this post was submitted on 02 Jun 2024
33 points (97.1% liked)

GrapheneOS [Unofficial]

1713 readers
1 users here now

Welcome to the GrapheneOS (Unofficial) community

This feed is currently only used for announcements and news.

Official support available on our forum and matrix chat rooms

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.

Links

More Site links

Social Media

This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

founded 3 years ago
MODERATORS
 

Latest release of GrapheneOS finally shipped the long awaited duress PIN/password implementation. If you have a spare device, we recommend trying it out.

We've added initial documentation to the features page:

https://grapheneos.org/features#duress

It near instantly wipes and shuts down.

We've also finally added documentation on our USB-C port control to our features page:

https://grapheneos.org/features#usb-c-port-control

Most users can set this to "Charging-only when locked" without a loss of functionality or even "Charging-only" if you don't use USB accessories, DisplayPort or MTP.

Default is "Charging-only when locked, except before first unlock" to avoid locking users out of devices with a broken touchscreen. The main threat model for this is defending the device until the auto-reboot timer started when the screen is locked gets user data back at rest.

Our upcoming 2-factor fingerprint unlock will make using a strong passphrase as primary unlock method practical via fingerprint+PIN secondary unlock instead of fingerprint-only. Great for people who want to avoid relying on secure element throttling but don't want fp-only unlock.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 5 months ago (3 children)

The pin+fingerprint is super intriguing and exactly what I've been wanting for a while. I am curious about the range of options though. Could you use a pattern with fingerprint? Also, could you have a duress pin+fingerprint in addition to a duress password?

[–] [email protected] 1 points 5 months ago (1 children)

Use the duress pin feature along with Phone Lock app, which disables biometric login for next unlock on sudden gyro movement shock. Thus, enteing into pin/password only mode, where duress feature can be used easily.

[–] [email protected] 2 points 5 months ago

Last time I checked, that app uses accessibility services, which are not recommended by the GOS project. As accessibility services greatly increases attack surface if any app using these services are compromised.

[–] [email protected] 1 points 5 months ago

Also, could you have a duress pin+fingerprint in addition to a duress password?

They are planning to have a second unlock method for After First Unlock in the future.

[–] MajorHavoc 1 points 5 months ago (2 children)

Also, could you have a duress pin+fingerprint in addition to a duress password?

If I read the release notes correctly, I think that's the case. The Duress mode requires setting both a Duress pin and a Duress password, (I think it's) so that no matter the current sign in options, Duress mode is still available.

[–] [email protected] 2 points 5 months ago

That is correct. During setup, you're prompted for both password and pin which allows use with pin or password prompts