Pixel 6 verified boot key hash mismatch

Eeb11f8d4 · 2025-03-27T19:39:52+00:00

my verified boot key hash do not match with this here:
https://grapheneos.org/install/web#verified-boot-key-hash

my data from Auditor App:

Hardware verified information:
Pairing identity (hash of pinned hardware-backed key): 9970-8707-C949-2413-CC94-04BC-BA3E-2DB8-8ED9-849F-1755-80EE-6343-C270-6795-CCDF
Pinned security level: High — StrongBox Hardware Security Module (HSM) with pairing specific attest key
Pinned device: Google Pixel 6
Pinned OS: Stock (unmodified official release)
Pinned OS version: 14.0.0
Pinned OS patch level: 2024-08
Pinned vendor patch level: 2024-08-05
Pinned boot patch level: 2024-08-05
Pinned verified boot key hash: 0F6E75C80183B5DEC074B0054D4271E99389EBE4B136B0819DE1F150BA0FF9D7
Verified boot hash: 42C41007E989FB18EB7B96D3A774AC9BF74625C3526F89319059A2BA8807EBA6
Information provided by the verified OS:
Pinned Auditor app version: 87
Pinned Auditor app variant: Release build signed by GrapheneOS
User profile secure: no
Enrolled biometrics: no
Accessibility service(s) enabled: no
Device administrator(s) enabled: no
Android Debug Bridge enabled: no
Add users from lock screen: no
OEM unlocking allowed: no
Main user account: yes

is my pixel phone compromised?

DDumdum · 2025-03-27T19:57:28+00:00

eb11f8d4 Pinned OS: Stock (unmodified official release)

This isn't GrapheneOS. Are you actually on GOS? Did you set up the Auditor app correctly?

raccoondad · 2025-03-27T22:02:40+00:00

eb11f8d4 No, this is the correct key...for the google stock OS: https://developers.google.com/android/binary_transparency/image_info.txt

You are not on GrapheneOS

Eeb11f8d4 · 2025-03-29T16:34:21+00:00

Dumdum Yes. It is not GrapheneOS.
Okay. The Verified boot key hash from https://grapheneos.org/install/web#verified-boot-key-hash are for GrapheneOS installations. Right?

matchboxbananasynergy · 2025-03-29T16:35:55+00:00

eb11f8d4 Yes.

Eeb11f8d4 · 2025-03-29T16:37:07+00:00

raccoondad thx for the link.

But on https://developers.google.com/android/binary_transparency/image_info.txt I found only the boot hash for my system:

415
google/oriole/oriole:14/AP2A.240805.005.F1/12043167:user/release-keys
42c41007e989fb18eb7b96d3a774ac9bf74625c3526f89319059a2ba8807eba6

But where can i find the verified boot key hash?

raccoondad · 2025-03-29T17:17:09+00:00

eb11f8d4 it seems to be described here:

https://github.com/GrapheneOS/AttestationServer/blob/main/src/main/java/app/attestation/server/AttestationProtocol.java

"DEVICE_PIXEL_6, 100, 100, false, true, OS_STOCK"

Eeb11f8d4 · 2025-03-30T15:18:09+00:00

raccoondad thx! That is awesome! best man! now all the questions are answered