Grant Joseph on Nostr: GrapheneOS Do you have any good resources you could share about how attestation key ...
GrapheneOS (npub1kwa…e0nj) Do you have any good resources you could share about how attestation key provisioning works in detail? My understanding is it used to use a batch key from the factory. Now it uses a unique key but only to provision keys from Google. These keys have no chain to the permanent device key so the key recipient and Google would have to work together to uniquely identify a device. Is that right?
Published at
2025-03-25 10:11:33Event JSON
{
"id": "1620c56c08ce577bc88c6c6e28f59d4a9df981ebb84d4797c3d8b66c95dd1b32",
"pubkey": "aa00e048807cc42ad98d805e34dbfd7f60832596cf92f6afa4de89a0c751e822",
"created_at": 1742897493,
"kind": 1,
"tags": [
[
"p",
"b3ba3c5045fbaf99be9cb4daa9f1d7baeedaba0fc5b91596511e2fb7a70dd7f9"
],
[
"proxy",
"https://mastodon.social/@GrantJoseph/114222530118426513",
"web"
],
[
"proxy",
"https://mastodon.social/users/GrantJoseph/statuses/114222530118426513",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/GrantJoseph/statuses/114222530118426513",
"pink.momostr"
],
[
"-"
]
],
"content": "nostr:npub1kwarc5z9lwhen05uknd2nuwhhthd4ws0cku3t9j3rchm0fcd6luslse0nj Do you have any good resources you could share about how attestation key provisioning works in detail? My understanding is it used to use a batch key from the factory. Now it uses a unique key but only to provision keys from Google. These keys have no chain to the permanent device key so the key recipient and Google would have to work together to uniquely identify a device. Is that right?",
"sig": "67e537edc21891baf235b2075a2a1d27a7f86bfebe5d643c84145b12eb08c12622a740e313973768a7127ca9512fec0c518998e597036af433f7bff552572299"
}