🔥 Hello again, new #GrapheneOS Update 2024022600. This time we have a new security feature that's been worked on for a while: USB-C Port Security. This is a significant security enhancement.

This feature allows users of Tensor Pixels (6 and later) to have fine grained controls on USB controller functionality including totally disabling data lines or the port when the OS is in use.

There are 5 modes:

- On (current)

- Charging-only when locked except in BFU (before first-unlock)

- Charging-only when locked

- Charging-only

- Off (which even disables charging while booted into the normal OS mode).

This is different from the previous existing USB control features including the Android 12 USB HAL toggle which only disable high-level kernel functionality which still left all the low-level kernel driver, USB protocol and USB controller attack surface enabled.

Other changelogs:

- kernel (5.10, 5.15): add support for ignoring USB alt modes

- kernel (Tensor Pixels): extend max77759 USB-C controller driver used by Tensor Pixels with support for a sysfs node providing fine-grained control over the USB-C data path at the USB controller level

- Setup Wizard: fix crash for SIM locales not recognized by com.android.internal.app.LocalePicker