note about new devices/keys for attestation

2021-09-08 03:09:28 -04:00 · 2021-09-08 03:09:28 -04:00 · dc41139022
commit dc41139022
parent 60d2b72fec
1 changed files with 3 additions and 0 deletions
--- a/static/articles/attestation-compatibility-guide.html
+++ b/static/articles/attestation-compatibility-guide.html
@ -96,6 +96,9 @@
            key is in the permitted set when <code>verifiedBootState</code> is
            <code>SelfSigned</code>.</p>

+            <p>GrapheneOS regularly adds support for new devices so you should have a process for
+            regularly adding the new verified boot key fingerprints from this page.</p>
+
            <p>The hardware attestation API also provides other useful information signed by the
            hardware including the OS patch level, in a way that even an attacker exploiting the
            OS after boot to gain root cannot trivially bypass. It's a better feature than the