LedgerHQ · bboilot-ledger · Sep 24, 2025 · Sep 25, 2025 · Sep 25, 2025 · Sep 26, 2025
diff --git a/.github/workflows/build_and_functional_tests.yml b/.github/workflows/build_and_functional_tests.yml
@@ -76,6 +76,29 @@ jobs:
     uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_ragger_tests.yml@v1
     with:
       download_app_binaries_artifact: "memory_elfs"
-      test_options: " -s 2>&1 | tools/valground.py -q"
       run_for_devices: '["nanox"]'
       upload_snapshots_on_failure: false
+      capture_file: pytest-logs-combined
+
+  ragger_mem__results:
+    name: Process pytest logs
+    if: always()
+    needs: ragger_mem_tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone
+        uses: actions/checkout@v4
+
+      - name: Download and process pytest logs
+        if: always()
+        uses: actions/download-artifact@v4
+        with:
+          name: pytest-logs-combined
+          path: logs
+
+      - name: Process logs with valground
+        if: always()
+        run: |
+          if [ -f logs/pytest-logs-combined.log ]; then
+            cat logs/pytest-logs-combined.log | tools/valground.py -q
+          fi
diff --git a/.github/workflows/cflite_cron.yml b/.github/workflows/cflite_cron.yml
diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml
diff --git a/.github/workflows/clusterfuzzlite.yml b/.github/workflows/clusterfuzzlite.yml
@@ -0,0 +1,18 @@
+name: ClusterFuzzLite fuzzing tests
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '0 13 * * 6'  # At 01:00 PM, only on Saturday
+
+permissions: read-all
+
+jobs:
+  Fuzzing:
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_clusterfuzz_tests.yml@v1
+    with:
+      exec_mode: ${{ github.event_name }}
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
@@ -12,15 +12,6 @@ on:
 jobs:
   misspell:
     name: Check misspellings
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          submodules: true
-
-      - name: Check misspellings
-        uses: codespell-project/actions-codespell@v2
-        with:
-          builtin: clear,rare
-          check_filenames: true
-          path: src, src_bagl, src_features, src_nbgl, src_plugins, doc, client
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_spell_check.yml@v1
+    with:
+      src_path: src, doc, client
diff --git a/.github/workflows/lint-workflow.yml b/.github/workflows/lint-workflow.yml
@@ -23,10 +23,3 @@ jobs:
     with:
       source: './'
       extensions: 'h,c'
-
-  yamllint:
-    name: Check yaml files
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - run: yamllint .
diff --git a/.github/workflows/yml-workflow.yml b/.github/workflows/yml-workflow.yml
@@ -0,0 +1,22 @@
+---
+name: Yaml style check
+
+# This workflow will run linting checks to ensure a level of uniformization among all Ledger applications.
+#
+# The presence of this workflow is mandatory as a minimal level of linting is required.
+# You are however free to modify the content of the .clang-format file and thus the coding style of your application.
+# We simply ask you to not diverge too much from the linting of the Boilerplate application.
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  check_linting:
+    name: Check linting using the reusable workflow
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_yaml_lint.yml@v1
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,8 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.20.0](../../compare/1.19.3...1.20.0) - 2025-xx-xx
+
 ## [1.19.3](../../compare/1.19.2...1.19.3) - 2025-10-23
 
 ### Changed

diff --git a/Makefile b/Makefile
@@ -36,12 +36,12 @@ endif
 include ./makefile_conf/chain/$(CHAIN).mk
 
 APPVERSION_M = 1
-APPVERSION_N = 19
-APPVERSION_P = 3
-APPVERSION = $(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)
+APPVERSION_N = 20
+APPVERSION_P = 0
+APPVERSION = $(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)-dev
 
 # Application source files
-APP_SOURCE_PATH += src src_features src_plugins src_nbgl
+APP_SOURCE_PATH += src
 APP_SOURCE_FILES += $(filter-out ./ethereum-plugin-sdk/src/main.c, $(wildcard ./ethereum-plugin-sdk/src/*.c))
 INCLUDES_PATH += ./ethereum-plugin-sdk/src
 
@@ -98,7 +98,6 @@ CURVE_APP_LOAD_PARAMS += secp256k1
 # and SLIP-0044 standards.
 # If your app needs it, you can specify multiple path by using:
 # `PATH_APP_LOAD_PARAMS = "44'/1'" "45'/1'"`
-PATH_APP_LOAD_PARAMS += "45'" "44'/1'"
 
 # Setting to allow building variant applications
 # - <VARIANT_PARAM> is the name of the parameter which should be set

diff --git a/client/src/ledger_app_clients/ethereum/client.py b/client/src/ledger_app_clients/ethereum/client.py
@@ -25,6 +25,9 @@ class TrustedNameType(IntEnum):
     ACCOUNT = 0x01
     CONTRACT = 0x02
     NFT = 0x03
+    TOKEN = 0x04
+    WALLET = 0x05
+    CONTEXT_ADDRESS = 0x06
 
 
 class TrustedNameSource(IntEnum):
@@ -34,6 +37,8 @@ class TrustedNameSource(IntEnum):
     UD = 0x03
     FN = 0x04
     DNS = 0x05
+    DYN_RESOLVER = 0x06
+    MULTISIG_ADDRESS_BOOK = 0x07
 
 
 class EIP712CalldataParamPresence(IntEnum):
@@ -338,10 +343,10 @@ def set_plugin(self,
                    algo_id: int = 1,
                    sig: Optional[bytes] = None) -> RAPDU:
 
-        # Send ledgerPKI certificate
-        self.pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_PLUGIN_METADATA)
-
         if sig is None:
+            # Send ledgerPKI certificate
+            self.pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_PLUGIN_METADATA)
+
             # Temporarily get a command with an empty signature to extract the payload and
             # compute the signature on it
             tmp = self._cmd_builder.set_plugin(type_,
@@ -375,10 +380,10 @@ def provide_nft_metadata(self,
                              algo_id: int = 1,
                              sig: Optional[bytes] = None) -> RAPDU:
 
-        # Send ledgerPKI certificate
-        self.pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_NFT_METADATA)
-
         if sig is None:
+            # Send ledgerPKI certificate
+            self.pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_NFT_METADATA)
+
             # Temporarily get a command with an empty signature to extract the payload and
             # compute the signature on it
             tmp = self._cmd_builder.provide_nft_information(type_,
@@ -406,10 +411,10 @@ def set_external_plugin(self,
                             method_selelector: bytes,
                             sig: Optional[bytes] = None) -> RAPDU:
 
-        # Send ledgerPKI certificate
-        self.pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_COIN_META)
-
         if sig is None:
+            # Send ledgerPKI certificate
+            self.pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_COIN_META)
+
             # Temporarily get a command with an empty signature to extract the payload and
             # compute the signature on it
             tmp = self._cmd_builder.set_external_plugin(plugin_name, contract_address, method_selelector, bytes())
@@ -434,10 +439,10 @@ def provide_token_metadata(self,
                                chain_id: int,
                                sig: Optional[bytes] = None) -> RAPDU:
 
-        # Send ledgerPKI certificate
-        self.pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_COIN_META)
-
         if sig is None:
+            # Send ledgerPKI certificate
+            self.pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_COIN_META)
+
             # Temporarily get a command with an empty signature to extract the payload and
             # compute the signature on it
             tmp = self._cmd_builder.provide_erc20_token_information(ticker,

diff --git a/client/src/ledger_app_clients/ethereum/status_word.py b/client/src/ledger_app_clients/ethereum/status_word.py
@@ -8,6 +8,7 @@ class StatusWord(IntEnum):
     INSUFFICIENT_MEMORY = 0x6a84
     INVALID_INS = 0x6d00
     INVALID_P1_P2 = 0x6b00
+    COMMAND_NOT_ALLOWED = 0x6980
     CONDITION_NOT_SATISFIED = 0x6985
     REF_DATA_NOT_FOUND = 0x6a88
     EXCEPTION_OVERFLOW = 0x6807

diff --git a/doc/eth_contract_support_embedded.adoc b/doc/eth_contract_support_embedded.adoc
@@ -10,8 +10,8 @@ This document described how a specific device UI for a smart contract can be add
 
 The application already includes dedicated UI support for those specific contract calls :
 
-   * ERC 20 approve(address, uint256) - implementation in *src_features/erc20_approval*
-   * ERC 20 transfer(address, uint256) - implementation in *src_features/signTx*
+   * ERC 20 approve(address, uint256) - implementation in *src/features/erc20_approval*
+   * ERC 20 transfer(address, uint256) - implementation in *src/features/signTx*
 
 ## Requirements
 
@@ -38,6 +38,6 @@ The following online tool can be used to compute selectors https://emn178.github
 
 A UI implementation might want to convert an ERC 20 token contract address to a ticker for easier validation
 
-2 tickers can be temporarily provisioned to the application by using the PROVIDE ERC 20 TOKEN INFORMATION APDU, described in *src_features/provideErc20TokenInformation* - the UI can then iterate on the provisioned tickers to display relevant information to the user
+2 tickers can be temporarily provisioned to the application by using the PROVIDE ERC 20 TOKEN INFORMATION APDU, described in *src/features/provideErc20TokenInformation* - the UI can then iterate on the provisioned tickers to display relevant information to the user
 
 The same mechanism will be extended to support well known contract addresses in the future
diff --git a/doc/ethapp_plugins.adoc b/doc/ethapp_plugins.adoc
@@ -36,7 +36,7 @@ The plugin common dispatcher is found in _src/eth_plugin_handler.c_
 
 The plugin generic UI dispatcher is found in _src/eth_plugin_ui.c_
 
-Sample internal plugins are provided in _src_plugins/_
+Sample internal plugins are provided in _src/plugins/_
 
 ## Creating a plugin
 

diff --git a/ledger_app.toml b/ledger_app.toml
@@ -11,6 +11,8 @@ dbg_use_test_keys = "DEBUG=1 CAL_TEST_KEY=1 TRUSTED_NAME_TEST_KEY=1 SET_PLUGIN_T
 cal_bypass = "BYPASS_SIGNATURES=1"
 dbg_cal_bypass = "DEBUG=1 BYPASS_SIGNATURES=1"
 memory_profiling = "DEBUG=1 EIP7702_TEST_WHITELIST=1 MEMORY_PROFILING=1"
+dbg_no_checks = "DEBUG=1 BYPASS_SIGNATURES=1 CHALLENGE_NO_CHECK=1"
+dbg_no_checks_profiling = "DEBUG=1 BYPASS_SIGNATURES=1 CHALLENGE_NO_CHECK=1 MEMORY_PROFILING=1"
 
 [tests]
 unit_directory = "./tests/unit"

diff --git a/makefile_conf/features.mk b/makefile_conf/features.mk
@@ -6,6 +6,12 @@ ifneq ($(BYPASS_SIGNATURES),0)
     DEFINES += HAVE_BYPASS_SIGNATURES
 endif
 
+# Bypass the challenge verification
+CHALLENGE_NO_CHECK ?= 0
+ifneq ($(CHALLENGE_NO_CHECK),0)
+    DEFINES += HAVE_CHALLENGE_NO_CHECK
+endif
+
 # Enable the SET_PLUGIN test key
 SET_PLUGIN_TEST_KEY ?= 0
 ifneq ($(SET_PLUGIN_TEST_KEY),0)