| ▲ | marmarama 2 hours ago | |
Your "development build" is another person's daily driver. Case in point: GrapheneOS (or any other custom Android distro) is unlikely to be able to ever pass remote attestation, even a signed, secure boot build with the bootloader relocked, because it's not the original OS for the hardware. Same goes for any desktop Linux. | ||
| ▲ | inigyou 27 minutes ago | parent [-] | |
GrapheneOS implements its own attestation so you can attest that it's real GrapheneOS. The valid approach they've chosen is to try and get on a level playing field with the big guys rather than destroy the playing field. They have a good argument their OS is very secure, so you should accept its attestation. This is how a user-friendly OS backdoors into the attestation system. I still think destroying the playing field is better, but less likely to succeed. | ||