Ledger Nano S New Firmware Update 1.4.1

Ledger released an important update to the Nano S with firwware version 1.4.1.

The release brings several functional and UX features and some important security fixes.

On the security side, it includes the following:

BOLOS (Ledger OS) has evolved. You’ll find below some of the latest modifications:

  • The apps are now split in 3 segments (code, data, installation parameters). Two different hashes are computed (code + data and code + data + installParams). This allows the user to verify the data loaded even for apps which have secret data.
  • U2F tunnel is now supported for APDUs in the dashboard and also in the SDK. It’ll make it possible to support all communication protocols with a single interface and avoid using the “Browser Support” options. U2F tunnel is very convenient to interface with a web application (such as MyCrypto / MyEtherWallet).
  • The SDK now offers another primitive for comparing memory pointers securely (memcmp).


The cryptographic support has been widely extended. A lot of new Elliptic Curves are now supported:

  • SEC curves (SECP384R1, SECP521R1),
  • Brainpool Curves (P256R1, P320T1, P320R1, P384T1, P384R1, P512T1, P512R1)
  • ANSSI Curve (FRP256V1),
  • Edwards Curves (Ed448), and
  • Goldilocks’s curve (Curve448).


The firmware 1.4 includes a few other security improvements. For instance, the policy to load 3rd party apps slightly evolved. The custom Certification Authority (CA) management is now only available under recovery mode. It is intended to make malware applications less attractive to promote for inexperienced users.

Support us and the authors of this article by donating to the following address:


Comments powered by Talkyard.