Correct, regards the Pinephone:

Pinephone has no secure element. Lacks secure element features deeply integrated into Android Open Source Project such as the hardware keystore, disk encryption key derivation throttling and insider attack resistance for the secure element. GrapheneOS makes even more use of it.

Pinephone has almost none of the expected hardware security features. It has an insecure SoC configuration, no secure element, no capability of providing Wi-Fi anonymity, no possibility of providing proper security support due to the chosen components and further problems.

Pinephone is not open hardware and doesn't have open firmware despite many misleading claims about it. There's no open source baseband firmware available but rather an open source OS for loading proprietary baseband firmware.

The Pinephone baseband with the open firmware is really no more open source than a mainstream Android phone with an open source rild and other services in the OS. It's presented as a breakthrough and unique feature but what's being replaced doesn't exist on a mainstream phone.

GrapheneOS priority is avoiding the device being compromised in the first place. Pinephone has very poor hardware, firmware and software security. Radio firmware can't be kept properly updated. Operating systems for it lack modern security model with proper sandboxing and MAC/MLS, etc.

We're unwilling to make substantial security sacrifices to have broader hardware support which is why we focus on Pixels. Pixels offer far better security than other Android phones and the Pinephone offers far worse security than a typical Android phone which is why for example we can't support it.