remove Auditee self-check

For convenience, we implemented support for a basic verification of the attestation on the Auditee side. However, this needs to go away as part of giving the Auditor side including our remote attestation service more visibility into why failures are happening. Removing this has been planned for a long time but didn't happen until now due to since it wasn't as trivial to remove before 228d629.
GrapheneOS · Sep 27, 2024 · 4d62bb9 · 4d62bb9
1 parent a1fdad7
commit 4d62bb9
Showing 1 changed file with 0 additions and 7 deletions.
diff --git a/app/src/main/java/app/attestation/auditor/AttestationProtocol.java b/app/src/main/java/app/attestation/auditor/AttestationProtocol.java
@@ -1393,13 +1393,6 @@ static AttestationResult generateSerialized(final Context context, final byte[]
                 attestationCertificates = getCertificateChain(keyStore, attestationKeystoreAlias);
             }
 
-            // sanity check on the device being verified before sending it off to the verifying device
-            verifyStateless(attestationCertificates, challenge, hasPersistentKey,
-                    new byte[][]{readRawResource(context, R.raw.google_root_0),
-                        readRawResource(context, R.raw.google_root_1),
-                        readRawResource(context, R.raw.google_root_2),
-                        readRawResource(context, R.raw.google_root_3)});
-
             // OS-enforced checks and information
 
             final DevicePolicyManager dpm = context.getSystemService(DevicePolicyManager.class);