{"id":18724837,"url":"https://github.com/obsidiansystems/ledger-app-tezos","last_synced_at":"2025-04-12T15:50:41.836Z","repository":{"id":34731742,"uuid":"135602726","full_name":"obsidiansystems/ledger-app-tezos","owner":"obsidiansystems","description":"Ledger app for Tezos","archived":false,"fork":false,"pushed_at":"2022-06-03T16:07:23.000Z","size":1602,"stargazers_count":102,"open_issues_count":22,"forks_count":51,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-03-25T07:02:01.093Z","etag":null,"topics":["baking","hardware-wallet","ledger","ledger-device","ledger-hardware-wallet","tezos","tezos-baking","tezos-wallet","wallet"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/obsidiansystems.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-31T15:32:34.000Z","updated_at":"2024-10-04T14:14:19.000Z","dependencies_parsed_at":"2022-09-16T20:01:42.020Z","dependency_job_id":null,"html_url":"https://github.com/obsidiansystems/ledger-app-tezos","commit_stats":null,"previous_names":[],"tags_count":37,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obsidiansystems%2Fledger-app-tezos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obsidiansystems%2Fledger-app-tezos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obsidiansystems%2Fledger-app-tezos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obsidiansystems%2Fledger-app-tezos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/obsidiansystems","download_url":"https://codeload.github.com/obsidiansystems/ledger-app-tezos/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248591893,"owners_count":21130144,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["baking","hardware-wallet","ledger","ledger-device","ledger-hardware-wallet","tezos","tezos-baking","tezos-wallet","wallet"],"created_at":"2024-11-07T14:08:11.047Z","updated_at":"2025-04-12T15:50:41.801Z","avatar_url":"https://github.com/obsidiansystems.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Tezos Ledger Applications\n\n## Overview\n\nWhether you're baking or just trading XTZ, you want to store your keys securely.\nThis is what a \"hardware wallet\" like the\n[Ledger Nano S/X](https://www.ledgerwallet.com/products) is for.\nYour private keys never leave the device, and it performs the signing\noperations. To use a Ledger Nano device with [Tezos](https://www.tezos.com/), you need to\nload Tezos-specific software onto it.\n\nThe term \"hardware wallet\" can refer to several devices that store your private\nkeys in a secure way. The term \"wallet\" refers to the fact that it stores your\n\"money\" -- in the case of Tezos, it stores your tez. Remember, storing your\ntokens means storing the private keys that control your tokens. But the wallet\nalso has other uses, including an application that helps you securely and easily\ninteract with the network, including creating Tezos transactions and baking\nblocks.\n\nThis repository contains two Ledger Nano applications:\n\n1. The \"Tezos Baking\" application (Nano S only) is for baking: signing new blocks and\nendorsements. For more information about baking, see\n*[Benefits and Risks of Home Baking](https://medium.com/@tezos_91823/benefits-and-risks-of-home-baking-a631c9ca745)*.\n2. The \"Tezos Wallet\" application (Nano S and X) is for making XTZ transactions, originating contracts, delegation, and voting. Basically everything you might want to use the Ledger Nano S/X for on Tezos besides baking.\n\nIt is possible to do all of these things without a hardware wallet, but using a\nhardware wallet provides you better security against key theft.\n\nThis documentation was originally written when there was no GUI support, so everything is\ntailored towards the command line.  We recommend you read this entire\ndocument to understand the commands available, and which commands are\nmost appropriate to your situation. This will require judgment on how\nbest to meet your needs, and this document will also provide context to\nhelp you understand that.\n\nThis document is not a comprehensive guide to setting up Tezos\nsoftware. While it covers some aspects of setting up and installing\nTezos nodes and clients, especially as it interacts with the Ledger Nano S/X,\nyou should familiarize yourself with the [Tezos Documentation](https://tezos.gitlab.io/master/) and community resources such as Tezos Community's guide on [building a node](https://github.com/tezoscommunity/FAQ/blob/master/Compile_Mainnet.md). If you have questions, please ask them on the [Tezos Stack Exchange](https://tezos.stackexchange.com/).\n\nThis document is also not a guide on how to use Linux. It assumes you\nknow how to install and configure a Linux system to your general needs,\nuse the command line, or configure GitHub access. Occasionally, it will\nrecommend things like editing a script to match your configuration.\nLearning how to run commands on Linux, edit scripts, or configure your\nuser accounts to enable groups, is outside the scope of this document,\nbut resources for all of those things are available on the Internet.\n\nThe commands in these instructions have only been tested on Linux. If\nyou use any form of virtualization, e.g. docker or VirtualBox, please\nconsult the documentation of that virtualization system to determine\nhow to access USB from inside the virtualization, as that can be a\ncomplicated and difficult process.\n\nThe commands in this document have been tested as is, and have the correct\nprivileges. If you find yourself using `sudo` to run commands that are not\nlisted as requiring `sudo`, that likely indicates a problem with your\nconfiguration, most often the `udev` configuration. Using `sudo` for commands\nthat should not require it can create security vulnerabilities and corrupt\nyour configuration.\n\n## Hacking\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md)\n\n## Set up your Ledger device\n\nTezos recommends two hardware wallets: Ledger Nano S and Ledger Nano X. When you first get a device and set it up, part of the setup process is generating a keypair. The keypair\nwill be associated with a rather long seed phrase that you must write down and\nkeep securely. We'll discuss that seed phrase more below. You also set a PIN\ncode that allows you to unlock the device so that it will sign messages. You can\nthen install the Tezos application to use the Ledger device to interact directly with the\nTezos network (see more about this in the application instructions, forthcoming).\nHowever, your Ledger device will ask for confirmation before it sends your keys to sign\ntransactions or blocks, and you must confirm by physically pushing a button on\nthe device, and that provides some security against an attacker taking control\nover your keys.\n\n### Protecting your key\n\nThe seed phrase is an encoding of your private key itself and can be used to\nrestore your key. If you lose your Ledger device or destroy it somehow, you can buy a\nnew one and set it up with the seed phrase from your old one, hence restoring\nyour tokens.\n\nConsequently, it is extremely important that you keep your seed phrase written\ndown somewhere safe. Losing it can mean you lose control of your account should\nyou, for example, lose your Ledger device. Keeping it somewhere a hacker could find it\n(such as in a file on your internet-connected computer) means your private key\ncan fall into the wrong hands.\n\nYou will write it down on paper, along with your PIN, and store it. If you will\nhave a large amount of money, consider putting your paper in a safe or safe\ndeposit box, but at the very least keep it away from places where children,\ndogs, housekeepers, or obnoxious neighbors could inadvertently destroy it.\n\n### Protecting Your Key -- Further Advanced Reading\n\nMore advanced techniques for those interested in even more layers of security\nor plausible deniability features should look at\n[Ledger's documentation on this](https://support.ledgerwallet.com/hc/en-us/articles/115005214529-Advanced-Passphrase-options).\n\nNote that Ledger devices with different seeds will appear to `tezos-client` to be\ndifferent hardware wallets. Note also that it can change what key is authorized in\nTezos Baking. When using these features in a Ledger device used for baking,\nplease exit and re-start Tezos Baking right before baking is supposed to\nhappen, and manually verify that it displays the key you expect to bake for.\n\nTezos Wallet does not require such extra steps, and so these extra\nprotections are more appropriate for keys used for transaction than\nthey are for keys used for baking. If you do use these features, one\ntechnique is that your tez be stored in the passphrase-protected and\ndeniable account, and that you delegate them to a baking account. This\nway, the baking account won't actually store the vast majority of the tez.\n\n### Ledger device firmware update\n\nTo use these apps, you must be sure to have [up-to-date\nfirmware](https://support.ledgerwallet.com/hc/en-us/articles/360002731113)\non the Ledger device. This code was tested with version\n1.6.0. Please use [Ledger Live](https://www.ledger.com/pages/ledger-live) to do this.\n\n### udev rules (Linux only)\n\nYou need to set `udev` rules to set the permissions so that your user account\ncan access the Ledger device. This requires system administration privileges\non your Linux system.\n\n#### Instructions for most distros (not including NixOS)\n\nLedgerHQ provides a\n[script](https://raw.githubusercontent.com/LedgerHQ/udev-rules/master/add_udev_rules.sh)\nfor this purpose. Download this script, read it, customize it, and run it as root:\n\n```\n$ wget https://raw.githubusercontent.com/LedgerHQ/udev-rules/master/add_udev_rules.sh\n$ chmod +x add_udev_rules.sh\n```\n\nWe recommend against running the next command without reviewing the\nscript and modifying it to match your configuration.\n\n```\n$ sudo ./add_udev_rules.sh\n```\n\nSubsequently, unplug your ledger hardware wallet, and plug it in again for the changes to take\neffect.\n\n#### Instructions for NixOS\n\nFor NixOS, you can set the udev rules by adding the following to the NixOS\nconfiguration file typically located at `/etc/nixos/configuration.nix`:\n\n```nix\nhardware.ledger.enable = true;\n```\n\nOnce you have added this, run `sudo nixos-rebuild switch` to activate the\nconfiguration, and unplug your Ledger device and plug it in again for the changes to\ntake effect.\n\n## Installing the Applications with Ledger Live\n\nThe easiest way to obtain and install the Tezos Ledger apps is to download them\nfrom [Ledger Live](https://www.ledger.com/pages/ledger-live). Tezos Wallet is readily available\nin Ledger Live's Manager. To download Tezos Baking, you'll need to enable 'Developer Mode' in Settings.\n\nIf you've used Ledger Live for application installation, you can skip ahead to [Registering the Ledger Device with the node](#registering-the-ledger-device-with-the-node).\n\n## Obtaining the Applications without Ledger Live\n\nIf you are using the [Nix package manager](https://nixos.org/nix/), you can skip\nthis section and the next one; go directly to the\n[nix directory](nix/)\nfor simpler Nix-based installation, where documentation is in [CONTRIBUTING.md](CONTRIBUTING.md).\nThen return to this document and continue reading at *Registering the Ledger Nano S with the node*\n\nThe second easiest way to obtain both applications (after Ledger Live) is to download `.hex` files\nfrom the [releases](https://github.com/obsidiansystems/ledger-app-tezos/releases)\npage of this repo. After doing so, skip ahead to *[Installing the apps onto your Ledger device without Ledger Live](#installing-the-apps-onto-your-ledger-device-without-ledger-live)*.\nYou will need to expand the releases tarball somewhere and copy the\nbaking.hex and wallet.hex files into the ledger-app-tezos directory.\nIf you want to compile the applications yourself, keep reading this section.\n\n### Compiling the `.hex` files\n\nThe first thing you'll need to do is clone this repository:\n\n```\n$ git clone https://github.com/obsidiansystems/ledger-app-tezos.git\n```\n\nYou will need to have the\n[BOLOS SDK](http://ledger.readthedocs.io/en/latest/userspace/getting_started.html)\nto use the Makefile, which can be cloned from Ledger's\n[nanos-secure-sdk](https://github.com/LedgerHQ/nanos-secure-sdk) git repository.\nYou will also need to download two compilers for use with the SDK.\nNote that these are specialized compilers to cross-compile for the ARM-based\nplatform of the Ledger device; please don't use the versions of `clang` and `gcc` that\ncome with your system.\n\n  * [CLANG](http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.10.tar.xz)\n  * [GCC](https://launchpadlibrarian.net/251687888/gcc-arm-none-eabi-5_3-2016q1-20160330-linux.tar.bz2)\n\nAll of the environment setup can be accomplished with the following commands.\n\nObtain the BOLOS SDK and the compilers it needs:\n\n```\n$ git clone https://github.com/LedgerHQ/nanos-secure-sdk\n$ wget -O clang.tar.xz http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.10.tar.xz\n$ wget -O gcc.tar.bz2 https://launchpadlibrarian.net/251687888/gcc-arm-none-eabi-5_3-2016q1-20160330-linux.tar.bz2\n```\n\nUnzip the compilers and move them to appropriately-named directories:\n\n```\n$ mkdir bolos_env\n$ tar -xJf clang.tar.xz --directory bolos_env\n$ mv bolos_env/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.10 bolos_env/clang-arm-fropi\n$ tar -xjf gcc.tar.bz2 --directory bolos_env\n```\n\nSet environment variables:\n\n```\n$ export BOLOS_SDK=$PWD/nanos-secure-sdk\n$ export BOLOS_ENV=$PWD/bolos_env\n```\n\nTo build the Tezos Wallet app:\n\n```\n$ APP=tezos_wallet make\n$ mv bin/app.hex wallet.hex\n```\nIf this results in an error message that includes this line (possibly repeatedly):\n\n```\n#include \u003cbits/libc-header-start.h\u003e\n```\nyou may need to run:\n\n```\n$ sudo apt-get install libc6-dev gcc-multilib g++-multilib\n```\nand then re-run the `make` command.\n\nNote that if you build *both* apps, you need to run `make clean` before building\nthe second one. So, to build both apps run:\n\n```\n$ APP=tezos_wallet make\n$ mv bin/app.hex wallet.hex\n$ make clean\n$ APP=tezos_baking make\n$ mv bin/app.hex baking.hex\n```\n\nTo build just the Tezos Baking App:\n\n```\n$ APP=tezos_baking make\n$ mv bin/app.hex baking.hex\n```\n\n### Installing the apps onto your Ledger device without Ledger Live\n\nManually installing the apps requires a command-line tool called the\n[BOLOS Python Loader](https://ledger.readthedocs.io/projects/blue-loader-python/en/0.1.16/index.html).\n\n### Installing BOLOS Python Loader\n\nInstall `libusb` and `libudev`, with the relevant headers. On Debian-based\ndistros, including Ubuntu, the packages with the headers are suffixed with\n`-dev`. Other distros will have their own conventions. So, for example, on\nUbuntu, you can do this with:\n\n```\n$ sudo apt-get install libusb-1.0.0-dev libudev-dev # Ubuntu example\n```\n\nThen, install `pip3`. You must install `pip3` for this and not `pip`. On Ubuntu:\n\n```\n$ sudo apt-get install python3-pip # Ubuntu example\n```\n\nNow, on any operating system, install `virtualenv` using `pip3`. It is important\nto use `pip3` and not `pip` for this, as this module requires `python3` support.\n\n```\n$ sudo pip3 install virtualenv # Any OS\n```\n\nThen create a Python virtual environment (abbreviated *virtualenv*). You could\ncall it anything, but we shall call it \"ledger\". This will create a directory\ncalled \"ledger\" containing the virtualenv:\n\n```\n$ virtualenv ledger # Any OS\n```\n\nThen, you must enter the `virtualenv`. If you do not successfully enter the `virtualenv`,\nfuture commands will fail. You can tell you have entered the virtualenv when your prompt is\nprefixed with `(ledger)`.\n\n```\n$ source ledger/bin/activate\n```\n\nYour terminal session -- and only that terminal session -- will now be in the\nvirtual env. To have a new terminal session enter the virtualenv, run the above\n`source` command only in the same directory in the new terminal session.\n\n### ledgerblue: The Python Module for Ledger Nano S/X\n\nWe can now install `ledgerblue`, which is a Python module designed originally for\nLedger Blue, but also is needed for the Ledger Nano S/X.\n\nAlthough we do not yet support Ledger Blue, you must still install the following python package.\nWithin the virtualenv environment -- making sure that `(ledger)` is showing up\nbefore your prompt -- use pip to install the `ledgerblue`\n[Python package](https://pypi.org/project/ledgerblue/).\nThis will install the Ledger Python packages into the virtualenv; they will be\navailable only in a shell where the virtualenv has been activated.\n\n```\n$ pip install ledgerblue\n```\n\nIf you have to use `sudo` or `pip3` here, that is an indication that you have\nnot correctly set up `virtualenv`. It will still work in such a situation, but\nplease research other material on troubleshooting `virtualenv` setup.\n\n### Load the application onto the Ledger device\n\nNext you'll use the installation script to install the application on your Ledger device.\n\nThe Ledger device must be in the following state:\n\n  * Plugged into your computer\n  * Unlocked (enter your PIN)\n  * On the home screen (do not have any application open)\n  * Not asleep (you should not see *vires in numeris* is scrolling across the\n    screen)\n\nIf you are already in an application or the Ledger device is asleep, your installation process\nwill fail.\n\nWe recommend staying at your computer and keeping an eye on the Ledger device's screen\nas you continue. You may want to read the rest of these instructions before you\nbegin installing, as you will need to confirm and verify a few things during the\nprocess.\n\nStill within the virtualenv, run the `./install.sh` command included in the `release.tar.gz`\nthat you downloaded.\n\nThis `./install.sh` script takes the path to an application directory. Two such directories\nwere included in the downloaded `release.tar.gz`.\nInstall both apps like this: `./install.sh wallet baking`.\n\nThe first thing that should come up in your terminal is a message that looks\nlike this:\n\n```\nGenerated random root public key : \u003clong string of digits and letters\u003e\n```\n\nLook at your Ledger device's screen and verify that the digits of that key match the\ndigits you can see on your terminal. What you see on your Ledger hardware wallet's screen\nshould be just the beginning and ending few characters of the longer string that\nprinted in your terminal.\n\nYou will need to push confirmation buttons on your Ledger device a few times\nduring the installation process and re-enter your PIN code near the end of the\nprocess. You should finally see the Tezos logo appear on the screen.\n\nIf you see the \"Generated random root public key\" message and then something\nthat looks like this:\n\n```\nTraceback (most recent call last):\nFile \"/usr/lib/python3.6/runpy.py\", line 193, in _run_module_as_main\n\u003c...more file names...\u003e\nOSError: open failed\n```\n\nthe most likely cause is that your `udev` rules are not set up correctly, or you\ndid not unplug your Ledger hardware wallet between setting up the rules and attempting to\ninstall. Please confirm the correctness of your `udev` rules.\n\nTo load a new version of the Tezos application onto the Ledger device in the future,\nyou can run the command again, and it will automatically remove any\npreviously-loaded version.\n\n### Removing Your App\n\nIf you'd like to remove your app, you can do this. In the virtualenv\ndescribed in the last sections, run this command:\n\n```\n$ python -m ledgerblue.deleteApp --targetId 0x31100004 --appName 'Tezos Wallet'\n```\n\nReplace the `appName` parameter \"Tezos\" with whatever application name you used when you loaded the application onto the device.\n\nThen follow the prompts on the Ledger device screen.\n\n### Confirming the Installation Worked\n\nYou should now have two apps, `Tezos Baking` and `Tezos Wallet`. The `Tezos\nBaking` application should display a `0` on the screen, which is the highest block\nlevel baked so far (`0` in case of no blocks). The `Tezos Wallet` application will just\ndisplay `Tezos`.\n\n## Registering the Ledger device with the node\n\nFor the remainder of this document, we assume you have a Tezos node running and\n`tezos-client` installed. Also, Docker has some issues working with the Ledger device,\nso unless you're willing to troubleshoot them, we don't recommend it.\n\nCurrently there are two other ways to do this:\n\n  1. If you have the Nix package manager, use the\n     [Tezos baking platform](https://gitlab.com/obsidian.systems/tezos-baking-platform).\n  2. Build tezos from the tezos repo with [these instructions](http://tezos.gitlab.io/introduction/howtoget.html#build-from-sources).\n\nDepending on how you build it, you might need to prefix `./` to your commands, and the names\nof some of the binaries might be different.\n\n### What is tezos-client\n\nWe can call the network at large \"Tezos.\" Tezos consists of a bunch of nodes,\none of which is yours. Your node can be thought of as your gateway to the wider\nnetwork.\n\nYou can't do anything with the Ledger hardware wallet without using `tezos-client`. Tezos-client\nis the program you use to access information about the network,\nwhich you ultimately get through your node. See the\n[command documentation](http://doc.tzalpha.net/api/cli-commands.html)\nfor the full array of features that tezos-client supports.\n\nIn summary:\n\n* Tezos is the network\n* We connect to the network through a node\n* We access that node through tezos-client\n* We store our client's keys on the Ledger device\n\nNote that `tezos-client` will not only not support certain commands unless the node is installed,\nbut the error messages for those commands will not even indicate that those commands are possible.\nIf a command documented here gives an `Unrecognized command` error, make sure you have a node\nrunning.\n\n### Side note about key generation\n\nEvery Ledger hardware wallet generates public and private keys for `ed25519`, `secp256k1`, or\n`P-256` encryption systems based on a seed (represented by and encoded in\nthe words associated with that Ledger device) and a BIP32 (\"hierarchical deterministic\nwallet\") path.\n\nThe same seed and BIP32 path will always result in the same key for the same\nsystems. This means that, to keep your Bitcoin application from knowing your Tezos keys,\nand vice versa, different BIP32 paths have to be used for the same Ledger device. This\nalso means that, in order to sync two Ledger devices, you can set them to the same\nseed, represented as 24 or some other number of natural language words (English\nby default).\n\nAll Tezos BIP32 paths begin with `44'/1729'` (the `'` indicates it is\n\"hardened\").  Which Ledger device is intended to be used, as well as choice of\nencryption system, is indicated by a root key hash, the Tezos-specific base58\nencoding of the hash of the public key at `44'/1729'` on that Ledger device. Because\nall Tezos paths start with this, in `tezos-client` commands it is implied.\n\nBeginning in Tezos Wallet V2.2.0, there is also support for a `ed25519-bip32` derivation\nmethod, which was made available in V1.5.5 of the Nano firmware. The existing `ed25519`\noperation was purposefully not changed to preserve backwards compatibility. If you do\nnothing, expect no changes. However, it is recommended that all new accounts use the `bip25519`\ncommand instead of the legacy `ed25519`. After it is imported, the address can be treated\nthe same as any other.\n\n### Importing the key from the Ledger device\n\nThis section must be done regardless of whether you're going to be baking or\nonly using the Tezos Wallet application.\n\nPlease run with a Tezos application open on your device (either Tezos Baking or Tezos Wallet will do):\n\n```\n$ tezos-client list connected ledgers\n```\n\nThe output of this command includes four Tezos addresses derived from the secret\nstored on the device, via different signing curves and BIP32 paths.\n\n```\n## Ledger `major-squirrel-thick-hedgehog`\nFound a Tezos Wallet 2.1.0 (git-description: \"091e74e9\") application running\non Ledger Nano S at\n[IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/XHC1@14/XHC1@14000000/HS03@14300000/Nano\nS@14300000/Nano S@0/IOUSBHostHIDDevice@14300000,0].\n\nTo use keys at BIP32 path m/44'/1729'/0'/0' (default Tezos key path), use one\nof:\n\ntezos-client import secret key ledger_username \"ledger://major-squirrel-thick-hedgehog/bip25519/0h/0h\"\ntezos-client import secret key ledger_username \"ledger://major-squirrel-thick-hedgehog/ed25519/0h/0h\"\ntezos-client import secret key ledger_username \"ledger://major-squirrel-thick-hedgehog/secp256k1/0h/0h\"\ntezos-client import secret key ledger_username \"ledger://major-squirrel-thick-hedgehog/P-256/0h/0h\"\n\n```\n\nThese show you how to import keys with a specific signing curve (e.g. `bip25519`) and derivation path (e.g. `/0'/0'`). The\nanimal-based name (e.g. `major-squirrel-thick-hedgehog`) is a unique identifier for your\nLedger device enabling the client to distinguish different Ledger devices. This is combined with\na derivation path (e.g. `/0'/0'`) to indicate one of the possible keys on the Ledger device. Your *root* key is the full identifier without the derivation path (e.g. `major-squirrel-thick-hedgehog/bip25519` by itself) but you should not use the root key directly\\*.\n\n\\* *NOTE:* If you have used your root key in the past and need to import it, you can do so by simply running one of the commands but without the last derivation portion. From the example above, you would import your root key by running `tezos-client import secret key ledger_user \"ledger://major-squirrel-thick-hedgehog/bip25519\"`. You should avoid using your root key.\n\nThe Ledger device does not currently support non-hardened path components. All\ncomponents of all paths must be hardened, which is indicated by following them\nwith a `'` character. This character may need to be escaped from the shell\nthrough backslashes `\\` or double-quotes `\"`.\n\nYou'll need to choose one of the four commands starting with\n`tezos-client import secret key ...` to run. `bip25519` is the standard recommended curve.\n\nThe BIP32 path is the part that in the example commands read `0'/0'`. You\ncan change it, but if you do (and even if you don't), be sure to write\ndown. You need the full address to use your tez. This means that if you\nlose all your devices and need to set everything up again, you will need\nthree things:\n\n  1. The mnemonic phrase -- this is the phrase from your Ledger device itself when you set it up, not the animal mnemonic you see on the command line. They are different.\n  2. Which signing curve you chose\n  3. The BIP32 path, if you used one\n\nThe `tezos-client import secret key` operation copies only the public key; it\nsays \"import secret key\" to indicate that the Ledger hardware wallet's secret key will be\nconsidered available for signing from them on, but it does not leave the Ledger device.\n\nThis sends a BIP32 path to the device. You then need to click a button on the\nLedger device and it sends the public key back to the computer.\n\nAfter you perform this step, if you run the `list known addresses` command, you\nshould see the key you chose in the list:\n\n```\n3$ tezos-client list known addresses\nledger_\u003c...\u003e_ed_0_0: tz1ccbGmKKwucwfCr846deZxGeDhiaTykGgK (ledger sk known)\n```\n\nWe recommend reading as much as possible about BIP32 to ensure you fully understand\nthis.\n\n## Using the Tezos Wallet application (Nano S and X)\n\nThis application and the Tezos Baking Application constitute complementary apps\nfor different use cases -- which could be on paired devices and therefore use\nthe same key, or which could also be used in different scenarios for different\naccounts. Baking is rejected by this app. The Tezos Wallet Application is available\non the Nano S (all versions) and the Nano X (V2.0.1 and later)\n\nThe \"provide address\" command on the Tezos Wallet application shows the address\nthe first time the command is run for any given session. Subsequently, it\nprovides the address without prompting. To display addresses again, exit the\nWallet Application and restart it. This is again provided for testing/initial\nset up purposes.\n\nThe sign command for the Wallet Application prompts every time for transactions\nand other \"unsafe\" operations, with the generic prompt saying \"Sign?\" We hope to\neventually display more transaction details along with this. When block headers\nand endorsements are sent to the Ledger device, they are rejected silently as if the\nuser rejected them.\n\n### Faucet (test networks only)\n\nOn the Tezos test networks, you will need to use the [Tezos Faucet](https://faucet.tzalpha.net/)\nto obtain some tez. Tell them you're not a robot, then click \"Get alphanet tz.\"\nIt works on zeronet and babylonnet (even though the URL says \"alpha\").\n\nRun the following command, where `\u003cyour-name\u003e` is some alias you want to use for\nthis wallet, and `tz1\u003c...\u003e.json` is the name of the file you just downloaded\nfrom the faucet.\n\n```\n$ tezos-client activate account \u003cyour-name\u003e with ~/downloads/tz1\u003c...\u003e.json\nNode is bootstrapped, ready for injecting operations.\nOperation successfully injected in the node.\nOperation hash is 'onxJStKxK1oMPgGskkzc2gDBDyKeQ7CbBYTrcK4TMMySvKZq6vF'.\nWaiting for the operation to be included...\nOperation found in block: BMRjW94ge499sCPAMUTvrp3ku2UjWy9kB2LsjtuJhL1bkcQ85Ny (pass: 2, offset: 0)\nThis sequence of operations was run:\n  Genesis account activation:\n    Account: tz1Vntj2aVpqcQEeHq2CEmNrSGw8finvbFcX\n    Balance updates:\n      tz1Vntj2aVpqcQEeHq2CEmNrSGw8finvbFcX ... +ꜩ66835.212314\n\nAccount \u003cyour-name\u003e (tz1Vntj2aVpqcQEeHq2CEmNrSGw8finvbFcX) activated with ꜩ66835.212314.\n```\n\nYou can then check your account balance like this:\n\n```\n$ tezos-client get balance for \u003cyour-name\u003e\n66835.212314 ꜩ\n```\n\n### Transfer\n\nNow transfer the balance to the account whose key resides on your Ledger device:\n\n```\n$ tezos-client transfer 66000 from chris-martin2 to ledger_\u003c...\u003e_ed_0_0\n```\n\n### Further transaction details\n\nIn general, to send tez, you'll need to:\n\n  * Have a node running\n  * Open the Tezos Wallet application on your hardware wallet\n  * Know the alias of your account or its public key hash\n  * Know the public key hash of the account you are sending tez to\n\nThe command you run has the form:\n\n```\ntezos-client transfer QTY from SRC to DST\n```\n\n  * `QTY` is the amount of tez. It's best to not include commas and to include 6\n    decimal points (ie. 1000000.000000). If you'd prefer to include commas, you can:\n    `1,000,000.000,000`.\n  * `SRC` is the source, or where the money is coming from. This should be your\n    alias or public key has.\n  * `DST` is the destination, or where the money is going. You should use the\n    public key hash, as your computer likely doesn't know any aliases for that\n    account.\n\nSome options which you can consider:\n\n  * `--fee \u003camount\u003e` - The fee defaults to 0.05 tez. If you'd like to select\n    another amount, either because you think that's too high or the network is\n    crowded and a higher fee is needed to ensure it goes through, you can\n    include this with the amount of fee you want to pay (ie. `--fee 0.05` for\n    the default).\n  * `-D` or `--dry-run` - Use this if you just want to display what would happen\n    and not actually do the transaction.\n  * `-G` or `--gas-limit` - This sets the gas limit of the transaction instead.\n\nThere are other options which you can read up about more in the docs, but these\nare the main ones you'd potentially want to use when just sending tez to\nsomeone.\n\n### Delegation\n\nIf you want to delegate tez controlled by an account on the Ledger device to another account to bake, that requires the Wallet App. This is distinct from registering the Ledger device\naccount itself to bake, which is also called \"delegation,\" and which is covered\nin the section on the baking application below.\n\n#### since Babylon protocol upgrade (005)\n\nSince Babylon protocol upgrade, it is now possible to delegate directly from\nan implicit account without creating an originated account.\n\n```\n$ tezos-client set delegate for \u003cSRC\u003e to \u003cDELEGATE\u003e\n```\n\n  * `SRC` is the implicit account that you want to delegate from\n  * `DELEGATE` is the baker that you want to delegate to\n\n#### pre-Babylon\n\nTo delegate tez controlled by a Ledger device to someone else,\nyou must first originate an account. Please read more\nabout this in the Tezos documentation, [How to use Tezos](https://tezos.gitlab.io/master/introduction/howtouse.html), to\nunderstand why this is necessary and the semantics of delegation.\n\nTo originate an account, the command is:\n```\n$ tezos-client originate account \u003cNEW\u003e for \u003cMGR\u003e transferring \u003cQTY\u003e from \u003cSRC\u003e --delegatable\n```\n\n  * `NEW` is the alias you will now give to the originated account. Only originated accounts can\n     be delegated, and even then only if originated with this `--delegatable` flag.\n  * `MGR` is the name of the key you will use to manage the account. If you want to manage it\n    with a Ledger device, it should be an existing imported key from the Ledger hardware wallet.\n  * `QTY` is the initial amount of tez to give to the originated account.\n  * `SRC` is the account where you'll be getting the tez from.\n\nSubsequently, every transaction made with `\u003cNEW\u003e` will require the Ledger hardware wallet mentioned in `\u003cMGR\u003e`\nto sign it. This is done with the wallet application, and includes setting a delegate with:\n\n```\n$ tezos-client set delegate for \u003cNEW\u003e to \u003cDELEGATE\u003e\n```\n\nOriginated accounts have names beginning with `KT1` rather than `tz1`, `tz2` or `tz3`.\n\n### Signing Michelson\nThe wallet app allows you to sign packed Michelson values. This can be useful when interacting with a Michelson contract that\nuses `PACK` and `CHECK_SIGNATURE` (multisig contracts use this functionality). \n\nHere is an example:\n```\ntezos-client hash data '\"hello world!\"' of type string\ntezos-client sign bytes \u003cbytes\u003e for \u003cmy-ledger\u003e\n```\nThe ledger will prompt with `Unrecognized Michelson: Sign Hash` and the hash of the data\n\n### Proposals and Voting\n\nTo submit (or upvote) a proposal during the Proposal Period, open the Wallet application on your ledger and run\n\n```\n$ tezos-client submit proposals for \u003cACCOUNT\u003e \u003cPROTOCOL-HASH\u003e\n```\n\nThe Wallet application will then ask you to confirm the various details of the proposal submission.\n\n**Note:** While `tezos-client` will let you submit multiple proposals at once with this command, submitting more than one will cause the Wallet application to show \"Sign Hash\" instead of showing each field of each proposal for your confirmation. Signing an operation that you can't confirm is not safe and it is highly recommended that you simply submit each proposal one at a time so you can properly confirm the fields on the ledger device. To manually confirm the hash, refer to [Manually Confirming Operation Hashes](#Manually-Confirming-Operation-Hashes).\n\nVoting for a proposal during the Exploration or Promotion Vote Period also requires that you have the Wallet application open. You can then run\n\n```\n$ tezos-client submit ballot for \u003cACCOUNT\u003e \u003cPROTOCOL-HASH\u003e \u003cyea|nay|pass\u003e\n```\n\nThe Wallet application will ask you to confirm the details of your vote.\n\nKeep in mind that only registered delegate accounts can submit proposals and vote. Each account can submit up to 20 proposals per proposal period and vote only once per voting period. For a more detailed post on participating during each phase of the amendment process, see this [Medium post](https://medium.com/@obsidian.systems/voting-on-tezos-with-your-ledger-nano-s-8d75f8c1f076). For a full description of how voting works, refer to the [Tezos documentation](https://gitlab.com/tezos/tezos/blob/master/docs/whitedoc/voting.rst).\n\n### Manually Confirming Operation Hashes\n\nMany operations are too large or complex for Tezos Wallet to show you enough detail on the device that you could safely confirm it. For example, it is possible to create an operation that includes hundreds of transactions. It is not feasible to confirm all of them on a tiny device screen. For any operation that Tezos Wallet can't easily confirm via screen prompts, it will instead show you the \"Sign Hash\" prompt. This shows you a *hash* of the entire operation that you should cross-check with another source. `tezos-client` will show you this hash if you ask it to run the operation with `--verbose-signing`. This will include additional output like the following:\n\n```\nPre-signature information (verbose signing):\n  * Branch: BMRELbkCkHvCAr2vZfavjYUKXLbKrGvX6oN3qNEDKPjp8aJHqRm\n  * Watermark: `Generic-operation` (0x03)\n  * Operation bytes:\n    e0ac9e16f0005865f71bcf039d10ec2bb8d604210c9139968949f64ea5c9d1320500aed01\n    1841ffbb0bcc3b51c80f2b6c333a1be3df00000000000000040ab22e46e7872aa13e366e4\n    55bb4f5dbede856ab0864e1da7e122554579ee71f876cd995a324193bbe09ac2d5c53f69f\n    93778f8d608f1fea885f9b53e0abdb6e4\n  * Blake 2B Hash (raw): Hnw7wQsfv8fvMUejXNJ31NauapEtzLZg859JwqNUEDEE\n  * Blake 2B Hash (ledger-style, with operation watermark):\n    C5Qkk9tTwaUbhnrN29JpXSmsYCEi1uhM8rSsentBwmbN\n  * JSON encoding:\n    { \"branch\": \"BMRELbkCkHvCAr2vZfavjYUKXLbKrGvX6oN3qNEDKPjp8aJHqRm\",\n      \"contents\":\n        [ { \"kind\": \"proposals\",\n            \"source\": \"tz1baMXLyDZ7nx7v96P2mEwM9U5Rhj5xJUnJ\", \"period\": 0,\n            \"proposals\":\n              [ \"Pt24m4xiPbLDhVgVfABUjirbmda3yohdN82Sp9FeuAXJ4eV9otd\",\n                \"Psd1ynUBhMZAeajwcZJAeq5NrxorM6UCU4GJqxZ7Bx2e9vUWB6z\" ] } ] }\n```\n\nHere, the hash under `Blake 2B Hash (ledger-style, with operation watermark)` is `C5Qkk9tTwaUbhnrN29JpXSmsYCEi1uhM8rSsentBwmbN` and should match the hash on the Ledger screen.\n\nTo be truly confident in the correctness of this operation, run the same operation multiple times from different places. `tezos-client` has two options to help with this: `--dry-run` which skips the last step of injecting the operation into the chain, and `--block \u003cblock-hash\u003e` to pin an operation to a specific block.\n\n## Using the Tezos Baking Application (Nano S only)\n\nThe Tezos Baking Application supports the following operations:\n\n  1. Get public key\n  2. Setup ledger for baking\n  3. Reset high watermark\n  4. Get high watermark\n  5. Sign (blocks and endorsements)\n\nIt will only sign block headers and endorsements, as the purpose of the baking\napplication is that it cannot be co-opted to perform other types of operations (like\ntransferring XTZ). If a Ledger device is running with the Tezos Baking Application, it\nis the expectation of its owner that no transactions will need to be signed with\nit. To sign transactions with that Ledger device, you will need to switch it to using\nthe Tezos Wallet application, or have the Tezos Wallet application installed on\na paired device. Therefore, if you have a larger stake and bake frequently, we\nrecommend the paired device approach. If, however, you bake infrequently and can\nafford to have your baker offline temporarily, then switching to the Tezos\nWallet application on the same Ledger device should suffice.\n\n\n### Start the baking daemon\n\n```\n$ tezos-baker-005-PsBabyM1 run with local node ~/.tezos-node ledger_\u003c...\u003e_ed_0_0\n```\n\nThis won't actually be able to bake successfully yet until you run the rest of\nthese setup steps. This will run indefinitely, so you might want to do it in\na dedicated terminal or in a `tmux` or `screen` session.\n\nYou will also want to start the endorser and accuser daemons:\n\n```\n$ tezos-endorser-005-PsBabyM1 run ledger_\u003c...\u003e_ed_0_0\n$ tezos-accuser-005-PsBabyM1 run\n```\n\nAgain, each of these will run indefinitely, and each should be in its own terminal\n`tmux`, or `screen` window.\n\n*Note*: The binaries shown above all correspond to current Tezos mainnet protocol. When the Tezos protocol upgrades, the binaries shown above will update to, for instance, `tezos-baker-006-********`.\n\n### Setup ledger device to bake and endorse\n\nYou need to run a specific command to authorize a key for baking. Once a key is\nauthorized for baking, the user will not have to approve this command again. If\na key is not authorized for baking, signing endorsements and block headers with\nthat key will be rejected. This authorization data is persisted across runs of\nthe application, but not across application installations. Only one key can be authorized for baking per Ledger hardware wallet at a\ntime.\n\nIn order to authorize a public key for baking, use the APDU for setting up the ledger device to bake:\n\n    ```\n    $ tezos-client setup ledger to bake for \u003cALIAS\u003e\n    ```\n\n    This only authorizes the key for baking on the Ledger device, but does\n    not inform the blockchain of your intention to bake. This might\n    be necessary if you reinstall the app, or if you have a different\n    paired Ledger device that you are using to bake for the first time.\n\n### Registering as a Delegate\n\n*Note: The ledger device will not sign this operation unless you have already setup the device to bake using the command in the previous section.*\n\nIn order to bake from the Ledger device account you need to register the key as a\ndelegate. This is formally done by delegating the account to itself. As a\nnon-originated account, an account directly stored on the Ledger device can only\ndelegate to itself.\n\nOpen the Tezos Baking Application on the device, and then run this:\n\n```\n$ tezos-client register key \u003cALIAS\u003e as delegate\n```\n\nThis command is intended to inform the blockchain itself of your intention to\nbake with this key. It can be signed with either Tezos Wallet or Tezos Baking, however\nTezos Baking can only sign self-delegations.\n\n### Sign\n\nThe sign operation is for signing block headers and endorsements.\n\nBlock headers must have monotonically increasing levels; that is, each\nblock must have a higher level than all previous blocks signed with the Ledger device.\nThis is intended to prevent double baking and double endorsing at the device level, as a security\nmeasure against potential vulnerabilities where the computer might be tricked\ninto double baking. This feature will hopefully be a redundant precaution, but\nit's implemented at the device level because the point of the Ledger hardware wallet is to not\ntrust the computer. The current High Watermark (HWM) -- the highest level to\nhave been baked so far -- is displayed on the device's screen, and is also\npersisted between runs of the device.\n\nThe sign operation will be sent to the hardware wallet by the baking daemon when\nconfigured to bake with a Ledger device key. The Ledger device uses the first byte of the\ninformation to be signed -- the magic number -- to tell whether it is a block\nheader (which is verified with the High Watermark), an endorsement (which is\nnot), or some other operation (which it will reject, unless it is a\nself-delegation).\n\nWith the exception of self-delegations, as long as the key is configured and the\nhigh watermark constraint is followed, there is no user prompting required for\nsigning. Tezos Baking will only ever sign without prompting or reject an\nattempt at signing; this operation is designed to be used unsupervised. As mentioned,\n the only exception to this is self-delegation.\n\n### Reset High Watermark\n\nWhen updating the version of Tezos Baking you are using or if you are switching baking to\n a new ledger device, we recommend setting the HWM to the current head block level of the blockchain.\nThis can be accomplished with the reset command. The following command requires an explicit\nconfirmation from the user:\n\n```\n$ tezos-client set ledger high watermark for \"ledger://\u003ctz...\u003e/\" to \u003cHWM\u003e\n```\n\n`\u003cHWM\u003e` indicates the new high watermark to reset to. Both the main and test chain HWMs will be\nsimultaneously changed to this value.\n\nIf you would like to know the current high watermark of the ledger device, you can run:\n\n```\n$ tezos-client get ledger high watermark for \"ledger://\u003ctz...\u003e/\"\n```\n\nWhile the ledger device's UI displays the HWM of the main chain it is signing on, it will not\ndisplay the HWM of a test chain it may be signing on during the 3rd period of the Tezos Amendment Process.\nRunning this command will return both HWMs as well as the chain ID of the main chain.\n\n## Upgrading\n\nWhen you want to upgrade to a new version, whether you built it yourself from source\nor whether it's a new release of the `app.hex` files, use the same commands as you did\nto originally install it. As the keys are generated from the device's seeds and the\nderivation paths, you will have the same keys with every version of this Ledger hardware wallet app,\nso there is no need to re-import the keys with `tezos-client`.\n\n### Special Upgrading Considerations for Bakers\n\nIf you've already been baking on an old version of Tezos Baking, the new version will\nnot remember which key you are baking with nor the High Watermark. You will have to re-run\nthis command to remind the hardware wallet what key you intend to authorize for baking. As shown, it can\nalso set the HWM:\n\n```\n$ tezos-client setup ledger to bake for \u003cALIAS\u003e --main-hwm \u003cHWM\u003e\n```\n\nAlternatively, you can also set the High Watermark to the level of the most recently baked block with a separate command:\n\n```\n$ tezos-client set ledger high watermark for \"ledger://\u003ctz...\u003e/\" to \u003cHWM\u003e\n```\n\nThe latter will require the correct URL for the Ledger device acquired from:\n\n```\n$ tezos-client list connected ledgers\n```\n\n## Troubleshooting\n\n### Display Debug Logs\n\nIf you are worried about bugs, you should configure your system to display debug logs. Add the\nfollowing line to `~/.bashrc` and to `~/.bash_profile`, or set the equivalent environment\nvariable in whatever system you use to launch your daemons:\n\n```\nexport TEZOS_LOG=\"client.signer.ledger -\u003e debug\"\n```\n\nIf you have a bug report, it is far more likely we'll be able to fix it if you include the\nentire output of the transaction, including debug messages enabled by that command above.\nPlease copy and paste the entire run of the command (for `tezos-client`) or everything\ninvolving the failed block level and the previous one (for baking); if you need to anonymize\nthe PKH then please do so by using `XXX` or similar rather than by removing those entire lines.\nWe need as much context as possible to help troubleshoot.\n\n`script` is also a useful command for logging all the output of a long-running process.\nIf you run `script \u003cfile-name\u003e` it opens a new shell where everything output and typed\nis also output to that file, giving you a transcript of your terminal session.\n\n### Importing a Fundraiser Account to a Ledger Device\n\nYou currently cannot directly import a fundraiser account to the Ledger device. Instead, you'll first need to import your fundraiser account to a non-hardware wallet address from which you can send the funds to an address on the ledger. You can do so with wallet providers such as [Galleon](https://galleon-wallet.tech/) or [TezBox](https://tezbox.com/).\n\n### Two Ledger Devices at the Same Time\n\nTwo Ledger devices with the same seed should not ever be plugged in at the same time. This confuses\n`tezos-client` and other client programs. Instead, you should plug only one of a set of paired\nledgers at a time. Two Ledger devices of different seeds are fine and are fully supported,\nand the computer will automatically determine which one to send information to.\n\nIf you have one running the baking app, it is bad for security to also have the wallet app\nplugged in simultaneously. Plug the wallet application in as-needed, removing the baking app, at a time\nwhen you are not going to be needed for endorsement or baking. Alternatively, use a different\ncomputer for wallet transactions.\n\n### unexpected seq num\n\n```\n$ client/bin/tezos-client list connected ledgers\nFatal error:                                                                                                                                        Header.check: unexpected seq num\n```\n\nThis means you do not have the Tezos application open on your device.\n\n### No device found\n\n```\n$ tezos-client list connected ledgers\nNo device found.\nMake sure a Ledger device is connected and in the Tezos Wallet app.\n```\n\nIn addition to the possibilities listed in the error message, this could also\nmean that your udev rules are not set up correctly.\n\n### Unrecognized command\n\nIf you see an `Unrecognized command` error, it might be because there is no node for `tezos-client`\nto connect to. Please ensure that you are running a node. `ps aux | grep tezos-node` should display\nthe process information for the current node. If it displays nothing, or just displays a `grep`\ncommand, then there is no node running on your machine.\n\n### Ledger Application Crashes\n\nIf the Ledger application crashes when you load it, there are two primary causes:\n\n  * Quitting the `tezos-client` process before the device responds. Even if you meant to cancel\n    the operation in question, cancel it from the device before pressing Ctrl-C, otherwise you\n    might have to restart the Ledger device.\n  * Out of date firmware: If the Ledger application doesn't work at all, make sure you are running firmware\n    version 1.6.0.\n\n### Tezos Baking: Screen does blank and the device no longer responds to requests\n\nOn Ledger firmware 1.6.0 with the default MCU firmware, the device's screen can go blank while running Tezos Baking and the device may stop responding to requests. This is due to an issue in the device's MCU firmware. Please upgrade it using this tool, distributed by Ledger - https://ledger-live-tools.now.sh/mcu-repair. You will need to use a browser with webHID, such as Chrome. After a successful upgrade, the device's MCU firmware should report as 1.12.\n\n### Error \"Unexpected sequence number (expected 0, got 191)\" on macOS\n\nIf `tezos-client` on macOS intermittently fails with an error that looks like\n\n```\nclient.signer.ledger: APDU level error: Unexpected sequence number (expected 0, got 191)\n```\n\nthen your installation of `tezos-client` was built with an older version of HIDAPI that doesn't work well with macOS (see [#30](https://github.com/obsidiansystems/ledger-app-tezos/issues/30)).\n\nTo fix this you need to get the yet-unreleased fixes from the [HIDAPI library](https://github.com/signal11/hidapi) and rebuild `tezos-client`.\n\nIf you got HIDAPI from Homebrew, you can update to the `master` branch of HIDAPI like this:\n\n```shell\n$ brew install hidapi --HEAD\n```\n\nThen start a full rebuild of `tezos-client` with HIDAPI's `master` branch:\n\n```shell\n$ brew unlink hidapi   # remove the current one\n$ brew install autoconf automake libtool  # Just keep installing stuff until the following command succeeds:\n$ brew install hidapi --HEAD\n```\n\nFinally, rebuild `ocaml-hidapi` with Tezos. In the `tezos` repository:\n\n```shell\n$ opam reinstall hidapi\n$ make all build-test\n$ ./tezos-client list connected ledgers  # should now work consistently\n```\n\nNote that you may still see warnings similar to `Unexpected sequence number (expected 0, got 191)` even after this update. The reason is that there is a separate, more cosmetic, issue in `tezos-client` itself which has already been fixed but may not be in your branch yet (see the [merge request](https://gitlab.com/tezos/tezos/merge_requests/600)).\n\n### Command Line Installations: \"This app is not genuine\"\n\nIf you install a Ledger application, such as Tezos Wallet or Tezos Baking, outside of Ledger Live you will see the message \"This app is not genuine\" followed by an Indentifier when opening the app. This message is generated by the device firmware as a warning to the user whenever an application is installed outside Ledger Live. Ledger signs the applications available in Ledger Live to verify their authenticity, but the same applications available elsewhere, such as from this repo, are not signed by Ledger. As a result, the user is warned that the app is not \"genuine\", i.e. signed by Ledger. This helps protect users who may have accidentally downloaded an app from a malicious client without knowing it. Note that the application available from this repo's [releases page](https://github.com/obsidiansystems/ledger-app-tezos/releases/tag/v2.2.7) is otherwise no different from the one downloaded from Ledger Live.\n\n## Contact Us\nYou can email us at tezos@obsidian.systems and request to join our Slack.\nWe have several channels about baking and one specifically for our Ledger applications.\nYou can ask questions and get answers from Obsidian staff or from the community.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fobsidiansystems%2Fledger-app-tezos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fobsidiansystems%2Fledger-app-tezos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fobsidiansystems%2Fledger-app-tezos/lists"}