Changes since the 0.2-alpha release.
Very early preview of the Copperhead Attestation app for auditing a stock or CopperheadOS Pixel 2 / Pixel 2 XL from another device, building on the bootloader / Trusted Execution Environment verified boot and remote attestation capabilities. The app signing key will likely be replaced before a stable release is made so it'll need to be uninstalled / reinstalled at some point.
The device being verified (Auditee) must be a Pixel 2 or Pixel 2 XL. The device performing verification (Auditor) just needs to be an Android device meeting the minSdkVersion requirement (currently 25).
The Auditee will fail verification if it isn't running the stock OS or official releases of CopperheadOS with the bootloader locked and no modifications to the OS. It relies on the bootloader and Trusted Execution Environment to provide a signed result of the verified boot state so the OS can't simply provide fake results.
The verification becomes much better after the initial pairing between the Auditee and Auditor. The Auditor pins the certificate chain for the attestation results rather than relying on the Pixel 2 (XL) intermediate + Google root and also verifies the attestation message from the Auditee with the public key from the initial key pair that was attested to be hardware-backed.
Usage instructions:
- press Auditor on the device that will be verifying the Auditee
- press Auditee on the Pixel 2 or Pixel 2 XL that's going to be verified
- point the camera of the Auditee at the QR code on the Auditor to read the challenge
- tap the QR code on the Auditor to advance ahead (if you do this too early, you can press back)
- point the camera of the Auditor at the QR code on the Auditee to read the attestation
- view verification of the attestation results
It currently uses the zxing barcode scanning library, which uses the external zxing app for scanning. This will be switched to bundling the zxing code both to avoid an external app and to allow more customization.
An Auditor can verify any number of different Auditee devices. It shows a fingerprint and the first / last verification time in successful paired attestation results. An Auditee can be verified by any number of Auditors but there will be a different fingerprint for each unique pairing rather than the same fingerprint shown on each Auditor for the same Auditee.
There are significant security improvements possible but they require more functionality exposed by the Trusted Execution Environment. It would need to be standardized by Google for inclusion across Android devices, and we'll be bringing up our ideas with them. It's quite useful already but it should get better in the future.