Upstate1618
As far as I understand, when you turn on a Graphene phone with AVB enabled and there are no errors, it means that all components from the hardware root of trust to the final Android system are secure and have not been tampered with.
There's cryptographically secure verification of all the firmware, OS images and APEX module updates with downgrade protection. GrapheneOS extends this to system app updates which aren't normally covered by Android Verified Boot. This does not provide any assurance that you're on the latest version of the OS or any way to inspect/verify anything about persistent state.
Checking the verified boot key fingerprint shown at boot after the initial installation is useful to bootstrap trust without trusting the computer you used for the installation. After that point, you can rely on the fact that it can't be changed without unlocking via physical access which requires wiping data.
Doesn't this guarantee that the data sent by the auditee remains unchanged?
If you try Auditor, you'll see it provides far more than verification of the verified boot key.
So, what is the necessity of periodically checking the system for security with the Auditor app?
It provides hardware-based monitoring of what's installed on the device including the patch level along with checking persistent state. It also provides assurance that it's the same device.
Is it possible that the result changes when you can still successfully launche your phone?
The data it obtains / verifies is different every time. The verified boot key can't be changed without unlocking or the device wouldn't boot and wouldn't be able to access the hardware-backed keys. You're misunderstanding Auditor as being only a way to check the verified boot key fingerprint, which is useful but just a part of what it provides.
Also, since grapheneos on the same model(eg Pixel 7) have identical boot sequence, doesn't this mean they also share the same data for measurement? Let's call that standard data. Why don't Auditor just compare actual data with the standard data? Why auditor uses tofu model even on Pixel running Graphene?
No. You seem to be confusing what it provides with TPM-based attestation in the desktop world. Please read the documentation we provide on Auditor and try using both local and remote attestation. You'll see the hardware-verified info and software-verified info that it provides in the output in 2 sections. You'll see it provides much more than you seem to think. For example, it allows you to know which OS version you're running without trusting the UI in the OS via the hardware provided patch levels and verified boot hash.