security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

split long paragraph about Auditor

Browse Source
This commit is contained in:
Daniel Micay 2021-01-29 17:08:21 -05:00
parent f97eba21b9
commit 81b8231133
2 changed files with 26 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
static/install/cli.html
View File

@ -473,16 +473,19 @@ curl -O https://releases.grapheneos.org/sunfish-factory-2021.01.23.03.zip.sig</p
OS was compromised, leading to flashing a malicious verified boot public key and OS was compromised, leading to flashing a malicious verified boot public key and
images. To detect this kind of attack, you can use the Auditor app included in images. To detect this kind of attack, you can use the Auditor app included in
GrapheneOS in the Auditee mode and verify it with another Android device in the GrapheneOS in the Auditee mode and verify it with another Android device in the
Auditor mode. The Auditor app works best once it's already paired with a device and Auditor mode.</p>
has pinned a persistent hardware-backed key and the attestation certificate chain.
However, it can still provide a bit of security for the initial verification via the <p>The Auditor app works best once it's already paired with a device and has
attestation root. Ideally, you should also do this before connecting the device to the pinned a persistent hardware-backed key and the attestation certificate chain.
network, so an attacker can't proxy to another device (which stops being possible However, it can still provide a bit of security for the initial verification
after the initial verification). Further protection against proxying the initial via the attestation root. Ideally, you should also do this before connecting
pairing will be provided in the future via optional support for ID attestation to the device to the network, so an attacker can't proxy to another device (which
include the serial number in the hardware verified information to allow checking stops being possible after the initial verification). Further protection
against the one on the box / displayed in the bootloader. See the against proxying the initial pairing will be provided in the future via
<a href="https://attestation.app/tutorial">Auditor tutorial</a> for a guide.</p> optional support for ID attestation to include the serial number in the
hardware verified information to allow checking against the one on the box /
displayed in the bootloader. See the <a href="https://attestation.app/tutorial">Auditor tutorial</a>
for a guide.</p>
<p>After the initial verification, which results in pairing, performing verification <p>After the initial verification, which results in pairing, performing verification
against between the same Auditor and Auditee (as long as the app data hasn't been against between the same Auditor and Auditee (as long as the app data hasn't been

23
static/install/web.html
View File

@ -229,16 +229,19 @@
OS was compromised, leading to flashing a malicious verified boot public key and OS was compromised, leading to flashing a malicious verified boot public key and
images. To detect this kind of attack, you can use the Auditor app included in images. To detect this kind of attack, you can use the Auditor app included in
GrapheneOS in the Auditee mode and verify it with another Android device in the GrapheneOS in the Auditee mode and verify it with another Android device in the
Auditor mode. The Auditor app works best once it's already paired with a device and Auditor mode.</p>
has pinned a persistent hardware-backed key and the attestation certificate chain.
However, it can still provide a bit of security for the initial verification via the <p>The Auditor app works best once it's already paired with a device and has
attestation root. Ideally, you should also do this before connecting the device to the pinned a persistent hardware-backed key and the attestation certificate chain.
network, so an attacker can't proxy to another device (which stops being possible However, it can still provide a bit of security for the initial verification
after the initial verification). Further protection against proxying the initial via the attestation root. Ideally, you should also do this before connecting
pairing will be provided in the future via optional support for ID attestation to the device to the network, so an attacker can't proxy to another device (which
include the serial number in the hardware verified information to allow checking stops being possible after the initial verification). Further protection
against the one on the box / displayed in the bootloader. See the against proxying the initial pairing will be provided in the future via
<a href="https://attestation.app/tutorial">Auditor tutorial</a> for a guide.</p> optional support for ID attestation to include the serial number in the
hardware verified information to allow checking against the one on the box /
displayed in the bootloader. See the <a href="https://attestation.app/tutorial">Auditor tutorial</a>
for a guide.</p>
<p>After the initial verification, which results in pairing, performing verification <p>After the initial verification, which results in pairing, performing verification
against between the same Auditor and Auditee (as long as the app data hasn't been against between the same Auditor and Auditee (as long as the app data hasn't been