GrapheneOSMar 25

If apps are required to verify the hardware, operating system and their app for regulatory reasons they should use an approach supporting arbitrary roots of trust and operating systems. Android already has a standard hardware attestation system usable for this.

Android's documentation and sample libraries are biased towards Google by using them as the only valid root of trust and the API is biased towards stock operating systems but it's better than a centralized API.

https://infosec.exchange/@rene_mobile/116286110700616525

Show threadBurger B Burger
@GrapheneOS Why can't we do away with attestation altogether if it is reasonable to assume a locked bootloader means the system is not being tampered with?

I know attestation as a tool of integrity is very powerful (like, Verified Boot is technically attesting that the system has not been tampered with). But, to me, it just looks like remote attestation, the ones used by Android apps in particular has no real world use when all an attacker would need to do to tamper with an app is to grab a sufficiently out of date Android phone that is still supported by the app and just run known exploits on the given phone. Even then, they'd need to unlock the bootloader for whatever malware or tampering software they're running to persist beyond a reboot.
Mar 25 at 3:58amWeb