Android provides a standard hardware attestation system with support for alternate operating systems via allowing their verified boot key fingerprints. It's mainly used with Google's root of trust and remote key provisioning service but the API supports alternative roots of trust.
Volla's Unified Attestation is fully built on Android's hardware attestation API. It solely exists to create a centralized authority and service determining what's allowed under their control.
https://mastodon.social/@volla/116238706890314617
from the companies involved in it while forbidding using arbitrary alternatives. They clearly aren't going to enforce reasonable security standards since their products wouldn't meet those. The whole purpose of the system is to permit their products regardless of merit and convince banking/government apps to adopt it.
There's nothing neutral or fair about a system controlled by companies approving their own products while disallowing other options.
Companies forming an anti-competitive cartel providing a service which permitting their products and while disallowing others isn't legal regardless of how they market it. It's not legal when Google does it with the Play Integrity API and it's not legal when it's Volla, Murena and iodé doing it.
We won't be participating in a system which gives these companies veto power over app compatibility on GrapheneOS. These companies will not be given the power to make arbitrary demands of GrapheneOS.
regulators over the past several years about the Play Integrity API to have action taken against it. Unified Attestation is a massive disruption to our efforts and will get in the way of having regulators take action against this. We've also been considering filing a lawsuit against Google over the Play Integrity API.
Unlike Google, the companies involved in Unified Attestation don't have massive resources to defend their anti-competitive system.
delegating verification to a centralized service. One or more neutral organizations could exist certifying devices and operating systems without providing a centralized API. Those organizations could simply provide signed releases with the roots of trust, revoked keys and operating system key fingerprints. Apps could use multiple different certifying organizations. This is already something Android's hardware attestation API fully supports today.
Volla, Murena and iodé are each a for-profit company selling devices. Each of them has failed to keep up with important security patches and protections. Each has marketed their products as providing a level of security they don't provide. It's very clear why these 3 companies want to be in charge of choosing which devices and operating systems people are allowed to use. They want to make sure their products are permitted and want to have an advantage over others to boost their profits.
Unified Attestation is an anti-competitive cartel turning a decentralized decision into a centralized one. Instead of neutral organizations being formed to certify devices without a massive conflict of interest, these companies will sign off on their products regardless of the level of insecurity. Multiple competing companies forming a cartel which locks out other options is not legal. We're fully willing to file one or more lawsuits over this. It should be discontinued now prior to harming us.
Can Graphene not make its own attestation system with its own root of trust?
Forgive my ignorance but as a user, how would this affect me?
Is the fear that, through legislation, everyone will be forced to use Volla’s unified attestation, therefore hindering Graphene’s ability to operate independently? If so, again, as a user, what does that look like for me? How big of a deal is this?
This is an argument of principle, if I'm understanding it correctly. GrapheneOS wants as many opportunities to get on devices that meet their criteria as possible, and mandating this alternative attestation be part of the OS might prevent GrapheneOS from ever being compatible with these devices unless the GrapheneOS devs implement it. The devs do not want and/or agree with it in its current form, for the reasons they laid out.
That being said, GrapheneOS already does implement the hardware attestation they talk about, and in fact I am using it right now via the remote attestation setup with GrapheneOS's attestation server.
https://attestation.app/