Springe zum Hauptinhalt

Really Verifying LineageOS Build Authenticity

Re­-­e­sta­blish the chain of trust af­ter the way to ve­rify pu­blic builds has chan­ged

LineageOS Logo (Quelle: Wikipedia)

The Li­nea­ge team has chan­ged the way they sign the pu­blic builds. Un­for­tu­na­te­ly this change is not yet well com­mu­ni­ca­te­d: The "Ve­rify­ing Build Au­then­ti­ci­ty" wi­ki pa­ge as of to­day on­ly de­s­cri­bes the old me­tho­d. Well, af­ter some "start­pa­ging" (how I call sea­r­ching the in­ter­net) I found a patch and a pull­-­re­quest de­s­cri­bing the new me­tho­d.

For­mer­ly the Ja­va­-­ba­sed "key­tool" was use­d, which prints out some checks­ums the user has to com­pa­re her/him­sel­f. The new tool is Py­thon­-­ba­sed and just says "ve­ri­fied suc­cess­ful­ly".

Whi­le this user­-­fri­end­ly, it lea­ves open how to ve­rify the pro­vi­ded pu­blic key? How to build a chain of trust from the checks­ums pu­blis­hed on the wi­ki to the pu­blic key in­clu­ded in the­new tool­'­sa­r­chi­ve? Here is how­-­to.

The ba­sic idea is to ex­tract the pu­blic key from an in­stal­la­ti­on ar­chi­ve we could ve­rify using the old me­thod and check if the pu­blic key in the new tool­'s ar­chi­ve mat­ches the one used in the old in­stal­la­ti­on ar­chi­ve.

In de­tail:

  1. Dow­n­load and ve­rify an­in­­sta­l­la­ti­on­a­r­chi­­ve using the old me­tho­d, e.g. li­­nea­­ge­­-­­14.1­­-­­20180803­­-­­­night­­ly­­-­­i9100­­-­­­si­g­­ne­d.­­zip

  2. Get the checksums from https://wiki.lineageos.org/verifying-builds.html respective commit 8dca5e117efc77be9bfcfeb39c6f69c1dce041ed (which as far as I can tell was the very first commit of this wiki-page and thus shall be our trust anchor). Define shell-variables to have them at hand:
    SHA1=9B:6D:F9:06:2A:1A:76:E6:E0:07:B1:1F:C2:EF:CB:EF:4B:32:F2:23
    SHA256=51:83:25:EF:7F:96:C0:D1:19:4C:2E:85:6B:04:0D:63:61:66:FF:B8:46:71:7D:72:FA:87:F4:FA:E5:BE:7B:BB

    You may want to pick the va­lues from the afo­re­men­ti­o­ned links so you don­'t need to trust me.

  3. Extract the X.509 certificate from the installation archive
    unzip -j lineage-14.1-20180803-nightly-i9100-signed.zip META-INF/com/android/otacert
  4. This will ex­tract the cer­ti­­fi­­ca­te ota­­cert in­­to the cur­rent di­rec­to­ry (un­­zip -j means: junk paths).

  5. Manually verify the fingerprints using different methods
    echo $SHA1 | tr -d ':' ; \
    openssl x509 -fingerprint -noout -in otacert | sed 's/.*=//' | tr -d ':' ; \
    openssl x509 -outform DER -in otacert | sha1sum --binary | tr '[:lower:]' '[:upper:]'
    
    echo $SHA256 | tr -d ':'  ; \
    openssl x509 -outform DER -in otacert | sha256sum --binary | tr '[:lower:]' '[:upper:]'

    Li­ne 1 will print the SHA1 check­-­sum pi­cked from the wi­ki with co­lons re­mo­ve­d. It­'s ea­ser to re­mo­ve the co­lons then in­ser­ting them in li­ne 3. Li­ne 2 will print the SHA1 check­-­sum using opens­sl x509 -fin­ger­print, again co­lons re­mo­ve­d. This li­ne is ba­si­cal­ly to ve­rify our li­ne 3 is cor­rec­t. And li­ne 3 cal­cu­la­tes the SHA1 check­-­sum using the tool sha1­sum.

    Li­nes 5 and 6 ba­si­cal­ly do the sa­me, just using SHA256 check­-­sums. I did not find a way to ma­ke opens­sl x509 -fin­ger­print use SHA256 check­-­sums. This is why this step is miss­ing here and why I'm using the ex­ter­nal tools at all.

  6. Now we ha­­ve ve­ri­­fied the cer­ti­­fi­­ca­te wi­thin the in­­­sta­l­la­ti­on ar­chi­­ve is the cor­rect one. Fi­­ne.

  7. Ex­tract the pu­blic key from the cer­ti­fi­cate and con­vert in­to for­mat used by the pu­blic key pro­vi­ded in the new tool­'s ar­chi­ve:

    openssl x509 -in otacert -noout -pubkey | openssl rsa -pubin -RSAPublicKey_out > otacert.pub
  8. Check if the two files are the sa­me

    diff otacert.pub lineageos_pubkey && echo okay
  9. q.e.d.

For re­fe­rence, here is the ota­cer­t.­pub fi­le:

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEApk3T4fhCA4/wP2e46b8JUw/CkTy1PjZUx47CDbyLHnETYoylq8CG
BWDLRCwbUfmLbc5eWcSQN/J/ZPSK7wSQq5kQbwgHohMOGos6rNg05lbwhUtgJne2
bAB7FMLQwo0NxhNB3mSNh521mp554SiIcxo7scYftY9yWsBx3hK2EJPezFaFrCR0
zuLPIvDkS/IIQQ2RxdH2CqeUVUiCK611anDg/hfIPzXl+lm+TdK0RgSPm0IzIYb/
CqR+05whDen9mBxVcZ7I8wyqxEFcIWBfE/V9Ds3waCxITpRWdI3r6A4vLgsc9H+5
XZL/9Gc+FvY3gfOyx81LkEBBq+td+FBZmQIDAQAB
-----END RSA PUBLIC KEY-----
Portrait von Hartmut Goebel

Hartmut Goebel

Diplom-Informatiker, CISSP, CSSLP, ISO 27001 Lead Implementer

Haben Sie noch Fragen?
Anruf oder Mail genügt:
  +49 871 6606-318
  +49 175 29 78 072
  h.goebel@goebel-consult.de