GrapheneOS on Nostr: For 1st Auditor verification, it verifies attestation based on the root of trust ...
For 1st Auditor verification, it verifies attestation based on the root of trust which isn't particularly high security. Afterwards, it verifies based on pinned signing chain. On Pixel 6 and later this signing chain has a per-pairing HSM key instead of per batch of 100k+ devices.
Published at
2023-05-11 15:46:31Event JSON
{
"id": "39dec722ee00804a8c9ed6dc1f600c308e849937c555949a6b89c7457a68bdf8",
"pubkey": "5468bceeb74ce35cb4173dcc9974bddac9e894a74bf3d44f9ca8b7554605c9ed",
"created_at": 1683819991,
"kind": 1,
"tags": [
[
"e",
"a12dda171d34a040e1162f5c029ccaec67b007561608cd678ee8ad19490f3db8",
"wss://relay.mostr.pub",
"reply"
],
[
"mostr",
"https://grapheneos.social/users/GrapheneOS/statuses/110350826942794103"
]
],
"content": "For 1st Auditor verification, it verifies attestation based on the root of trust which isn't particularly high security. Afterwards, it verifies based on pinned signing chain. On Pixel 6 and later this signing chain has a per-pairing HSM key instead of per batch of 100k+ devices.",
"sig": "2a71eb607976c16b76bcd4921024248c5a9bec4298287c4688267ad033c1f1d8807e76296e430c6fc6e9ee165b66fe6689952939b4b7ae7b132a6e6519b3eb1c"
}
