I own a ledger nano s, and recently thinking about to buy a ledger nano x, but only recently that I found the firmware on the hardware is close source, as a non-programmer I do not really understand what this mean to my safety.
So I have a few questions,
* Dev says most of the ledger software is open source, only the firmware on the hardware because of NDA, and he say the ledger live app has no way to interact it in a bad way (ie stealing the recovery phrase), aside from the dev word, may I know why is it not possible?
* We update ledger firmware via the ledger live app or the website, is there a possibility for dev to push a malicious update with the potential to steal our recovery phrase, or steal our crypto? Aside from trusting the dev won’t push a malicious update?
* Is there a regular or ongoing audit for every new firmware release that we can read on before updating our device firmware? I like the idea of open source, but the truth is open source doesn’t mean anything if I can’t understand the code, so ultimately I just have to rely someone else audit, or public audit
I’m hoping there’s a there’s a solution I can trust my hardware wallet without blindly trusting ledger company, hopefully someone can answer this to a non-programmer