I had a look at vbmeta.img and can confirm that test keys are used for Android Verified Boot for the Stock ROM (checked via avbtool).
What does that mean? Probably the Google AVB test key is configured as OEM root of trust for the bootloader … that in theory opens the possibilty to modify the system without triggering the intergrity checks (though it’s not that trivial).
Or is there another mechanism for secure boot that I’m not aware of?
I personally am a bit more concerned that test key are used apparently accidientially then I am about the actual security implifications oft this.
I just checked, builds are still signed with test keys and that’s unlikely to change.
Just imagine the support nightmare it would create if Fairphone suddenly started to sign their releases with a different key. I’m not even sure it’s possible to update the built-in root of trust, no idea
If that’s the case, they’d have to switch to a user-settable root of trust, like some of the custom ROMs are using, which presents the user with a nice yellow warning screen on every boot.
FP support probably won’t be all that helpful here, you’d have to be lucky to get redirected to one of the developers. Either way, this issue is unlikely to get resolved
If I understand this correctly, using publicly available test keys undermines the whole verified boot process. Sounds like a serious security issue which really needs to be addressed by Fairphone…