We’re pleased to introduce our new Operating System, designed by our firmware team and leveraging on the expertise of powering millions of embedded Secure Elements in our past ventures : the Blockchain Open Ledger Operating System, also known as BOLOS.
BOLOS represents a major change compared to what the smartcard industry offers today — it puts developers in the driving seat, providing an unobtrusive framework to build source code portable native applications around a secure core, protecting the core against applications attacks, and isolating applications from each other without getting in the way (hence the french pun).
BOLOS is our way of turning Bitcoin Hardware Wallets into Personal Security Devices — users can review and install third party applications that will add new privacy features on top of their own shared set of cryptographic material, without exposing that material.
We’ll be publishing a set of articles in the coming weeks describing the architecture with additional technical details and provide tutorials to developers.
BOLOS implementation on Ledger Blue
Ledger Blue features our first native implementation of BOLOS. Isolation is natively provided by ARM Memory Protection Unit and Operating Modes — each application can only access its own memory region, and operates in User mode, interacting with the Operating System running in Supervisor mode.
This isolation mechanism will be available both on the Secure Element of Ledger Blue and its non secure MCU, with an Open Source implementation provided for the non secure MCU as we would like to encourage new designs to use ARM MCUs leveraging those protection mechanisms (such as the STM32L0 line from ST Microelectronics)
BOLOS implementation on the Ledger TEE application
The TEE application we recently released for Android phones featuring a Trustonic TEE is based on a different but somewhat similar concept — after all, TEEs offer an advanced version of this isolation mechanism, so let’s consider them as a black box we don’t have access to but provides a similar set of functionalities.
When dealing with this black box model, we provide isolation through a virtual CPU, reusing the Moxie architecture designed by Anthony Green and already experimented for Bitcoin use cases by Jeff Garzik. This lets us implement advanced Smart Contract applications with a minimum performance hit considering TrustZone enabled CPUs are significantly more powerful than a regular smartcard.
The same architecture is also used to support BOLOS on HSMs.
BOLOS is organized as a set of simple building blocks to build your applications :
- An Input/Output block to communicate with the outside world and third party peripherals
- A cryptographic block implementing low level cryptographic primitives
- A storage block for on device storage, when available
- A wrapping block for external device storage, allowing you to securely bind data to the running BOLOS application
- An endorsement block providing BOLOS application proof of execution
- A User Interface block for user presence and confirmation
For more information, you can refer to our Doxygen page : https://ledgerhq.github.io/bolos-tee/
Our next article will describe how to build and run your first BOLOS application on the TEE and on Ledger Blue.
The TEE application is available right now on the Play Store — to use it for development purposes, make sure to provide a secp256k1 uncompressed public key into the “Options” menu before purchasing the license.
The Ledger Blue will be available for developers in March.