-
-
Notifications
You must be signed in to change notification settings - Fork 46
/
Copy pathtutorial.html
131 lines (118 loc) · 7.37 KB
/
tutorial.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<!DOCTYPE html>
<html lang="en" prefix="og: https://ogp.me/ns#">
<head>
<meta charset="utf-8"/>
<title>Tutorial | attestation.app</title>
<meta name="description" content="Tutorial on using the Auditor Android app and associated service."/>
<meta name="theme-color" content="#212121"/>
<meta name="color-scheme" content="dark light"/>
<meta name="msapplication-TileColor" content="#ffffff"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<meta name="twitter:site" content="@GrapheneOS"/>
<meta name="twitter:creator" content="@GrapheneOS"/>
<meta property="og:title" content="Auditor tutorial"/>
<meta property="og:description" content="Tutorial on using the Auditor Android app and associated service."/>
<meta property="og:type" content="website"/>
<meta property="og:image" content="https://attestation.app/opengraph.png"/>
<meta property="og:image:width" content="512"/>
<meta property="og:image:height" content="512"/>
<meta property="og:image:alt" content="Auditor logo"/>
<meta property="og:url" content="https://attestation.app/tutorial"/>
<meta property="og:site_name" content="attestation.app"/>
<link rel="canonical" href="https://attestation.app/tutorial"/>
<link rel="icon" href="/favicon.ico"/>
<link rel="icon" sizes="any" type="image/svg+xml" href="/favicon.svg"/>
<link rel="mask-icon" href="/mask-icon.svg" color="#000000"/>
<link rel="apple-touch-icon" href="/apple-touch-icon.png"/>
{{css|/main.css}}
<link rel="manifest" href="/manifest.webmanifest"/>
<link rel="license" href="/LICENSE.txt"/>
</head>
<body>
<header>
<nav id="site-menu">
<ul>
<li><a href="/">Device integrity monitoring</a></li>
<li><a href="/about">About</a></li>
<li aria-current="page"><a href="/tutorial">Tutorial</a></li>
<li><a href="/source">Source</a></li>
<li><a href="/privacy-policy">Privacy policy</a></li>
<li><a href="/donate">Donate</a></li>
<li><a href="/contact">Contact</a></li>
</ul>
</nav>
</header>
<main id="tutorial">
<h1><a href="#tutorial">Tutorial</a></h1>
<section id="installation">
<h2>
<a href="#installation">Installation</a>
</h2>
<p>This app is
<a href="https://play.google.com/store/apps/details?id=app.attestation.auditor.play">available
through the Play Store with the <code>app.attestation.auditor.play</code>
app id</a>. Play Store releases go through review and it usually takes around 1 to
3 days before the Play Store pushes out the update to users. Play Store releases use
Play Signing, so we use a separate app id from the releases we publish ourselves to
avoid conflicts and to distinguish between them.</p>
<p>Releases of the app signed by GrapheneOS with the
<code>app.attestation.auditor</code> app id are published in the GrapheneOS app
repository and on GitHub. These releases are also bundled as part of GrapheneOS.
You can use the <a href="https://github.com/GrapheneOS/Apps/releases">GrapheneOS
app repository client</a> on Android 12 or later for automatic updates.</p>
<p>Releases are initially pushed out through the Alpha channel channel for both
the Play Store and our app repository, then get moved to the Beta channel and
finally the Stable channel.</p>
</section>
<section id="local-verification">
<h2>
<a href="#local-verification">Local verification</a>
</h2>
<p>The device being verified (Auditee) must be one of the supported devices. Android
developer previews aren't supported since the hardware verified version is set to a
placeholder value. The device performing verification (Auditor) just needs to be any
Android 10 or higher device with a camera.</p>
<ol>
<li>press Auditor on the device that will be verifying the Auditee</li>
<li>press Auditee on the device that's going to be verified</li>
<li>point the camera of the Auditee at the QR code on the Auditor to read the challenge</li>
<li>tap the QR code on the Auditor to advance ahead (if you do this too early, you can press back)</li>
<li>point the camera of the Auditor at the QR code on the Auditee to read the attestation</li>
<li>view verification of the attestation results</li>
</ol>
<p>An Auditor can verify any number of different Auditee devices. It shows a
fingerprint and the first / last verification time in successful paired attestation
results. An Auditee can be verified by any number of Auditors but there will be a
different fingerprint for each unique pairing rather than the same fingerprint shown
on each Auditor for the same Auditee.</p>
</section>
<section id="scheduled-remote-verification">
<h2>
<a href="#scheduled-remote-verification">Scheduled remote verification</a>
</h2>
<p>To set up regularly scheduled remote verification via the remote attestation service:</p>
<ol>
<li>create an account on https://attestation.app/ from a separate device</li>
<li>press the 'Enable remote verification' button in the app</li>
<li>scan the account QR code displayed on https://attestation.app/</li>
<li>configure an alert email address to receive alerts if the device fails to provide valid attestations in time</li>
<li>refresh https://attestation.app/ to view the initial attestation result</li>
</ol>
</section>
<section id="expanding-device-support">
<h2>
<a href="#expanding-device-support">Expanding device support</a>
</h2>
<p>Support for verifying a device needs to be added to the app based on at least one
valid key attestation sample from the stock OS with the bootloader locked. The Auditor
app can theoretically support verifying any Android devices launched with Android 8 or
later. An upgrade to Android 8 isn't enough since hardware key attestation support is
required and the minimum requirements only became mandatory with Android 8.</p>
<p>To submit a sample, open the menu from the action bar and select 'Submit sample
data'. This will submit a sample attestation and device information, enabling the
development of support for the device. It may take a few weeks before support is
shipped in a new version of the app.</p>
</section>
</main>
</body>
</html>