Closer yes, but will take different hardware to achieve that.
In the meantime we will be building our OS around similar principles ⚡️
Nice!
Does this get us closer to running nostr:nprofile1qqs9g69ua6m5ec6ukstnmnyewj7a4j0gjjn5hu75f7w23d64gczunmgpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43q4gnztg?
Discussion
That's great to hear, well done and good luck!
A short list of useful hardening features that make a serious difference for Graphene:
Zero-on-free with detection of write-after-free via checking that memory is still zeroed before handing it out again. https://github.com/GrapheneOS/hardened_malloc
Turn USB-C to power only (no data) when screen is locked.
Auto reboot after X hours.
Turn off WiFi/Bluetooth after X minutes after disconnect.
Hardened kernal.
Strong commitment to fast updates of drivers, kernal and OS to security patch level.
Dynamic code loading blocked.
More here: https://grapheneos.org/features
Thanks!