Changes since the 0.1-alpha release.
Very early preview of the Copperhead Attestation app for auditing a stock or CopperheadOS Pixel 2 / Pixel 2 XL from another device, building on the bootloader / Trusted Execution Environment verified boot and remote attestation capabilities. The app signing key will likely be replaced before a stable release is made so it'll need to be uninstalled / reinstalled at some point.
The device being verified (Auditee) must be a Pixel 2 or Pixel 2 XL. The device performing verification (Auditor) just needs to be an Android device meeting the minSdkVersion requirement (currently 25).
The Auditee will fail verification if it isn't running the stock OS or official releases of CopperheadOS with the bootloader locked and no modifications to the OS. It relies on the bootloader and Trusted Execution Environment to provide a signed result of the verified boot state so the OS can't simply provide fake results.
The verification becomes much better after the initial pairing between the Auditee and Auditor. The Auditor pins the certificate chain for the attestation results rather than relying on the Pixel 2 (XL) intermediate + Google root and also verifies the attestation message from the Auditee with the public key from the initial key pair that was attested to be hardware-backed.
Usage instructions:
- press Auditor on the device that will be verifying the Auditee
- press Auditee on the Pixel 2 or Pixel 2 XL that's going to be verified
- point the camera of the Auditee at the QR code on the Auditor to read the challenge
- tap the QR code on the Auditor to advance ahead (if you do this too early, you can press back)
- point the camera of the Auditor at the QR code on the Auditee to read the attestation
- view verification of the attestation results
It currently uses the zxing barcode scanning library, which uses the external zxing app for scanning. This will be switched to bundling the zxing code both to avoid an external app and to allow more customization.
An Auditor can verify any number of different Auditee devices. It shows a fingerprint and the first / last verification time in successful paired attestation results. On the other hand, the Auditee can only pair with a single Auditor and the failure case where pairing was interrupted is a bit annoying. This is an issue because the key attestation API doesn't provide an API for generating fresh attestation results. We'll try to improve the usability in the future but to some extent we're constrained so there will be some kind of (less annoying) usability compromise to work around the lack of an API to get fresh attestation results for an existing key instead of a new key:
The first time the Auditee generates attestation results, it generates a persistent key and treats itself as paired. If you don't scan the initial attestation results from the Auditor, the Auditee won't know that pairing didn't happen and you'll need to clear the app data on the Auditee either via Settings -> Apps -> Attestation -> Storage -> Clear data or by uninstalling and reinstalling it. Similarly, the same thing needs to be done on the Auditee if you want to switch to a new Auditor. Clearing the data on the Auditor makes it a new Auditor.