GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → GrapheneOS → AttestationSamples

GrapheneOS / AttestationSamples

Licence: CC0-1.0 license
A small subset of the submitted sample data from https://github.com/GrapheneOS/Auditor. It has a sample attestation certificate chain per device model (ro.product.model) along with a subset of the system properties from the sample as supplementary information.

Programming Languages

shell
77523 projects

Labels

androidsecuritycryptographyintegrityhsmsecure-bootauthenticityattestationverifiedbootremote-attestationsecurebootstrongbox

Projects that are alternatives of or similar to AttestationSamples

AttestationServer
Server code for use with the Auditor app: https://github.com/GrapheneOS/Auditor. It provides two services: submission of attestation data samples and a remote attestation implementation with email alerts to go along with the local implementation based on QR code scanning in the app.
Stars: ✭ 64 (+156%)
Mutual labels:  integrity, hsm, secure-boot, authenticity, attestation, verifiedboot, remote-attestation, secureboot, strongbox
libkeccak
[Basically feature complete] Keccak-family hashing library
Stars: ✭ 53 (+112%)
Mutual labels:  integrity, authenticity
meta-secure-core
OpenEmbedded layer for the use cases on secure boot, integrity and encryption
Stars: ✭ 80 (+220%)
Mutual labels:  integrity, secure-boot
SELoader
Secure EFI Loader designed to authenticate the non-PE files
Stars: ✭ 38 (+52%)
Mutual labels:  integrity, secure-boot
hsmwiz
HSMWiz is a frontend for OpenSC, pkcs11tool and pkcs15tool to ease handling of HSM smartcards
Stars: ✭ 27 (+8%)
Mutual labels:  hsm
lemur
Lustre HSM tools
Stars: ✭ 20 (-20%)
Mutual labels:  hsm
yubihsm-rs
Pure Rust client for YubiHSM2 devices
Stars: ✭ 70 (+180%)
Mutual labels:  hsm
hsm
C++ framework library to simplify state-driven code
Stars: ✭ 88 (+252%)
Mutual labels:  hsm
optiga-trust-m
OPTIGA™ Trust M Software Framework
Stars: ✭ 86 (+244%)
Mutual labels:  hsm
gosure
File integrity implemented in Go
Stars: ✭ 16 (-36%)
Mutual labels:  integrity
signatory
Signatory - A Tezos Remote Signer for signing block-chain operations with private keys using YubiHSM and Azure Key Vault
Stars: ✭ 35 (+40%)
Mutual labels:  hsm
tsm
A Hierarchical State Machine Framework in C++
Stars: ✭ 30 (+20%)
Mutual labels:  hsm
napkinXC
Extremely simple and fast extreme multi-class and multi-label classifiers.
Stars: ✭ 38 (+52%)
Mutual labels:  hsm
atlas-checks
OSM data integrity checks with Atlas
Stars: ✭ 43 (+72%)
Mutual labels:  integrity
keyfender
Secure HSM implementation based on MirageOS
Stars: ✭ 33 (+32%)
Mutual labels:  hsm
opencryptoki
PKCS#11 library and tools for Linux. Includes tokens supporting TPM and IBM crypto hardware as well as a software token.
Stars: ✭ 100 (+300%)
Mutual labels:  hsm
checksum-command
Verifies file integrity by comparing to published checksums.
Stars: ✭ 29 (+16%)
Mutual labels:  integrity
devicecheck-appattest
Server-side library to validate the authenticity of Apple App Attest artifacts, written in Kotlin.
Stars: ✭ 45 (+80%)
Mutual labels:  attestation
sicherboot
Unmaintained systemd-boot integration with secure boot support; consider https://github.com/Foxboron/sbctl instead.
Stars: ✭ 31 (+24%)
Mutual labels:  secure-boot
kstatemachine
KStateMachine is a Kotlin DSL library for creating finite state machines (FSM) and hierarchical state machines (HSM).
Stars: ✭ 63 (+152%)
Mutual labels:  hsm
View All Similar Projects ➔

This repository contains sample Android key attestation certificate chains in directories named after the ro.product.model value for the devices where they were generated.

Each of these is a valid certificate chain up to the key attestation root. The devices are running the stock OS with the bootloader locked and verified boot enforcing integrity, which can be confirmed from the metadata in the initial attestation certificate.

The challenge string is set to sample (UTF-8 encoded) rather than the usual random challenge. These are collected with the Auditor app so the app id in the certificate is app.attestation.auditor and the fingerprint is for the release signing key. Older samples are marked with an empty LEGACY file in the directory and use a legacy app id and signing key. The legacy H3113 sample is even older and predates the sample gathering code in the Auditor app. It was generated using ad hoc code in a debug build so it has a different key, random 32 byte challenge string and quick expiry date.

The collection of data published here is public domain / CC0 licensed and is crowdsourced.

Contributing

This project and the apps / services using it depend on data submissions being made from a variety of Android devices.

To help out by contributing data, you'll need any Android device launched with Android 8.0 or later. A device upgraded to Android 8.0 from an earlier version isn't enough. Data submitted from devices running an aftermarket OS is okay but we need at least one submission from a device variant where the device has the stock OS and the bootloader locked. It's easy to tell if the device is running the stock OS from the certificate chain so there's no harm in submissions where the OS has been modified.

To submit data, install the Auditor app (which is available free for non-commercial usage on GitHub), press the menu button in the action bar and press 'Submit sample data' which will submit a sample certificate chain and system properties accessible to the app to https://attestation.app/. The system properties will only be published in a heavily filtered form without properties that aren't constant across devices of that model.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].