I added a section on verifying the installation with Auditor to the install guide:
grapheneos.org/install#verify
The main use case for Auditor is the strong paired verification. However, the initial verification has some value and avoids complete trust in the computer used to flash.
Conversation
If you're installing for someone else and mailing the device, you can pair with their instance of Auditor by receiving a challenge QR code screenshot from them and sending back the attestation QR code. When they receive the device, they can perform a strong paired verification.
Replying to
You can also set an initial lock passphrase as part of securing something like that. When they receive the device, they should factory reset it after they perform verification. It's still possible for tampering to occur, but the hardware-based security features provide barriers.
1
