Option to manually trigger remote attestation

[flawedworld]

useful for debugging

[thestinger]

You can do this via adb shell using adb shell cmd jobscheduler run app.attestation.auditor 0 but I guess you mean as something accessible to users instead of just people who know how Auditor works and the job id of the remote verify periodic job which is 0.

[ghost]

A user-facing option would be helpful, but we should probably add some rate limiting to the attestation backend if we do this.

[taivlam]

Enabling a VPN to be always on is a case when this feature would be useful, if one has remote attestation enabled.

I currently set Mullvad VPN to be always on, so my GrapheneOS devices don't have access to the internet immediately up start up of the Owner profile (on both mobile cellular or Wi-Fi), but the Auditor app always starts up before the device can connect to the internet. So, Auditor frequently states that remote attestation failed upon start up.

I know that eventually Auditor will make another remote attestation attempt in a few hours, which will succeed; but if I want a successful remote attestation result sooner, I manually force stop Auditor (via its Android OS app settings) and then reopen the Auditor app.

This happens currently on Pixel 5a and Pixel Tablet, and also happened when I was using Pixel 4a (before it was on extended support).

[thestinger]

I currently set Mullvad VPN to be always on, so my GrapheneOS devices don't have access to the internet immediately up start up of the Owner profile (on both mobile cellular or Wi-Fi), but the Auditor app always starts up before the device can connect to the internet. So, Auditor frequently states that remote attestation failed upon start up.

I think the VPN app is supposed to implement an API which tells the OS when the internet is available.

I know that eventually Auditor will make another remote attestation attempt in a few hours, which will succeed; but if I want a successful remote attestation result sooner, I manually force stop Auditor (via its Android OS app settings) and then reopen the Auditor app.

It will be faster than that after it fails, since it marks the job as failed and it will retry soon.

[taivlam]

1. I think Mullvad VPN does detect when a device is offline, as the sticky notification in the notification drawer reflects this whenever offline (especially after a reboot).

2. Since my last post, I've started to pay attention to Auditor when my devices had been offline for a bit (due to either rebooting or being in airplane mode) and I noticed that Auditor checks somewhat more quickly on the Pixel 5a and Pixel Tablet. (Though my SIM card is on the Pixel 5a, so it's hard to tell with basically internet basically always being on.) Sometimes Auditor will retry in a rather short amount of time (smaller than 5-10 minutes), especially on Pixel Tablet.
   Also, Auditor will recheck quickly a bit quicker than I remember, even the Pixel 4a without manual intervention (which I described above), though it seems to be a bit slower. (This is probably because Pixel 4a's SoC is overall slower than Pixel 5a or any other newer Pixel devices.) (I happen to have the Pixel 4a around, as Auditor is still supports it.)