document attestation provisioning server

2022-04-01 20:13:55 -04:00 · 2022-04-01 20:13:55 -04:00 · 9b6838eca6
commit 9b6838eca6
parent f627cc0d4d
1 changed files with 13 additions and 0 deletions
--- a/static/faq.html
+++ b/static/faq.html
@ -785,6 +785,19 @@
                            internet access and not being able to delay scheduled jobs depending
                            on internet access until it becomes available.</p>
                        </li>
+                        <li>
+                            <p>Connections are made to a server to provision attestation
+                            certificates for hardware-based attestation. GrapheneOS uses
+                            https://remoteprovisioning.grapheneos.org/ by default which is a
+                            reverse proxy to the https://remoteprovisioning.googleapis.com/
+                            service. Their service splits up the implementation of provisioning to
+                            preserve privacy, and our reverse proxy adds to that since it's unable
+                            to decrypt the provisioned keys.</p>
+
+                            <p>A setting is added at Settings ➔ Network &amp; Internet ➔
+                            Attestation key provisioning for switching to directly using the
+                            Google service if you prefer.</p>
+                        </li>
                        <li>
                            <p>DNS connectivity and functionality tests</p>
                        </li>