Install of Ledger app 3.0.1 on Ubuntu 20.04 fails with Ledger Nano S Plus on firmware 1.0.4

Hi,

I am getting the following error message when trying to install the ledger app on my Ledger Nano S Plus on Ubuntu 20.04:
Traceback (most recent call last):
File “/usr/lib/python3.8/runpy.py”, line 194, in _run_module_as_main
return _run_code(code, main_globals, None,
File “/usr/lib/python3.8/runpy.py”, line 87, in _run_code
exec(code, run_globals)
File “/usr/local/lib/python3.8/dist-packages/ledgerblue/loadApp.py”, line 295, in
loader.commit(signature)
File “/usr/local/lib/python3.8/dist-packages/ledgerblue/hexLoader.py”, line 313, in commit
self.exchange(self.cla, 0x00, 0x00, 0x00, data)
File “/usr/local/lib/python3.8/dist-packages/ledgerblue/hexLoader.py”, line 189, in exchange
return self.scpUnwrap(bytes(self.card.exchange(apdu)))
File “/usr/local/lib/python3.8/dist-packages/ledgerblue/comm.py”, line 145, in exchange
raise CommException(“Invalid status %04x (%s)” % (sw, possibleCause), sw, response)
ledgerblue.commException.CommException: Exception : Invalid status 570b (Unknown reason)

Is this due to the firmware version (Concordium states 1.0.3 on the website), or maybe due to the fact that I initially loaded the custom certificate under firmware version 1.0.2?
(The install then subsequently also failed, at which point I checked the firmware version and upgraded to 1.0.4 - there’s no option in Ledger Live to select 1.0.3. Unfortunately, I initially assumed since the device is new, it would have been on the current version loaded, which was not the case…).

When I try to re-load the certificate in recovery mode, I get the following:
Traceback (most recent call last):
File “/usr/lib/python3.8/runpy.py”, line 194, in _run_module_as_main
return _run_code(code, main_globals, None,
File “/usr/lib/python3.8/runpy.py”, line 87, in _run_code
exec(code, run_globals)
File “/usr/local/lib/python3.8/dist-packages/ledgerblue/setupCustomCA.py”, line 60, in
loader.setupCustomCA(args.name, public)
File “/usr/local/lib/python3.8/dist-packages/ledgerblue/hexLoader.py”, line 508, in setupCustomCA
self.exchange(self.cla, 0x00, 0x00, 0x00, data)
File “/usr/local/lib/python3.8/dist-packages/ledgerblue/hexLoader.py”, line 189, in exchange
return self.scpUnwrap(bytes(self.card.exchange(apdu)))
File “/usr/local/lib/python3.8/dist-packages/ledgerblue/comm.py”, line 145, in exchange
raise CommException(“Invalid status %04x (%s)” % (sw, possibleCause), sw, response)
ledgerblue.commException.CommException: Exception : Invalid status 661e (Unknown reason)

Would I need to delete the existing certificate somehow, before I can re-start the process of loadcertificate.sh and install.sh, this time under firmware 1.0.4, or is there a general incompatibility of the ledger app 3.0.1 with 1.0.4?

Many thanks,
Wolfgang

Forgot to add: I tried install.sh in both, recovery and normal mode, as well as in normal mode with and without Ledger Live running (which I understand should be closed while installing) - both made no difference.

This thread: [Support for Ledger Nano X - Wallets - Concordium] (Support for Ledger Nano X - #3 by kamil) seems to suggest that a 570b error indicates that the certificate is missing or not found. So I guess this needs to be loaded again after the firmware upgrade. Any ideas how that can be done, since I now get error 661e when running loadcertificate.sh?

Hello Wolfgang

The new firmware version 1.0.4 has been released for the ledger nano s plus and you cannot update/install the certificate or update the ledger app. The reason is that Ledger have not made 1.0.4 public in the repository (GitHub - LedgerHQ/nanosplus-secure-sdk), so we cannot take a look at what the new release contains, and we are waiting for that the SDK will be released.

Regards,
Concordium Tech Support

Hi Zoltan,

thanks for your quick reply, and explanation!

So what can I do for now, if I can’t uninstall or update the certificate, would it help then to factory-reset the device (there’s nothing other than the certificate on it right now) and do things in the right order (i.e. firmware 1.0.4 → certificate → Concordium ledger app), or would I still be stuck with the install.sh error I encountered with 3.0.1 until the SDK is released?

What is your best guess how long it will take for Ledger to release this? Looking at the 1.0.4 release note it seems there’s only a minor change to the software (different PIN login screen), and if (based on your experience with Ledger) it won’t take too long, I would rather wait than factory-reset (assuming that would fix the install.sh issue in the first place).

Many thanks in advance.

Wolfgang

Just to add: on the referenced repo there’s an entry “add: lns+ 1.0.4 integration” - I assume that in itself is not sufficient?

Hello Wolfgang

I just spoke with the developers, and they are working on the new version. It will be available latest the next week, or maybe already this week.

Regards,
Concordium Tech Support

Hi Zoltan,

that’s great news, thanks a lot!

Kind regards,
Wolfgang

Hello

The newest Concordium Ledger app is out. Downloads - Mainnet — Concordium documentation

Regards,
Concordium Tech Support

Hi Zoltan,

thanks for the update! Will try it out today.

Kind regards,
Wolfgang

Hi Zoltan,

OK, the good news is that this worked, I managed to install the ledger app on the device.

Unfortunately, now I am stuck at the point of requesting a new identity on Concordium Desktop Wallet:
according to the description (Create an identity — Concordium documentation), I select one of the identity providers, and enter the PIN to unlock the device. Then I select the Concordium app on the device, which displays “Concordium is ready”. At this point the Desktop Wallet interacts briefly with the device (the icon in the middle is moving), but then returns to “Waiting for device. Please connect your Ledger.”.

In other words, the process is stuck at step nr. 5 and I cannot proceed to 6. Is this maybe also related to the new firmware version, and I would need to wait until a new version of the Desktop Wallet has been released for firmware 1.0.4?

Kind regards,
Wolfgang

Can you be sure, that the Ledger live app is closed?

Hi Zoltan,

yes, tried it both ways a couple of times to be sure.

Kind regards,
Wolfgang

Did you try to update everything to the newest version? Downloads - Mainnet — Concordium documentation

If nothing helps, maybe try from stretch… But until now, nobody reported this issue, beside you.

My desktop wallet is already on the current release - I verified this by using the checksum command:
~/Downloads$ sha256sum concordium-desktop-wallet-1.5.0.deb
ef0237f30e1c435323ef2eff2df82a23ffbb54b7c0b329666a07c78fb61119f1 concordium-desktop-wallet-1.5.0.deb

This is the same checksum as is published on the page you linked. So don’t think re-installing the desktop wallet would change anything. I also tried removing the device and plugging in again, as well asl rebooting the server, but no luck :-/

Did you test desktop wallet 1.5.0 (Debian install) with firmware 1.0.4 already, and if so, which Ubuntu release did you use? I noticed that Concordium now also references 22.04, and I am still running 20.04, so I could try upgrading the OS…

Hello Wolfgang

One of my colleges mentioned a solution, maybe that can help:

The new version was tested on ubuntu 20.04, with .deb and appImage versions.
The behavior does sound like that of a previous version of the wallet, can you confirm that it says 1.5.0 in the left corner when the wallet is open?
(And can you try the appImage version?)

Perhaps you need to update the udev rules?
(step 4 for linux at https://support.ledger.com/hc/en-us/articles/4404389606417-Download-and-install-Ledger-Live)

BTW, do I need to have the Concordium Client v4.2.0 installed, is this utilized implicitly by the Desktop Wallet?

Yes, definitely V1.5.0.

Will try the AppImage version next. The step 4 (udev rules) was executed previously, that should be OK.

Hi Zoltan,

I just tried the appImage version as well, and same result unfortunately. It does not seem to identify the device correctly. I have also noticed that the light indicators on the left side of the desktop app remain on red, please see attached screenshot. Is there any diagnostics possible that would give a log info of why the red esclamation mark appears, or which details the connection attempt that I can see as soon as I open the Concordium ledger app on the device for a couple of seconds, but then fails?

Kind regards,
Wolfgang

Try to press alt key, and from the help menu - export logs, and try to send it. Maybe we can see there, what is going on with your wallet app.