Daniel Micay on Twitter: "This is where Auditor decides if it should use StrongBox: https://t.co/PNcrTqKTBZ It relies on certificates now having title=StrongBox or title=TEE since that's easier to check to quickly differentiate them rather than parsing the attestation extension: https://t.co/vanuGUmohc" / Twitter

Auditor is finally going to be using the StrongBox Keymaster by default for new pairings: github.com/GrapheneOS/Aud Existing pairings will continue using the traditional TEE-based keymaster for compatibility due to verified boot key fingerprint and certificate chain pinning.

github.com

prefer StrongBox keys · GrapheneOS/Auditor@32c452e

1

3

Daniel Micay

@DanielMicay

This is where Auditor decides if it should use StrongBox: github.com/GrapheneOS/Aud It relies on certificates now having title=StrongBox or title=TEE since that's easier to check to quickly differentiate them rather than parsing the attestation extension:

source.android.com

Key and ID Attestation | Android Open Source Project

10:22 PM · May 18, 2019Twitter Web Client

Replying to

Here's an example of a Pixel 3 XL with GrapheneOS paired with my account on the attestation.app device monitoring service using keys in StrongBox. Auditor and AttestationServer have a very solid foundation and are steadily getting better. Going to improve the UX a lot.

1

3

Conversation