Install Ledger Live on Qubes
Install Ledger Live on Qubes (Whonix AppVM)
Basics
Copy & Paste
How to copy from this document and paste into your Terminal?
At Origin:
Ctrl+C
Ctrl+Shift+C
At Destination:
Ctrl+Shift+V
Click: Edit / Paste
Formatting
I will explain
where to click with your mouse
what see in the terminalwhat to copy & paste into the created files on terminal.
Requirements
I assume you have already installed Qubes on your Laptop. If not, check out this guide: here
1. Create Qubes
Click: Q / Create Qubes VM
Name and label = ledger
Type = Qube based on a template (AppVM)
Template = whonix-ws-16
Networking = sys-whonix
2. Download Ledger live
2.1 Create folder
Click: Q / Domain: ledger / ledger: Xfce Terminal
user@host:~$ mkdir ledger && cd ledger2.2 Download latest ledger-live
user@host:~/ledger$ xdg-open https://download-live.ledger.com/releases/latest/download/linuxEnter
Pop up window [ledger] confirm open
Click: yes
Pop up window [ledger] download from external file type
Click: Download file
Click: save file
Save file ledger-live-desktop-2.36.2-linux-x86_64.AppImage* to home/user/ledger
Wait until file downloaded
Return to terminal.
Ctrl + C
*Current version: 2.36.2. Your version may be a newer version. ➤ In subsequent commands replace 2.36.2 with your version number
2.3 Check if Download successful
user@host:~/ledger$ lsTerminal returns:
ledger-live-desktop-2.36.2-linux-x86_64.AppImage2.4 Make AppImage executable
user@host:~/ledger$ chmod u+x ledger-live-desktop-2.36.2-linux-x86_64.AppImage3 Verify ledger live
Optional step, but recommended for security.
3.1 download files
user@host:~/ledger$ xdg-open https://www.ledger.com/ledger-live/lld-signaturesdownload 3 files:
ledger-live-desktop-2.36.2.sha512sum
ledgerlive.pem
ledger-live-desktop-2.36.2.sha512sum.sig
save files to ledger folder
3.2 check if files downloaded
user@host:~/ledger$ lsTerminal returns:
ledger-live-desktop-2.36.2-linux-x86_64.AppImage
ledger-live-desktop-2.36.2.sha512sum
ledger-live-desktop-2.36.2.sha512sum.sig
ledgerlive.pem3.2 double check public key
The public key on https://github.com/LedgerHQ/ledger-live-desktop/blob/master/src/main/updater/ledger-pubkey.js
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEN7qcsG6bogi1nkD3jnMWS813wWguYEcICRcijSvFskSFjHB5la4xUt+Omb2t6iUwop+JRy+EUhy0UQ9p/cPsQA==
should match the public key on:
user@host:~/ledger$ cat ledgerlive.pem3.3 check signature
user@host:~/ledger$ openssl dgst -sha256 -verify ledgerlive.pem -signature ledger-live-desktop-2.36.2.sha512sum.sig ledger-live-desktop-2.36.2.sha512sumTerminal returns:
Verified OK3.4 check ledger live
The hash in this file …
user@host:~/ledger$ cat ledger-live-desktop-2.36.2.sha512sum… matches the hash from the AppImage
user@host:~/ledger$ sha512sum ledger-live-desktop-2.36.2-linux-x86_64.AppImageTerminal returns contains the same hash (e.g.)
af11ba6f4bf0b27e03bda4eda4d1eb86bd90bb0e9b6ca26304eb98011cbeabef80bc5b82bec843783bb6a28c8d8811eff56091385570d334f8e87aeb0b212dab ledger-live-desktop-2.36.2-linux-x86_64.AppImage3.5 Add udev rules
user@host:~/ledger$ nano 20-hw1.rulespaste:
# HW.1 / Nano
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1b7c|2b7c|3b7c|4b7c", TAG+="uaccess", TAG+="udev-acl"
# Blue
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0000|0000|0001|0002|0003|0004|0005|0006|0007|0008|0009|000a|000b|000c|000d|000e|000f|0010|0011|0012|0013|0014|0015|0016|0017|0018|0019|001a|001b|001c|001d|001e|001f", TAG+="uaccess", TAG+="udev-acl"
# Nano S
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001|1000|1001|1002|1003|1004|1005|1006|1007|1008|1009|100a|100b|100c|100d|100e|100f|1010|1011|1012|1013|1014|1015|1016|1017|1018|1019|101a|101b|101c|101d|101e|101f", TAG+="uaccess", TAG+="udev-acl"
# Aramis
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0002|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009|200a|200b|200c|200d|200e|200f|2010|2011|2012|2013|2014|2015|2016|2017|2018|2019|201a|201b|201c|201d|201e|201f", TAG+="uaccess", TAG+="udev-acl"
# HW2
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0003|3000|3001|3002|3003|3004|3005|3006|3007|3008|3009|300a|300b|300c|300d|300e|300f|3010|3011|3012|3013|3014|3015|3016|3017|3018|3019|301a|301b|301c|301d|301e|301f", TAG+="uaccess", TAG+="udev-acl"
# Nano X
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0004|4000|4001|4002|4003|4004|4005|4006|4007|4008|4009|400a|400b|400c|400d|400e|400f|4010|4011|4012|4013|4014|4015|4016|4017|4018|4019|401a|401b|401c|401d|401e|401f", TAG+="uaccess", TAG+="udev-acl"
source: here
save with:
Ctrl+x
y
Enter
4 Add start script
user@host:~/ledger$ cd && nano ledger-liveRemember always change the name of the AppImage (here: 2.36.2) to the correct version
Paste:
sudo cp ledger/20-hw1.rules /etc/udev/rules.d/
cd ledger
File=$(find -name "*.AppImage")
./$File
save with:
Ctrl+x
y
Enter
Make script executable
user@host:~$ chmod u+x ledger-liveNow you can start Leger-Live via command line (Step 5) or optionally you can create a link in the Qubes start menu (Step 4b).
4b Link desktop file
Click: Q / Domain: whonix-ws-16 / whonix-ws-16: Xfce Terminal
Attention! We are now in “wgibux-ws-16” not in “leger”.
user@host:~$ sudo nano /usr/share/applications/ledger.desktopPaste:
[Desktop Entry]
Name=Ledger Live
Comment=Ledger Live - Desktop
Exec=bash -c '~/ledger-live'
Terminal=false
Type=Application
Icon=money-manager-ex
StartupWMClass=Ledger Live
MimeType=x-scheme-handler/ledgerhq;
Categories=Finance;
Save
Ctrl+x
y
Enter
Click: Q / Domain: ledger / ledger: Qubes settings / Applications
Click on “Ledger Live” in the list of available Applications and add to selected Applications
5 Start Ledger Live
You can either start ledger-live from the terminal
user@host:~$ ./ledger-liveor more convenient (if you executed step 4b):
Click: Q / Domain: ledger / ledger: Ledger Live
Plug in Ledger USB
Enter Pin into Leger
Add USB Ledger to VM ledger
Click: Qubes Devises / sys-usb:2-1 – Ledger_Nano_X_0001 / ledger (+)
Was this guide helpful for your? I appreciate your feedback.
Disclaimer: I’m neither associated with Qubes, nor Ledger nor have an IT background. This walk through should make your live a bit easier and safe your time. But the ultimate responsibility securing your computer and your crypto is with you.
The first time I found this, I didn't know any of this stuff and I was skeptical (no offense, I think that's just healthy security). But having learned all of this, I just came across it again. And it's spot on. I knew all of these pieces but you saved me a bunch of time putting them all together. I can vouch for every part of this, it's all accurate and a good way to do it.
Dang, that's a nice walk through. Thank you!