What prevents adversaries from flashing a fake boot key during flashing?

presumesocial

In the installation page, it says two things:

Even if the computer you used to flash GrapheneOS was compromised and an attacker replaced GrapheneOS with their own malicious OS, it can be detected with these features.

Installing GrapheneOS flashes the GrapheneOS verified boot public key to the secure element.

What I wonder is why isn't it possible for a compromised OS which is used for flashing, to give a false boot key together with the malicious OS?

I trust you that it's not not possible because you have clearly stated that it's safe to use a compromised computer to flash GrapheneOS to a pixel phone. Safe because it would be detected if it was a malicious OS.

But I would just like to learn what is stopping adversaries from doing placing their own boot key in the secure element during the flashing.

Johnnyloans

presumesocial

We will know via the key hash or hardware attestation.

These 2 topics are mentioned here under verifying the install:
https://grapheneos.org/install/web#verifying-installation

MyIdentityIsntImportant

presumesocial But I would just like to learn what is stopping adversaries from doing placing their own boot key in the secure element during the flashing.

The answer would be both you and mathematics.

After you have done the installation and have rebooted your device, the next step is to verify the hash/fingerprint of the installed key printed out by the bootloader. If the key matches the listed release key for your chosen device, then you're good. If it doesn't, you know you have a tampered install.

Hope this helps!

presumesocial

Oh that makes sense, so simple and effective.
As you can tell I'm not familiar or experienced with phones.
But I'm starting to understand now why so many here prefer GrapheneOS over OS made for PC.

I have done a bit of learning about bootguard before.
It has two modes: verified boot and measured boot.
The problem is almost all laptops that have verified boot means it's not possible to unlock it and put in a boot key for a custom OS. Verified boot means it's locked permanently with what the OEM put there.
this page explains more if you want to learn: http://tech.michaelahgu3sqef5yz3u242nok2uczduq5oxqfkwq646tvjhdnl35id.onion/2023/02/16/evil-maid-heads-pureboot/

But as I learn now, verified boot in Android can be unlocked by users and that makes it very secure to flash GrapheneOS and take advantage of verified boot. That's not something you can do with laptops. On laptops you have to use TPM instead.