-
Lckdyspl7[m]
Is it OK to disable android webview network permissions till they get swapped to GoS parameters
-
Lckdyspl7[m]
Or disable it completely ?
-
renlord
Lckdyspl7[m]: what are you asking?
-
louipc
GoS grade of service?
-
riotuser1993[m]
Why is aurora telling me I need to update auditor and android system webview?
-
riotuser1993[m]
Both built in apps..
-
lev[m]
these questions have come up like 40 million times in the past few days, search and ye shall find your answers
-
aeonsolution[m]
<lev[m] "these questions have come up lik"> yeah, it would be nice if the transient newcomers would at least read the information on the website or search the logs. its really discouraging.
-
lev[m]
I can more understand a little more if they're coming from irc, since having a log to search is a bit less common
-
lev[m]
but yeah, it's right in the topic lol
-
aeonsolution[m]
i think its great that youve stuck around, thats really the only way you can learn from the community
-
aeonsolution[m]
the transient newcomers treat the channel like a helpdesk and that is just way off lol
-
lev[m]
oh yeah, I've definitely learned lots of stuff from the chatter here, it's a great community
-
lev[m]
thats a fairly common mindset, people want immediate answers and not to have to spend any of their own time to attempt to solve a problem
-
lev[m]
though I don't think it's always laziness, but possibly a lack of confidence in their own ability to solve the problem
-
aeonsolution[m]
and i think the lack of confidence is fine as long as they are willing to be open minded when they are getting help from the community
-
lev[m]
yeah for sure, gentle urging to read the documentation, or to search for their question, seems warranted
-
aeonsolution[m]
right. absent of that, they are not respecting people's time.
-
louipc
maybe would be good to have a helpdesk of sorts tho
-
lev[m]
there are also a lot of poeple who are used to a 'product' rather than a 'project'
-
lev[m]
where the onus is on the provider to make it work, and to help you understand, in all circumstances
-
aeonsolution[m]
the provider doesnt even give app support!
-
aeonsolution[m]
people are lucky if they get a ticket opened lol
-
meow_please[m]
GitHub has a discussions feature that lets people ask questions and mark them as answered. You can search, all posts have edit history, etc. And it's integrated with GitHub so you can reference code and issues. So, definitely check it out. Obviously proprietary but who the hell wants to edit and maintain a wiki when you can let users do it in a discussion / stack overflow format instead?
-
meow_please[m]
It's in beta
-
poisonoushydra
:: installls an UNsupported operating system, expects to be supported ::
-
lev[m]
is stackoverflow owned by someone?
-
lev[m]
sounds like github discussions is MS trying to compete in that space
-
lev[m]
stackoverflow is kind of unmatched there, now that I think about it
-
meow_please[m]
Eh I don't think it's competing. It's just bringing communities into one relevant place instead of forcing devs to scatter across various services like discord, slack, etc.
-
meow_please[m]
It's good to be decentralized but these newbie questions will NEVER stop unless there is a QA place for them to go to / search. And that doesn't exist. IRC + the logs is not a replacement for it.
-
lev[m]
yeah, it seems like a pretty reasonable idea, but that's for sure competition, I am not implying malice or anything, it's just better for business for people to stay on your site
-
meow_please[m]
Agreed
-
brockin042[m]1
I was scared! Pixel 2xl recent beta update took 15 min to boot.
-
louipc
hey its beta afterall
-
meow_please[m]
Oh snap. Gitter is joining Matrix... hopefully that means more people coming here! :)
-
nickcalyx[m]
> I was scared! Pixel 2xl recent beta update took 15 min to boot.
-
nickcalyx[m]
Yeah it took a long ass time on CalyxOS too
-
renlord
helpdesk for open source project? LOL
-
meow_please[m]
I think he meant more of a QA not a help desk. Like stack overflow or GitHub discussions (beta).
-
louipc
why the hell not.
-
louipc
maybe even powered by ai
-
waosvavbzirarns4
Howdy! Finally got my ass off reddit to join the real forum
-
waosvavbzirarns4
Gotta say, I bought a Pixel 4 XL a few months ago and I could not be happier about this OS
-
Lckdyspl7[m]
<renlord "Lìckídysplï7: what are you askin"> Well the android webviewer keeps opening itself when I freeze all my apps it shows it opened.
-
Lckdyspl7[m]
Will it open every time I open vand now or something.?
-
Lckdyspl7[m]
Didn't notice it beforehand constantly running
-
Lckdyspl7[m]
I wanna know can I disable it without the phone imploding on me
-
strcat[m]
Lìckídysplï7: the WebView is what provides the web renderer for apps
-
strcat[m]
not sure why you want to disable a core OS component
-
strcat[m]
they are going to crash because they aren't going to handle the exception from WebView being missing if you disable it
-
Lckdyspl7[m]
I never seen it pop up before, thought it was something new running rougue
-
strcat[m]
lots of app embed web content
-
strcat[m]
Lìckídysplï7: the app id is just temporarily different until we're doing Vanadium WebView builds against
-
strcat[m]
org.grapheneos.vanadium.webview is what it will be called again
-
Lckdyspl7[m]
Okay that makes abit more sense
-
strcat[m]
it's not used by Vanadium browser
-
strcat[m]
it's a library used by other apps and runs a sandboxed browser rendering process for them
-
Lckdyspl7[m]
Yeah I am aware of that change 😊
-
Lckdyspl7[m]
Thanks for clearing that up
-
Lckdyspl7[m]
Ahh so when I click a link in an app and it brings up the web page in the app, its webview.
-
Lckdyspl7[m]
Right! 👍
-
strcat[m]
Lìckídysplï7: well
-
strcat[m]
it depends
-
strcat[m]
Lìckídysplï7: if you click a link in an app that usually either opens the browser or a custom tab from the browser
-
strcat[m]
you can tell it's that because it has the Vanadium menu
-
strcat[m]
Lìckídysplï7: apps that use a web rendering widget themselves are using the WebView
-
strcat[m]
a mail client rendering HTML email, lots of embedded forms for login to services, many others things
-
strcat[m]
many apps use it
-
strcat[m]
there are a lot of WebView-based web browsers but that isn't really what I'm talking about
-
arouzing[m]
update just dropped for my pixel 3 :D going to go read the patch notes!
-
Lckdyspl7[m]
Is there a new stable
-
Lckdyspl7[m]
My phones downloading an update on stable channel, is this a GoS release ? I've disabled seemless updates till I get an anwser
-
Lckdyspl7[m]
Nevermind just real release stuff
-
Lckdyspl7[m]
* Nevermind just read release stuff
-
ajsodij
Hi. I've had some issues with the latest 2 updates. When an audioplayer (not the pre-installed one) run by an added user is paused, the screen goes black and I have to unlock the phone again.
-
ajsodij
It also happens on play and rewind
-
louipc
howd u install that player
-
ajsodij
I've tried with AntennaPod, Voice and AudioAnchor
-
ajsodij
F-droid
-
ajsodij
It worked fine before the Android 11 update
-
louipc
theres been a lot of problems with fdroid apps on current android
-
louipc
they use old signatures with fake new API
-
ajsodij
Okay. Thanks.
-
louipc
you might want to try an apk straight from the developer or via aurora store, but app sig will be different, so the data store will be different
-
louipc
probably best to avoid fdroid in the future
-
d3nm6ugnffwftn24
Hi, has anybody experienced gcam stopped working with gcam service provider since Android 11 update? I'm wondering what could cause the issue... Thanks!
-
ajsodij
I should've looked at the issue tracker. It's there already
-
somerand0m[m]
Is there a known issue with not being able to dismiss or snooze alarms when the screen is locked?When this happens I need to unlock my phone and dismiss it through notifications.
-
dazinism
somerand0m: not tried, but think you can tap on the notification on the lock screen?
-
sphinxcat[m]
<louipc "they use old signatures with fak"> That's not related.
-
sphinxcat[m]
* That's not related to the issue.
-
louipc
i see
-
cecemimi[m]
There was an update a few days ago, and on reboot, my f-droid flashlight app was uninstalled and vinyl music player 'keeps stopping' after its splash screen. Is this kind of thing known/ordinary?
-
louipc
oh yea that is definitely the fdroid thing. apps disappearing
-
louipc
seems like theres a problem with music players tho
-
dazinism
cecemimi: yeah, the app disappearing is a problem with fdroid. Think the player acting weird is an issue with Android 11
-
cecemimi[m]
So i reinstalled flashlight, ok, but vinyl cant work still
-
cecemimi[m]
Oh ok
-
dazinism
Maybe try a different player for a bit?
-
cecemimi[m]
Sure, will do, recommendations welcome, but will search
-
ajsodij
It only happens when I run the apps by a separate (not main) user account
-
sphinxcat[m]
-
cecemimi[m]
Thanks for pointing to that, good to know.
-
-
-
somerand0m[m]
day known Odd. When I leave the device on a flat surface I have the options. But if I pickup the device I lose those options on the lock screen.
-
unsafeoppa[m]
@renlord can I pm you?
-
Lckdyspl7[m]
Shuttle+ works.awesome.as a music player
-
alzxjm[m]1
I like Vinyl player.
-
syscall[m]
Can I usw Ethernet with an usb-c otg Ethernet adapter ? I usw the pi
-
syscall[m]
xel 2 thanks for any advice ...
-
dazinism
somerand0m: you can turn off 'lift to check phone' in gesture settings.
-
dazinism
syscall: some people have used ethernet via usb otg
-
null[m]
I use "Music". Fork of Phonograph just like Vinyl is.
-
null[m]
I don't remember the exact differences
-
somerand0m[m]
<dazinism "somerand0m: you can turn off 'li"> Yep, it works when you turn it off. I guess I'll need to leave it at that for the time being or switch the Google one which works.
-
unknown01234[m]
<somerand0m[m] "IMG_0454-1.jpg"> What vpn do you use?
-
makingaliasesisa
I use mullvad.
-
makingaliasesisa
oh
-
makingaliasesisa
not a general question :P
-
makingaliasesisa
I only saw a picture and the sent image part 😂
-
makingaliasesisa
and not the sent image part*
-
makingaliasesisa
i cant type /
-
makingaliasesisa
:/
-
anupritaisno1[m4
-
anupritaisno1[m4
#grapheneos-offtopic:matrix.org
-
makingaliasesisa
Sorry i was replying to the question above sorry
-
makingaliasesisa
but thank you
-
somerand0m[m]
<unknown01234[m] "What vpn do you use?"> Probably not the answer you're looking for but It's a VPN to my home. :)
-
makingaliasesisa
nice
-
makingaliasesisa
i think that is cool. I want to do something similar.
-
makingaliasesisa
/exactly
-
makingaliasesisa
wireguard as well?
-
somerand0m[m]
It's only really worthwhile if you have resources at home you want to use or route all your traffic through.
-
makingaliasesisa
yeah i have the resources
-
somerand0m[m]
Nah IPSec for the time being but I will transition.
-
makingaliasesisa
Cool
-
Erraverunt
Anyone using Vinyl music player? Newest relase says android 11 compatible but works randomly or doesnt work
-
Sheru[m]
<Erraverunt "Anyone using Vinyl music player?"> I have it, not tested yet
-
Sheru[m]
I'll go check
-
Erraverunt
Background player is not on the first drag down menu from top, but on second, and cant close the app from there
-
alzxjm[m]1
<Erraverunt "Anyone using Vinyl music player?"> Works so far for me. A11 on Pixel 4 XL
-
alzxjm[m]1
I use it daily.
-
Erraverunt
Or has the drag down menu from top changed radically that I cant close apps from there any more?
-
Sheru[m]
<Erraverunt "Anyone using Vinyl music player?"> It crashes on me
-
Sheru[m]
It's literally unusable
-
Erraverunt
Yeah same for me, which device are you on?
-
Erraverunt
The newest aurora store version doesnt crash for me, but doesnt work like it should
-
Erraverunt
froid version crashes instanly
-
Sheru[m]
Pixel 3a
-
Sheru[m]
I use aurora store
-
Erraverunt
I'm on pixel 3a too
-
Sheru[m]
Odd, Aurora Store version crashes on me frequently.
-
Sheru[m]
<Erraverunt "froid version crashes instanly"> It's outdated, right?
-
Sheru[m]
I'll retry
-
Erraverunt
Yeah I think it is
-
Sheru[m]
24.0.169
-
Sheru[m]
On Aurora Store
-
Sheru[m]
Anyways, I only gave it Storage permission on Media, nothing else.
-
Sheru[m]
If it crashes because no network permission, uninstalling it in a heartbeat
-
Sheru[m]
App developers need to be competent
-
Sheru[m]
Not do stupid crap like crashing when network permission is denied
-
louipc
make a better one :D
-
anupritaisno1[m4
<Sheru[m] "Not do stupid crap like crashing"> You realize who is wrong here?
-
Erraverunt
I only gave storage too, doesnt crash but I see that android 11 changed the notification "area" which is causing my problems. Also imo changed for worse
-
Sheru[m]
Yeah sure, forcing user to grant internet permission
-
Sheru[m]
It plays normally after granting it, then denying it again
-
Sheru[m]
Would have been better if apps were designed to run with or without such permission, even Microsoft does this thing
-
Erraverunt
any way to close vinyl from notifications with swiping right, like it was possible before android 11?
-
Sheru[m]
Not really
-
Sheru[m]
<Erraverunt "any way to close vinyl from noti"> Pausing it in app/notif or force stopping are the only ways
-
Erraverunt
Cant even close vinyl from swiping up from bottom to show running apps and closing it there
-
Erraverunt
Both of these worked before
-
Sheru[m]
Yeah, consider checking their issue tracker?
-
Sheru[m]
* Would have been better if apps were designed to run with or without such permission, even Microsoft does this thing (as in forced network permission unnecessarily)
-
Erraverunt
Yeah checked it, it only has 1 problem which I have listed (file names not displayed if they have no tags), propably gotta report these problems myself
-
faxing[m]
yay 2-button navigation is back in settings!
-
faxing[m]
lol
-
Sheru[m]
Yay
-
Sheru[m]
If only it has the same app switching option, but it's better than nothing yay
-
esmspwdcesmrcbt4
<Sheru[m] "Not do stupid crap like crashing"> That's not it.
-
Sheru[m]
Yeah
-
Sheru[m]
It was not the only issur
-
-
hkprotestor11[m]
* Hello everyone. I have a question regarding the Android 11 port. I usually check GitHub to be updated with GrapheneOS development and I see that the "port SELinux policy hardening from Android 10 to Android 11" issue in the Android 11 port milestone is still open with only 2 closed PR's and another 8 still open.
-
hkprotestor11[m]
I've been holding back updating my phone to Android because I fear it'll degrade the OS security, I'm a Hong Kong protestor and I'm sure you already know that the authorities are not really friendly around here.
-
hkprotestor11[m]
Should I hold back updating until the team finishes the hardening porting or am I safe? I really don't want to take any chances with police around here.
-
hkprotestor11[m]
* Hello everyone. I have a question regarding the Android 11 port. I usually check GitHub to be updated with GrapheneOS development and I see that the "port SELinux policy hardening from Android 10 to Android 11" issue in the Android 11 port milestone is still open with only 2 closed PR's and another 8 still open.
-
hkprotestor11[m]
I've been holding back updating my phone to Android 11 because I fear it'll degrade the OS security, I'm a Hong Kong protestor and I'm sure you already know that the authorities are not really friendly around here.
-
hkprotestor11[m]
Should I hold back updating until the team finishes the hardening porting or am I safe? I really don't want to take any chances with police around here.
-
anupritaisno1[m4
[hkprotestor11](
matrix.to/#/@hkprotestor11:matrix.org): I've already finished the selinux port
-
anupritaisno1[m4
There's a PR with properly cleaned commits already open by me and tested
-
anupritaisno1[m4
If you want to see the actual steps for the bringup you can see the whole commit history here
github.com/GlassROM-devices/platform_system_sepolicy/commits/11
-
anupritaisno1[m4
The entire thing was squashed on the pr branch and sent in
-
anupritaisno1[m4
It's just that there's other issues that take more priority than selinux hardening right now
-
hkprotestor11[m]
Well thanks a lot for the wonderful work to you and the whole team. So you've done all the work needed and tested but it's like, we can say, in the queue to be committed in the Graphene repos?
-
anupritaisno1[m4
Yes
-
anupritaisno1[m4
Although everything seems fine on the surface it will take a while to review this
-
hkprotestor11[m]
In general, I always prefer that things take as much time as they need rather than do it the EA Games way, publish an unfinished product with first day updates
-
hkprotestor11[m]
Given my situation, should I wait and stick to the stable Android 11 release for now or should I update to latest stable? I just don't want to take chances with HK government
-
anupritaisno1[m4
Selinux hardening is only for the base system
-
anupritaisno1[m4
What we are doing is we mark system apps
-
anupritaisno1[m4
By their signature since we sign them ourselves
-
anupritaisno1[m4
Then we just out them in a separate selinux context
-
hkprotestor11[m]
Thanks for all that info and for being friendly. stay safe everyone
-
anupritaisno1[m4
[hkprotestor11](
matrix.to/#/@hkprotestor11:matrix.org): and then we remove a few permissions for the base system
-
graphene4tw3[m]
Hey guys, is there going to be Pixel 5 support?
-
alzxjm[m]1
<graphene4tw3[m] "Hey guys, is there going to be P"> Maybe. Depends on whether or not someone volunteers to be a Pixel 5 device maintainer.
-
alzxjm[m]1
There is no guarantee this will happen.
-
strcat[m]
hkprotestor11: you should certainly upgrade... otherwise you're missing the 2020-09-05 security update and the substantial privacy and security improvements in Android 11
-
strcat[m]
hkprotestor11: you're hurting your privacy and security by not following along with the updates, we weren't going to hold back an important upgrade just because not all our downstream security enhancements were ported over, and the vast majority is ported over
-
ferahdi[m]
Hi all, not sure if this is the right place to ask. But all of the sudden Hotspot is not working and I tried the factory reset. Two factor applications also stopped working a few days ago. Looked around and can not see anyone else reporting these issues. Is this to be expected and I need to do a re-install of GrapheneOS?
-
propertype[m]
Auditor has stopped working since the latest update. If I try to manually start an attestation it fails too.
-
strcat[m]
failing in what sense?
-
strcat[m]
provide information including the error message
-
propertype[m]
Failed to verify certificate
-
propertype[m]
How do I create a screenshot with android 11
-
strcat[m]
looks like there might be a date issue
-
strcat[m]
with Titan M
-
propertype[m]
It tells me something referring to a false date. Not before Jan 1 Not after May 23
-
strcat[m]
what date does it show
-
strcat[m]
in the error
-
strcat[m]
Not Before and Not After dates
-
strcat[m]
what are they?
-
-
propertype[m]
Got it
-
strcat[m]
which device is this
-
propertype[m]
Pixel 3a XL
-
propertype[m]
Running RP1A.200720.009.2020.09.29.20
-
propertype[m]
Last successfull attestation was yesterday before the update
-
strcat[m]
can you see what happens if you set your date to 2016
-
strcat[m]
and then try verifying
-
strcat[m]
on both devices
-
propertype[m]
Sure. moment
-
strcat[m]
all that changed in in the most recent release is that we fixed time sync
-
alzxjm[m]1
I can replicate this on Pixel 4 XL
-
strcat[m]
try the date suggestion I gave above to debug
-
strcat[m]
all we changed in the last release is fixing time sync
-
strcat[m]
this seems like an Android 11 Titan M bug
-
strcat[m]
Auditor is doing what it's supposed to be doing
-
ferahdi[m]
I am running same build and get the same error. Pixel 3a
-
strcat[m]
it's getting invalid information
-
strcat[m]
from hardware
-
propertype[m]
Now I got that. My date is October 1 2016
-
-
alzxjm[m]1
Under Settings > Date & time? Manually change the phone to a 2016 date?
-
strcat[m]
alzxjm: try even earlier
-
strcat[m]
2010
-
strcat[m]
seems Titan M is not getting time synced to it properly
-
strcat[m]
seems like a Titan M bug
-
propertype[m]
OK. Brb
-
-
propertype[m]
Not working with 2010 either
-
alzxjm[m]1
No change for me using 2010
-
strcat[m]
but the date did change
-
propertype[m]
Yes. Did change when I used 2016, too
-
Sheru[m]
Can confirm this bug happens
-
Sheru[m]
Changing the date to 2022-2023 makes the local verification work
-
strcat[m]
well, Auditor is catching a real problem
-
strcat[m]
I can release an update that stops checking for the problem
-
strcat[m]
I am not sure what to do about that
-
-
Sheru[m]
Occured at latest beta update at sargo
-
strcat[m]
Auditor is correct
-
strcat[m]
Sheru: it's just because the latest update added back network time sync
-
strcat[m]
the network time sync is working properly
-
anupritaisno1[m4
ah i see
-
anupritaisno1[m4
validity not before 2022
-
Sheru[m]
Yeah, apparently that is a problem too
-
anupritaisno1[m4
Sheru: erase data for auditor
-
Sheru[m]
Alright
-
anupritaisno1[m4
pair it again btw
-
anupritaisno1[m4
old pairings won't work
-
-
Sheru[m]
Same issue
-
Sheru[m]
I'll be right back testing at 2021, 2022
-
propertype[m]
<anupritaisno1[m4 "pair it again btw"> Doesn't really solve the core of the problem does it?
-
anupritaisno1[m4
oh yeah i forgot
-
anupritaisno1[m4
why would that work
-
anupritaisno1[m4
mrxx_0 is typing a novel guys
-
mrxx_0[m]
Hey strcat it has been few months since I am using GrapheneOS and I want to help maintaining a device. I am on a 3a XL atm (this is my primary phone, can't do much on it). I just had my internship's pay and wanted to work on Pixel 5. But we will not get upstream AOSP before months so I prefer working on an older device. The 4a was in my choice, but what suits the best for you since you are working on 2/2XL (near from
-
mrxx_0[m]
the end but sill) 3/3XL and 3a/3aXL ? Maybe I can find a cheap 3a or xl and you prefer working on the 4a ? Tell me :)
-
anupritaisno1[m4
just remember that matrix doesn't handle huge messages well and you may need to reset your client if it stops working
-
mrxx_0[m]
anupritaisno1: hahaha you were right
-
anupritaisno1[m4
mrxx_0 you should tag me
-
anupritaisno1[m4
i do all the new bringups for now
-
mrxx_0[m]
Oh my bad, I didn't know
-
mrxx_0[m]
Glad you were here when I send the message
-
anupritaisno1[m4
buy whatever you want
-
anupritaisno1[m4
then message me
-
anupritaisno1[m4
it'll be quite a while before we support the 5 and later devices btw
-
anupritaisno1[m4
we don't even have bendor support going for them yet
-
anupritaisno1[m4
* we don't even have vendor support going for them yet
-
anupritaisno1[m4
fucking shit keyboard always a typo everywhere
-
mrxx_0[m]
So 3a would be a good choice
-
anupritaisno1[m4
4a
-
Sheru[m]
It does not
-
Sheru[m]
Only when changing the date to 2023 and beyond
-
Sheru[m]
Local attestaion will work
-
mrxx_0[m]
Got it anupritaisno1
-
anupritaisno1[m4
Sheru reset
-
anupritaisno1[m4
it must go
-
Sheru[m]
I have reset every single date change
-
anupritaisno1[m4
we cannot allow such an invalid certificate to be used
-
anupritaisno1[m4
and it is not just auditor
-
anupritaisno1[m4
other apps will also be affected
-
anupritaisno1[m4
Sheru i mean go to recovery and wipe data
-
Sheru[m]
Yeah, ask everyone to reset
-
anupritaisno1[m4
Sheru: not necessary
-
strcat[m]
anupritaisno1: you're giving bad advice
-
strcat[m]
people shouldn't ever repair
-
strcat[m]
* people shouldn't ever redo the pairing
-
anupritaisno1[m4
anyone who upgraded will just have their proper cert
-
strcat[m]
no
-
strcat[m]
that's not the problem
-
strcat[m]
you're giving bad advice
-
Sheru[m]
Huh, it still gives off green at later date (2023 and beyond)
-
strcat[m]
Sheru: yes because as you can see from the output the certificate is being marked as having a Not Before date of 2022
-
strcat[m]
by the secure element
-
strcat[m]
and Auditor is correctly producing an error
-
strcat[m]
it isn't 2022
-
strcat[m]
if a certificate isn't valid until 2022, it isn't valid yet
-
anupritaisno1[m4
strcat: sorry
-
strcat[m]
people should NEVER delete pairings when they encounter an error with an existing pairing that was working
-
anupritaisno1[m4
i deleted those messages
-
strcat[m]
they should never delete pairings either for local verification or remote verification based on it not working anymore
-
strcat[m]
then you lose the ability to perform a strong verification rather than starting over again with a new initial weak verification
-
strcat[m]
if a strong verification fails that is not a reason to delete the pairing and start over with a weak verification
-
strcat[m]
and if it DID address the problem, how do you know it's not because you threw away the ability to do a strong verification?
-
strcat[m]
you can no longer confirm it's the same device as before or that the old device wasn't compromised
-
strcat[m]
getting an error about an invalid date (look at what it says in the output) is a bad reason to wipe your ability to do strong verifications
-
strcat[m]
Auditor is doing the right thing here - it's finding a problem
-
strcat[m]
I don't know what the cause of the problem is, but it's a real problem being found, some kind of time sync issue
-
strcat[m]
there is not much point of using Auditor if you're going to ignore the problems it finds and treat it as a bug in Auditor
-
strcat[m]
according to the output, the attestation certificate has a Not Before date of 2022, making it invalid
-
strcat[m]
we don't know why that's happening for some people yet
-
strcat[m]
we do know that in the last release of GrapheneOS, we added back working network time updates by fixing our HTTPS network time update implementation
-
strcat[m]
we haven't changed the code that syncs it from the OS to other components
-
strcat[m]
but it seems there's either something wrong with that code, or with the code handling this on those components, including the secure element used by Auditor to generate keys (it doesn't use TrustZone if a secure element keystore is available)
-
strcat[m]
Auditor is correct that it's invalid - it's not an Auditor or AttestationServer bug
-
strcat[m]
it could be temporarily worked around in Auditor / AttestationServer
-
Lckdyspl7[m]
Shuttle+ works.awesome.as a music player
-
strcat[m]
going to do a temporary workaround for Auditor and AttestationServer
-
strcat[m]
it doesn't need to be validating the date on the first certificate, just the remaining ones in the chain, since the first one has the random challenge in it anyway
-
strcat[m]
seems to work
-
strcat[m]
doing a new release of the Auditor app with a workaround for this
-
strcat[m]
-
strcat[m]
try this
-
alzxjm[m]1
That worked.
-
strcat[m]
if people run into issues with a Beta release we need to know so we can address the issues and push out a new release instead
-
strcat[m]
this is an upstream issue that Auditor uncovers and it seems that when we added back time sync in the last release that triggers this time sync issue in the firmware
-
strcat[m]
it only happens with the secure element keystore, not the TrustZone keystore
-
strcat[m]
so if we were still using the TEE everywhere we wouldn't have run into it but we use the more secure SE (StrongBox) keystore when available
-
strcat[m]
and apparently there are still growing pains with StrongBox
-
anupritaisno1[m4
strcat: wait so we don't need to check validity date of the root cert?
-
strcat[m]
we have one of the few apps using it
-
strcat[m]
anupritaisno1: we don't need to check that but the code is still checking it
-
anupritaisno1[m4
just the remaining certs in the chain?
-
strcat[m]
anupritaisno1: read what the code is doing carefully
-
strcat[m]
anupritaisno1: the certificates go attestation -> batch -> intermediate -> root
-
strcat[m]
we are only disabling checking Not Before / Not After for our own attestation certificate
-
strcat[m]
and we know that's safe because we are checking that it contains the random challenge
-
strcat[m]
which the Auditor side provided to the Auditee side
-
strcat[m]
so it can't be using a stale certificate anyway - and it would be insecure to actually rely on checking Not Before / Not After rather than the challenge
-
strcat[m]
anupritaisno1: of course, we should be able to check them, but it doesn't downgrade security in any way to only check the batch, intermediate and root time validity
-
strcat[m]
anupritaisno1: I had no reason to only check those when I could just check all of them, but since there is a time sync issue, we can't check the attestation certificate times right now
-
strcat[m]
anupritaisno1: also, this is essentially a permanent issue now
-
strcat[m]
since persistent certificates are going to have the wrong times
-
strcat[m]
but what else can I do about it?
-
strcat[m]
I don't really see what else we could do
-
strcat[m]
we are limited by hardware capabilities
-
strcat[m]
if the secure element doesn't know how to set proper times on the attestation certificate we just can't be enforcing checks on them
-
strcat[m]
each device has unique problems
-
strcat[m]
trying to support a ton of devices in Auditor has proved to be too hard
-
strcat[m]
* trying to support a ton of devices in Auditor has proven to be too hard
-
strcat[m]
without a dedicated maintainer for Auditor device support we can't be expanding device support further in it
-
anupritaisno1[m4
<strcat[m] "without a dedicated maintainer f"> but i already said i will be doing it
-
strcat[m]
I thought about it some more
-
strcat[m]
and after this firmware issue is fixed I think we can remove the workaround
-
cx2[m]
Hey all, random request:
-
cx2[m]
I’m in school for software development (finally). I have an assignment that requires an “Informational Interview.” Essentially I am to interview someone currently working in the field that I am studying.
-
-
anupritaisno1
Okay
-
anupritaisno1
How does this work
-
anupritaisno1
Do you see this message?
-
louipc
yes
-
shdudbdjdj[m]
Hi, i am in the latest Beta (29.9 but the Bug was also in the Version before) and have a strange bug when using deezer in my Music user profile. When i hit play the screen turns black and then goes on again. Sometime i am getting a Notification while this occurs about the full screen mode enganging or something like that.
-
shdudbdjdj[m]
Using Pixel 3a
-
strcat[m]
shdudbdjdj: can you get logs from either `adb logcat` or the bug report capture tool in the OS and show them to anupritaisno1
-
shdudbdjdj[m]
<strcat[m] "shdudbdjdj: can you get logs fro"> I will do so (:
-
strcat[m]
we've heard people say they have issues with the camera on Android 11 and in certain cases with music apps seemingly tied to secondary profiles
-
strcat[m]
but we need more information
-
strcat[m]
I closed the issue currently opened about issues with the camera because it hasn't been productive, not getting answers to my questions or the requested information
-
strcat[m]
I need someone to file an issue that's going to be able to provide the requested information and stick to the topic of the issue (file 1 issue per problem)
-
strcat[m]
if we can't replicate an issue and the user won't help us debug it by trying our suggestions and getting the necessary info, it has to be closed
-
shdudbdjdj[m]
> <@shdudbdjdj:matrix.org> Hi, i am in the latest Beta (29.9 but the Bug was also in the Version before) and have a strange bug when using deezer in my Music user profile. When i hit play the screen turns black and then goes on again. Sometime i am getting a Notification while this occurs about the full screen mode enganging or something like that.
-
shdudbdjdj[m]
> Using Pixel 3a
-
shdudbdjdj[m]
anupritaisno1 Can you pm me? I have a bug report for you. No clue how to start a private chat in this app :D
-
shdudbdjdj[m]
<strcat[m] "if we can't replicate an issue a"> I try my best to help :D I am good in following instructions:P
-
strcat[m]
-
strcat[m]
was initially filed on the AttestationServer repository twice and I transferred this one here + deleted the other
-
strcat[m]
and I edited out + deleted comments talking about other stuff to keep it on this topic
-
strcat[m]
but... if I'm not going to get info I need from it, might as well give up on it and wait for someone else to file one
-
strcat[m]
I'll probably do another release primarily to push out the new Auditor v21 to everyone
-
strcat[m]
but would be nice to include any other relevant fixes for the next release
-
shdudbdjdj[m]
<strcat[m] "
github.com/GrapheneOS/os"> My camera works find on3a and latest update (:
-
shdudbdjdj[m]
*on the
-
strcat[m]
I should have done this more aggressive workaround for the time issue originally in v19 of Auditor
-
strcat[m]
-
strcat[m]
> workaround for StrongBox issue discovered on Android 11 Pixels
-
strcat[m]
I implemented the workaround I've switched to now earlier, but I decided to use a less aggressive workaround
-
strcat[m]
since that was working then
-
strcat[m]
since it's a time issue, it seems like time passing has made the problem worse
-
strcat[m]
I suspect the issue is something like time being serialized and sent over to the secure element in a broken way
-
strcat[m]
it's occurring on the stock OS too (that's where we originally detected and worked around it)
-
strcat[m]
it got worse recently, past couple days
-
strcat[m]
I don't think it was connected to our release after all
-
strcat[m]
since people started reporting it on the stock OS
-
strcat[m]
TEE keystore is very widely used and has all these kinds of weird little issues worked out
-
strcat[m]
I was sanity checking absolutely everything so we were bound to find some problems
-
strcat[m]
their key attestation sample doesn't check this
-
poisonoushydra
Bye bye!