-
-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
java.security.ProviderException: Failed to generate attestation certificate chain. #107
Comments
It appears to be a genuine failure by the hardware. Did you have Android 12 installed? It's known to cause issues by updating the Titan M firmware to a newer version which cannot be downgraded. You likely won't be able to have various features tied to it working until Android 12 in that case. |
i.e. pretty sure this is essentially a bug in Android 12: they didn't properly support downgrading |
I got the phone refurbished. So I have no idea about the prior software. For now I'll try to update to the latest android 12 beta 3. Afterwards I'll try to install GOS again. Thanks for your response. |
Try verifying with Auditor on the Android 12 Beta. It will probably work. Once you go back to either Android 11 (stock) or GrapheneOS, it will presumably be broken again. |
I just installed the latest android release (12 beta 3) but the same error persists.
This log differs from the log on the latest GOS. The line "E keystore2: 0: While generating Key without explicit attestation key." may suggest that I don't have a valid key stored in the Titan ship? I have now idea how these kind of things are implemented. |
Same Issue Here with a second hand phone. Did you figure it out ? @double2double |
Hi @enterth I was not able to fix this yet. For now, I have updated the phone to android 12 beta, but the error persists. Maybe the phone has been serviced with non official parts? I don't however have any idea how/if this could affect the attestation. |
Have you tried verifying it locked with Android 12 Beta? |
I just checked the bootloader in Fastboot Mode. Fastboot reports that the bootloader is locked (green text).
|
This should get downgraded back to the older version when you move back to Android 11. It likely won't work properly if you have a mix of Android 11 and Android 12 firmware. |
@double2double "I got the phone refurbished" this is what makes me think that the hardware is questionable. I also bought a refurbished phone (from Asia). I highly suspect that some parts have been changed and this is the reason why I'm unable to communicate with key storage. I was thinking that maybe the motherboard has been changed and maybe keys inside titan chips are simply not created because this is probably done when the phone goes out from the Google factory. I have tested auditor app on 2 other Google pixel 3a / 3a XL and there are no errors. I'm really surprised that a Pixel Phone without those keys still able to boot up and show no errors. I have sent back the phone and I'll buy another pixel 3a. |
Hello..Does anyone can tell me how to connect to irc for graphenesOs please.Cheers!s0ftC3£L20.08.2021, 8:38 pm, "enterth" ***@***.***>:
@double2double "I got the phone refurbished" this is what makes me think that the hardware is questionable.
I also bought a refurbished phone (from Asia). I highly suspect that some parts have been changed and this is the reason why I'm unable to communicate with key storage.
I was thinking that maybe the motherboard has been changed and maybe keys inside titan chips are simply not created because this is probably done when the phone goes out from the Google factory.
I have tested auditor app on 2 other Google pixel 3a / 3a XL and there are no errors.
I'm really surprised that a Pixel Phone without those keys still able to boot up and show no errors.
I have sent back the phone and I'll buy another pixel 3a.
—You are receiving this because you are subscribed to this thread.Reply to this email directly, view it on GitHub, or unsubscribe.
|
I just installed GrapheneOS and tried to verify the installation with the bundelt Auditor app (version 27).
This gave me the following error: java.security.ProviderException: Failed to generate attestation certificate chain.
I tried multiple things already:
I'm also not able to set up the remote attestation service with this phone.
Below this text, you can find the a part of the log generated by adb. I replaced the attestation_key by XX, because I don't know if I can share this key in public.
Thanks for your response!
The text was updated successfully, but these errors were encountered: