https://forum.xda-developers.com/apps/magisk/beta-magisk-v13-0-0980cb6-t3618589/post72666791#post72666791 … "Since Magisk is running as root but the SafetyNet checks are not" say hello to TrustZone-based remote attestation.
-
-
Replying to @CopperheadOS
SafetyNet is essentially a partially implemented joke right now, but it's crystal clear that they're headed towards real remote attestation.
1 reply 2 retweets 7 likes -
Replying to @CopperheadOS
Step one implementation would be TrustZone app receiving nonce and providing signed result with device id + nonce + boot verification state.
1 reply 2 retweets 6 likes -
Replying to @CopperheadOS
Google service provides a nonce, and then looks up the public key for the provisioned device key via the device id to verify the result.
4 replies 1 retweet 5 likes -
Replying to @CopperheadOS
SafetyNet is a stepping stone to remote attestation. It's wrong to assume the current state is more than a stub impl to get API adoption.
2 replies 10 retweets 29 likes -
Replying to @CopperheadOS
what do they plan to use remote attestation for? DRM?
2 replies 0 retweets 2 likes -
Replying to @whitequark @CopperheadOS
Whatever user-hostile crap service providers think up...
2 replies 0 retweets 0 likes
The promoted "non-malicious" use is things like banking apps checking that the device isn't compromised.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.