this post was submitted on 23 Feb 2024
17 points (100.0% liked)

GrapheneOS [Unofficial]

1713 readers
1 users here now

Welcome to the GrapheneOS (Unofficial) community

This feed is currently only used for announcements and news.

Official support available on our forum and matrix chat rooms

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.

Links

More Site links

Social Media

This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

founded 3 years ago
MODERATORS
 

We provide an official list of hardware requirements based on current generation devices:

https://grapheneos.org/faq#future-devices

These are the current hardware features we consider important enough to be listed as mandatory requirements. They're all current features, not planned/future ones.

Other than proper updates, the most important feature on the list is the ARMv9 Memory Tagging Extension (MTE) launched with the Pixel 8 and Pixel 8 Pro. MTE is currently exclusive to GrapheneOS since the stock Pixel OS only provides it as a development option with major caveats.

There are a lot of misconceptions about smartphone security including the widespread misconception that cellular radios aren't isolated. Cellular radio isolation is one of the features on this list which is near universally available rather than Pixel exclusive like MTE support.

Cellular radio isolation was implemented on the first two devices we supported (Nexus 5 and Galaxy S4). Since we started, nearly all of the weaknesses discovered with cellular radio isolation have been OS bugs where an attacker could exploit a driver/service to compromise the OS.

We've never supported a device without cellular radio isolation. On the other hand, before Pixels, the devices other than the Nexus 5X lacked Wi-Fi radio isolation and gave it access to all memory. That issue has been solved on most smartphones but remains on laptops/desktops.

There are several niche phones with a cellular radio connected via USB marketed based on falsely claiming mainstream devices lack cellular radio isolation. USB protocol has a massive amount of attack surface and also allows acting as a keyboard, mouse, display, speaker, etc.

In reality, connecting a poorly supported, less secure radio via USB is much worse than the status quo.

Also, Snapdragon having cellular, Wi-Fi, Bluetooth and GNSS integrated into the main SoC doesn't make it less isolated than Pixels using 3 separate radio chips from the SoC.

The only issues we have with Snapdragon are the lack of MTE support and their tendency to use their own proprietary approach to everything such as not using pKVM for virtualization, not using AOSP PSDS, not implementing SUPL in the OS, etc. Only the lack of MTE is a real blocker.

top 2 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 3 points 8 months ago (1 children)

Fair phone would be best for graphene... They should step up their game, although they just plan to use their open fair phone os which is inferior to graphene...

[โ€“] [email protected] 1 points 8 months ago

Fairphone would need to meet the requirements for running grapheneOS ... Hopefully someday they step and do such.