Passkeys not supported

Blzzrd

Passkeys do not work on GrapheneOS. I tested several sites and all of them failed.

One of them showed a error log:
Failed!
Error: registration failed: android-safetynet attestation: ctsProfileMatch: the device is not compatible

I have Sandboxed Play Services and the Play Store installed.
Since Passkeys are the future and better than Passwords, is there a way around Play Services / a own implementation of Graphene?

r3g_5z

ctsProfileMatch is a "Google certified OS" check, or in other words just a stock OS check because we're not Google certified. This is purely a software-based check. SafetyNet is also deprecated and replaced with Play Integrity API. They have their own software-based checks too such as green state verified boot (we're yellow state because we're not stock OS unless we had our own hardware vendor).

We plan to spoof these software checks so we can pass ctsProfileMatch / MEETS_DEVICE_INTEGRITY (https://github.com/GrapheneOS/os-issue-tracker/issues/1986) but it has to be done carefully, safely, and without compromising security. It's also going to be very fragile and the user will be made aware that Google at any time can and will break these bypasses because they are actively trying to prevent people from bypassing it. It's possible their changes can break apps even more.