security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Add ability to remove non-stock key via WebUSB.

Browse Source
This commit is contained in:
flawedworld 2021-03-01 19:55:57 +00:00 committed by Daniel Micay
parent 780f47e61e
commit 3e44e17ea8
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
static/install/web.html
View File

@ -28,7 +28,7 @@
<link rel="license" href="/LICENSE.txt"/> <link rel="license" href="/LICENSE.txt"/>
<script type="module" src="/js/redirect.js?9"></script> <script type="module" src="/js/redirect.js?9"></script>
<script type="module" src="/js/fastboot/dist/fastboot.min.mjs?7"></script> <script type="module" src="/js/fastboot/dist/fastboot.min.mjs?7"></script>
<script type="module" src="/js/web-install.js?12"></script> <script type="module" src="/js/web-install.js?13"></script>
</head> </head>
<body> <body>
<header> <header>
@ -80,6 +80,7 @@
<li><a href="#booting">Booting</a></li> <li><a href="#booting">Booting</a></li>
<li><a href="#disabling-oem-unlocking">Disabling OEM unlocking</a></li> <li><a href="#disabling-oem-unlocking">Disabling OEM unlocking</a></li>
<li><a href="#verifying-installation">Verifying installation</a></li> <li><a href="#verifying-installation">Verifying installation</a></li>
<li><a href="#replacing-grapheneos-with-the-stock-os">Replacing GrapheneOS with the stock OS</a></li>
<li><a href="#further-information">Further information</a></li> <li><a href="#further-information">Further information</a></li>
</ul> </ul>
</li> </li>
@ -333,6 +334,23 @@
also consider setting up the optional remote attestation service.</p> also consider setting up the optional remote attestation service.</p>
</section> </section>
<section id="replacing-grapheneos-with-the-stock-os">
<h3><a href="#replacing-grapheneos-with-the-stock-os">Replacing GrapheneOS with the stock OS</a></h3>
<p>Installation of the stock OS via the stock factory images is the same process
described above. However, before locking, there's an additional step to fully revert
the device to a clean factory state.</p>
<p>The GrapheneOS factory images flash a non-stock Android Verified Boot key which
needs to be erased to fully revert back to a stock device state. After flashing the
stock factory images and before locking the bootloader, you should erase the custom
Android Verified Boot key to untrust it:</p>
<button id="remove-custom-key-button" disabled="disabled">Remove non-stock key</button>
<p><strong id="remove-custom-key-status"></strong></p>
</section>
<section id="further-information"> <section id="further-information">
<h3><a href="#further-information">Further information</a></h3> <h3><a href="#further-information">Further information</a></h3>

14
static/js/web-install.js
View File

@ -207,6 +207,19 @@ async function flashRelease(setProgress) {
return `Flashed ${latestZip} to device.`; return `Flashed ${latestZip} to device.`;
} }
async function eraseNonStockKey(setProgress) {
await ensureConnected(setProgress);
setProgress("Erasing key...");
try {
await device.runCommand("erase:avb_custom_key");
} catch (error) {
console.log(error);
throw error;
}
return "Key erased.";
}
async function lockBootloader(setProgress) { async function lockBootloader(setProgress) {
await ensureConnected(setProgress); await ensureConnected(setProgress);
@ -281,6 +294,7 @@ if ("usb" in navigator) {
addButtonHook("download-release", downloadRelease); addButtonHook("download-release", downloadRelease);
addButtonHook("flash-release", flashRelease); addButtonHook("flash-release", flashRelease);
addButtonHook("lock-bootloader", lockBootloader); addButtonHook("lock-bootloader", lockBootloader);
addButtonHook("remove-custom-key", eraseNonStockKey);
} else { } else {
console.log("WebUSB unavailable"); console.log("WebUSB unavailable");
} }