| ▲ | hmlwilliams 5 hours ago | |||||||
As outlined here: https://grapheneos.org/articles/attestation-compatibility-gu..., GrapheneOS isn't implementing something unique, it's implementing Android Hardware Attestation: https://developer.android.com/privacy-and-security/security-... | ||||||||
| ▲ | Retr0id 5 hours ago | parent [-] | |||||||
Android Key Attestation produces attestations that are signed with a certificate chain rooted in the hardware vendor's CA. If you use Key Attestation on GrapheneOS on a Pixel device for example, it attests that you're using GrapheneOS's AVB keys, but that attestation is still signed by a Google certificate chain. "Adding support for GrapheneOS" means allowlisting their AVB keys specifically, it does not open a door for 3rd party implementations in general. If you run GrapheneOS on a different device of your choosing, attestation would fail. If you run a non-GrapheneOS custom ROM of your choosing, attestation would fail. | ||||||||
| ||||||||