security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

document verified boot improvements

Browse Source
This commit is contained in:
Daniel Micay 2023-02-03 10:33:04 -05:00
parent cdb0c5bc45
commit b082f589ad
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
static/features.html
View File

@ -384,12 +384,25 @@
<ul> <ul>
<li>Enhanced <a href="https://source.android.com/docs/security/features/verifiedboot">verified boot</a> <li>Enhanced <a href="https://source.android.com/docs/security/features/verifiedboot">verified boot</a>
with better security properties and reduced attack surface</li> with better security properties and reduced attack surface</li>
<li>GrapheneOS finishes the incomplete implementation of verified boot
for out-of-band updates to packages (APKs) in the OS. We enforce this
by requiring fs-verity metadata signed with a trusted key for system
app updates both at install time and boot time. This provides
continuous verification where every read from an out-of-band APK
update is verified similarly to every read from a firmware, OS image
or APEX update being verified. The signing key and version are
enforced to prevent downgrades or other attacks such as replacing a
package with a variant of the same one from a different GrapheneOS
supported device. We disable the persistent package parsing cache to
prevent bypassing the metadata checks through this otherwise highly
persistent state, which only has a very small negative impact on boot
time from the data not being available from previous boots (typically
less than 1 second).</li>
<li>GrapheneOS closes a loophole where app-based system components <li>GrapheneOS closes a loophole where app-based system components
built as part of the OS can be downgraded to an older version due to built as part of the OS can be downgraded to an older version due to
versionCode not being incremented when system components get updated versionCode not being incremented when system components get updated
as part of changes to the OS. We prevent this for both package updates as part of changes to the OS. We enforce this both at package install
and as part of detecting whether to use out-of-band updates to system time and boot time.</li>
apps at boot.</li>
<li>Enhanced hardware-based attestation with more precise version information</li> <li>Enhanced hardware-based attestation with more precise version information</li>
<li>Hardware-based security verification and monitoring via our <li>Hardware-based security verification and monitoring via our
<a href="#auditor">Auditor app and attestation service</a></li> <a href="#auditor">Auditor app and attestation service</a></li>