Auditor should automatically start supporting models after getting enough sample data
sebastiannielsen opened this issue · 3 comments
I can see models like Samsung Galaxy S21 not still being supported, even tough it has all hardware features to support Auditor verification.
My suggestion: After receiving sample data (signed attestation data) from enough of different models, and this signed attestation data is similiar enough, AND it hasn't received too many dissimiliar data (which could be an attacker trying to manipulate the database) AND the attestation data is already signed with a key/certificate that a supported model uses (for example, Samsung key),
then it could automatically start supporting that model.
By requiring the data to be signed with a certificate/key that chains up to a certificate/key of a already supported model, it would be very hard to inject fake data - you would need a leaked key for that.
The reason we haven't been adding newer devices is due to lack of development resources. Someone needs to develop better tooling for handling the samples based on the AttestationServer port of the code to make it into a nice CLI tool and then we need someone who regularly works on this.
Samsung has literally dozens of device models for each of their device variants like the Galaxy S21 which means it's a lot more work to add support for all of them than it seems. The issue isn't that attestation data isn't trusted since the attestations are verified before adding them.
But if the attestation data is trusted - why cannot the system automatically add the sample into the system then?
I tought you required these samples to be manually reviewed to check that a attestation for example a pixel 5 isn't sneaked in as a attestation for Samsung S21 by cross-checking samples from other Samsung S21's
There isn't tooling developed to automate as much as possible and manual changes are often required. There's no need to manually check something due to what the attestation feature provides.