Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/grapheneos-archive/attestationsamples

A small subset of the submitted sample data from https://github.com/GrapheneOS/Auditor. It has a sample attestation certificate chain per device model (ro.product.model) along with a subset of the system properties from the sample as supplementary information.
https://github.com/grapheneos-archive/attestationsamples

android attestation authenticity cryptography hsm integrity remote-attestation secure-boot secureboot security strongbox verifiedboot

Last synced: about 2 hours ago
JSON representation

Host: GitHub
URL: https://github.com/grapheneos-archive/attestationsamples
Owner: GrapheneOS-Archive
License: cc0-1.0
Archived: true
Created: 2018-04-07T14:01:02.000Z (over 6 years ago)
Default Branch: main
Last Pushed: 2022-07-28T07:27:38.000Z (over 2 years ago)
Last Synced: 2024-11-15T18:14:38.656Z (about 2 hours ago)
Topics: android, attestation, authenticity, cryptography, hsm, integrity, remote-attestation, secure-boot, secureboot, security, strongbox, verifiedboot
Language: Shell
Homepage: https://attestation.app/
Size: 443 KB
Stars: 33
Watchers: 8
Forks: 23
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

This repository contains sample Android key attestation certificate chains in
directories named after the `ro.product.model` value for the devices where they
were generated.

Each of these is a valid certificate chain up to the key attestation root. The
devices are running the stock OS with the bootloader locked and verified boot
enforcing integrity, which can be confirmed from the [metadata in the initial
attestation
certificate](https://developer.android.com/training/articles/security-key-attestation.html#certificate_schema).

The challenge string is set to `sample` (UTF-8 encoded) rather than the usual
random challenge. These are collected with the [Auditor
app](https://github.com/AndroidHardening/Auditor) so the app id in the
certificate is app.attestation.auditor and the fingerprint is for the release
signing key. Older samples are marked with an empty LEGACY file in the
directory and use a legacy app id and signing key. The legacy H3113 sample is
even older and predates the sample gathering code in the Auditor app. It was
generated using ad hoc code in a debug build so it has a different key, random
32 byte challenge string and quick expiry date.

The collection of data published here is public domain / CC0 licensed and is
crowdsourced.

## Contributing

This project and the apps / services using it depend on data submissions being
made from a variety of Android devices.

To help out by contributing data, you'll need any Android device launched with
Android 8.0 or later. A device upgraded to Android 8.0 from an earlier version
isn't enough. Data submitted from devices running an aftermarket OS is okay but
we need at least one submission from a device variant where the device has the
stock OS and the bootloader locked. It's easy to tell if the device is running
the stock OS from the certificate chain so there's no harm in submissions where
the OS has been modified.

To submit data, install [the Auditor
app](https://github.com/AndroidHardening/Auditor/releases) (which is available free
for non-commercial usage on GitHub), press the menu button in the action bar
and press 'Submit sample data' which will submit a sample certificate chain and
system properties accessible to the app to https://attestation.app/.
The system properties will only be published in a heavily filtered form without
properties that aren't constant across devices of that model.