My Auditor app can be expanded to verifying any device launched with Android 8+ once someone submits sample data from that device with the bootloader still locked. Install the app (via play.google.com/store/apps/det or github.com/AndroidHardeni) and press 'Submit sample data' in the menu.
Conversation
Replying to
To what extend can an app guarantee a state of the system when the underlying integrity is not verifiable?
How do you know a sample is genuine (1) and (2) even if it is, we take the report from a system difficult to verify even if AOSP.
I am really glad you cont. working on this
1
1
1
Replying to
See the documentation: attestation.app/about. The system is verifiable via hardware support for attestation and verified boot. The main thing needed from the samples is the verified boot key fingerprint to distinguish devices from each other, which is part of key attestation.
2
1
2
Replying to
Well, yes, exactlywhy I was asking.
Aside the device bootloader identify, is anything else really verifiable?
Maybe better phrased the question.
1
1
Replying to
There's verified boot for the entire operating system and information about it is surfaced via the key attestation feature. It provides a signed public key certificate for the key including verified boot state + fingerprint and versions of the boot, system and vendor images.
1
1
An attacker could exploit the OS after it boots or could exploit the verified boot process itself but they can't forge this information without exploiting the bootloader or TEE. An important part of what this provides is verification of device identity too, not just integrity.
1
1
For example, consider an attacker compromising the OS after each boot and blocking updates to prevent fixing the vulnerabilities. Attestation will uncover the problem by showing that the OS is not truly being updated, even if the attacker tries to hide that information in the OS.
2
1
1
Replying to
Yes, this notion is one I seek too, but deriving only the key chain and confirming the identity of the device is one thing. Saying device integrity is intact because the bootloader is genuine is not quite true, especially with hidden TEE.
1
Replying to
The authenticity and integrity of firmware and the OS is verified, not only the bootloader stages. The hardware-backed keystore receives information about the software being verified from the earlier boot stages and incorporates it into the key attestation information.
It isn't an incomplete implementation. It has room for improvement in terms of attack surface reduction / other hardening, finer grained pairing for key attestation and additional measurements conveyed via key attestation. It isn't missing anything essential to it working though.
1
Replying to
Verified by the hidden TEE ?
In best case scenario.
I am talking about the specifics of Android here, not about Attestation.
Attestation is key to trust, broadly speaking.
1
Replying to
Each boot stage verifies the next set of boot stages, chaining from the hardware root of trust all the way to the OS partitions (vbmeta, boot, dtbo, system, vendor), radio firmware, etc.
I don't know what you mean by "hidden" TEE and the TEE isn't a boot stage leading to the OS.
1
1
1
Show replies