transactions are confirmed physically. Ledger devices benefit from a secure screen, driven directly by the Secure Element thanks to BOLOS. While your computer’s screen is vulnerable to hackers, your Ledger device’s secure screen is operated by BOLOS on the Secure Element chip, a tamper-proof environment.
BOLOS: Another Key Part of Ledger’s Security Model
Your device relies on an operating system to be user-friendly and secure, and BOLOS is equipped to keep your assets safe and easy to use. But BOLOS is just one part of Ledger’s Security Model. It also works alongside the Secure Element, the Secure Screen, a PIN code, and of course, rigorous testing in the Ledger Donjon.
So what are you waiting for? Get a Ledger device and embrace secure self-custody.