Hardware attestation verifies that the phone and the OS its running on are real and not an emulator or a fake malware laced version.
No, it verifies that the phone is running an approved OS. If the app developer does not add your OS’ keys it will fail. This included GrapheneOS.
We have been web banking for decades on platforms without hardware attestation. The potential for anti-competitiveness abuse is not worth it.
It also does not protect the user. If your system is actually compromised they can simply replace the app, not allow it to run etc. I don’t see how it protects the user if they chose to run an emulator, what exactly is the threat to the user there?
Where did I say a malware injected GrapheneOS image will pass hardware attestation?
The problem is that an unmodified GrapheneOS image may also not pass hardware attestation if the app developer has not whitelisted GrapheneOS’s key.
Also I hope GrapheneOS would simply inform the user or refuse to boot if the image does not pass attestation. In that case an app itself requiring attestation, based on it’s own list of accepted keys, has no security value, only gatekeeping potential.
No, it verifies that the phone is running an approved OS. If the app developer does not add your OS’ keys it will fail. This included GrapheneOS.
We have been web banking for decades on platforms without hardware attestation. The potential for anti-competitiveness abuse is not worth it.
It also does not protect the user. If your system is actually compromised they can simply replace the app, not allow it to run etc. I don’t see how it protects the user if they chose to run an emulator, what exactly is the threat to the user there?
If someone injects malware into your GrapheneOS image then the attestation won’t pass. That is how it works.
Where did I say a malware injected GrapheneOS image will pass hardware attestation?
The problem is that an unmodified GrapheneOS image may also not pass hardware attestation if the app developer has not whitelisted GrapheneOS’s key.
Also I hope GrapheneOS would simply inform the user or refuse to boot if the image does not pass attestation. In that case an app itself requiring attestation, based on it’s own list of accepted keys, has no security value, only gatekeeping potential.