nandohyphen1
will Auditor only verify GrapheneOS phones, or can it verify a regular, stock Android phone? I know a stock Android phone can be used to verify a GrapheneOS phone, but I wonder if it would work the other way around?
If I understand it correctly, it should work on stock Android (and other alternative OS as well - the hurdle here seems to be lack of supporting full verified boot and the fact that most devices don't support using verified boot with custom key). See:
Any device with Android 13 or higher can run the Auditor app and use it to verify other devices. However, only devices launched with Android 8.0 or later have the necessary hardware support for being verified. Each device model also needs to be explicitly integrated into the app. The following devices are currently supported by the most recent stable release:
Google Pixel 4
Google Pixel 4 XL
Google Pixel 4a
Google Pixel 4a (5G)
Google Pixel 5
Google Pixel 5a
Google Pixel 6
Google Pixel 6 Pro
Google Pixel 6a
Google Pixel 7
Google Pixel 7 Pro
Google Pixel 7a
Google Pixel Tablet
Google Pixel Fold
Google Pixel 8
Google Pixel 8 Pro
Google Pixel 8a
Google Pixel 9
Google Pixel 9 Pro
Google Pixel 9 Pro XL
Google Pixel 9 Pro Fold
Google Pixel 9a
Google Pixel 10
Google Pixel 10 Pro
Google Pixel 10 Pro XL
Google Pixel 10 Pro Fold
[...]
The Auditor app also has support for verifying alternative operating systems on devices supporting it. It can verify GrapheneOS running on the following devices:
[...]
Alternative operating systems need their verified boot key included in the Auditor app and Attestation Server. The app and service display the name of the operating system being verified on the device. Unfortunately, most alternative operating systems lack support for full verified boot and most devices don't support using verified boot with a custom key. The app also depends on the OS preserving the core security model for extensions beyond the baseline hardware-based attestation support.
source: https://attestation.app/about#device-support