platform_packages_apps_Updater icon indicating copy to clipboard operation
platform_packages_apps_Updater copied to clipboard
verified publisher icon GrapheneOS

sign channel metadata to enforce release channel name

Open thestinger opened this issue 6 years ago • 1 comments

After the zip is verified, the metadata is verified against it to make sure that it was accurate. However, it would be nice to have offline signing of the update channel metadata in a way that enforces the channel name. At the moment, if an attacker takes over the server, they can't do much, but one thing they could do is move the current beta release into the stable channel.

thestinger avatar Jul 06 '19 13:07 thestinger

The channel name is now in the metadata but this probably should have included the device name too so we'll need to add another field with the device name. Essentially, it needs to have the file name (DEVICE-CHANNEL) in the metadata.

thestinger avatar Sep 29 '20 18:09 thestinger