When are you going to build your own hardware? I wont want to give google money
🔥 Hello again, new #GrapheneOS Update 2024022600. This time we have a new security feature that's been worked on for a while: USB-C Port Security. This is a significant security enhancement.
This feature allows users of Tensor Pixels (6 and later) to have fine grained controls on USB controller functionality including totally disabling data lines or the port when the OS is in use.
There are 5 modes:
- On (current)
- Charging-only when locked except in BFU (before first-unlock)
- Charging-only when locked
- Charging-only
- Off (which even disables charging while booted into the normal OS mode).
This is different from the previous existing USB control features including the Android 12 USB HAL toggle which only disable high-level kernel functionality which still left all the low-level kernel driver, USB protocol and USB controller attack surface enabled.
Other changelogs:
- kernel (5.10, 5.15): add support for ignoring USB alt modes
- kernel (Tensor Pixels): extend max77759 USB-C controller driver used by Tensor Pixels with support for a sysfs node providing fine-grained control over the USB-C data path at the USB controller level
- Setup Wizard: fix crash for SIM locales not recognized by com.android.internal.app.LocalePicker
https://grapheneos.org/releases#2024022600
#GrapheneOS #Privacy #Security
Discussion
I wanted to know too
We have had a few OEMs who have wanted to work with us but so far none has been able nor willing to follow through on what we want with security requirements. We aren't going to support a device that is less secure than what we support already and if something were to go wrong on that device we will get the blame for their incompetence or lack of ability to provide such security that we were able to use elsewhere.
https://grapheneos.org/faq#future-devices
Other sane OEMs do anticonsumer practices, like Samsung with having an eFuse that breaks security features (and the camera in some models) when you want to use another OS. This shouldn't be a thing, but sadly it is.
We still want more devices and are still looking for OEMs. Buying a device secondhand will stop you giving money to Google as another means. DivestOS is an option for non-Pixel devices who use a small amount but not all of our enhancements, but it's mainly used for harm-reduction for insecure end of life devices.
