Replying to Avatar MetropleX [GrapheneOS] ⚡🟣

There isn't currently a usable open hardware SoC, Wi-Fi radio, cellular radio, SSD, touchscreen, etc.

Running an open source OS doesn't make hardware open. Using an open source late stage boot chain (coreboot, etc.) doesn't make the firmware open, as that's a tiny part of it and it still begins from closed source hardware/firmware.

Having the sources for an open hardware SoC doesn't mean you can simply build it yourself. You need a manufacturer to build it for you, and their manufacturing process will be closed source. The end result is not really open, and even if it was, individuals in the main couldn't verify that it is.

Pixel phones uses their open source Trusty OS for the TEE (TrustZone) and secure core (core in SoC which talks to secure element). Pixel-specific variants of Trusty OS are not published yet, as far as we know, but we may just be missing where they publish it (unlikely though).

Secure element has https://opentitan.org as an open source project. Titan M2 is a RISC-V core sharing a lot with this, but similarly the Pixel-specific code isn't published yet. They said they'd publish it but it's takign a long time to do it. ARM NDA likely blocked it before.

GrapheneOS goes a long way toward not having to trust the hardware, any compromise of it, would then also require a further OS based exploit to compromise your data. There does not exist any disclosed exploits for GrapheneOS and we are a high value target.

Avatar
DataNostrum 2y ago

Interesting, thank you. I will try to learn more about what is inside the Pixel. Can you explain (in layman's terms) why GrapheneOS does not need to trust the hardware?

Reply to this note

Please Login to reply.

Discussion

Avatar
MetropleX [GrapheneOS] ⚡🟣 2y ago

Not that GrapheneOS does not need to trust the hardware we evidently do by releasing our OS on and using it.

As anyone would have to, along with the OS in choosing to use it, just as with any hardware/software. However I was referring to trust that it hasn't been compromised.

The simplest way is to direct you to our features page:

https://grapheneos.org/features

As well as how we use Hardware attestation to ensure the system has not been tampered with, info for which can be found here:

https://attestation.app/about

The majority of which is only possible with the industry leading secure hardware provided by the Pixel platform.