Not so much of a storm as a heavy shower...a lot of updates and information in these exchanges over the last couple of days on one of our favorite cellphone security favoring OSes.

GrapheneOS (@GrapheneOS)
We want to support more than Pixels but Pixels set standard on privacy & security quite high. We’re not willing to make huge sacrifices and encourage people to use something with serious security flaws and support issues. Belongs as an unofficial port unless it’s solid hardware.
Nitter
Graphene used to support Samsung and Nexus phones, but now only officially supports the Pixel.
Perhaps @GrapheneOS can weigh in with the rationale.

@GrapheneOS
Pixels are by far the most private/secure hardware that's available. There's not much point in a secure OS on top of firmware/hardware with bad privacy and security. Most devices have numerous problems including not even having the basics like ongoing full security updates.

It's explained in the documentation grapheneos.org/faq#device-su…. Also, people can make unsubstantiated claims of backdoors in the hardware produced by any vendor and without any evidence or reasoning behind it, that's not at all interesting / compelling. What do you suggest instead?

GrapheneOS Frequently Asked Questions
Answers to frequently asked questions about GrapheneOS.
GrapheneOS

We don't think there are currently other devices with support for installing an alternate OS with important hardware security features including verified boot, attestation, various secure element features including the hardware keystore and key derivation throttling, etc.

Most device tend to lack basics: full security updates for all the firmware and device support code, proper IOMMU isolation for all the components, Wi-Fi anonymity including proper support for MAC randomization in the hardware/firmware + randomized minimal probe requests, etc.

So, for example, we know that OnePlus has serious design/implementation flaws in their verified boot implementation, a bunch of missing security patches in their updates, lack of a secure element and lots of other cut corners. Their focus is not security and that's loud/clear.

One of our full-time developers started out with an unofficial port of GrapheneOS to OnePlus devices, although they've gradually been re-focusing almost entirely on Pixels. We've tried to support other hardware but it's really bad. OnePlus in particular is a hopeless cause.

You think something like the Pine Phone would ever be viable?

It's just more proprietary hardware from a sketchy vendor and is missing most of the security we expect from devices. We're going to use the hardware that's secure and provides the required functionality rather than sketchy hardware marketed as better that's actually much worse.

It's not open hardware and doesn't have open firmware. They've made a bunch of highly misleading claims / statements about that, but it doesn't change the reality of what it is. It's a super cheap, sketchy device cutting corners on security and is missing a lot of what's needed.

We want to support more than Pixels but Pixels set standard on privacy & security quite high. We're not willing to make huge sacrifices and encourage people to use something with serious security flaws and support issues. Belongs as an unofficial port unless it's solid hardware.

There will eventually be other options for us to target. It probably isn't going to come from shady companies trying to profit off the privacy/security niche while offering something way worse. Little reason to think they'll start caring about actual security and acting honestly.

Keep an eye on stuff like opentitan.org/, raptorcs.com/TALOSII/, sifive.com/, etc. but bear in mind that something being open doesn't make it more secure and even the projects/products doing the real thing with a fully open design still aren't fully open.

Since they're still made with a proprietary manufacturing process and it's not like there's a way to verify that what you received matches the open source design. At best, you could choose your own foundry, but the end result is not actually something totally open source.

opensource.googleblog.com/20… has a diagram acknowledging the fact that even a fully open source secure element design is not really going to be completely open hardware since it has to be manufactured and those processes/technologies aren't going to be open source any time soon.

OpenTitan – Open sourcing transparent, trustworthy, and secure silicon
Today, along with our partners, we are excited to announce OpenTitan—the first open source silicon root of trust (RoT) project. OpenTitan will deliver a high-quality RoT design and integration guidelines for use in data center servers, storage, peripherals, and more.
Google Open Source Blog

Featured Link

GrapheneOs has been covered at length in the Privacy Cookbook curated on decentralize.today by The Privacy Advocate

Privacy Cookbook Ch 5.9.4 Cell Security Calyx v Graphene
More than a few people around me are waking up and realising that the simplecellphone is the weakest link when it comes to privacy. I’ve reported about GrapheneOS in the past and use it as my personal dailydrive. GrapheneOS - A phone free future? Privacy & Security MatterMy entire life (itsee…
Decentralize.TodayPrivacy Advocate
💬
We publish a daily dose of decentralization here every day (UTC+8), for additional daily updates follow us on Mastodon, Twitter, Telegram or Element(Matrix). Please like & share all our output. We rely on User-Generated Content so why not write for us and since we try to avoid ads and sponsorship, why not donate to help us continue our work - all major cryptos accepted. You can contact us at decentralize.today and at blog@decentralize.today
Share this post