Are there any plans to get Edge's JIT-less WASM Interpreter in Vanadium?
Newpipe/Pipepipe (YouTube with no account)
Molly (Signal Fork)
Aegis (2FA)
Florisboard/FUTO/Gboard (Better Keyboard app)
Google Camera (For if you want better photos, there may be a guide for installing it in a privacy respecting way on the GOS Discuss Forum)
Gallery (Much better than the default Gallery app) (https://github.com/IacobIonut01/Gallery/releases)
Yes. Easy installation, informative and supportive community and almost all apps work flawlessly. I have been using it for years without any major issues.
I would recommend the Pixel 8a if you are looking to save and get MTE. If you are gonna to upgrade in a few months the Pixel 9a or a Pixel 10/10 Pro might be worth it.
Do you have specific questions?
Gnome Debian desktop running on my Pixel 6a
https://v.nostr.build/vRonGqS5Vh47bywT.mp4
I installed gnome-core and virgl-server, it just worked 😂 Holy shit! Brilliant work by the GrapheneOS team.
#android #linux
Is there BT/wired controller support/passthrough?
Amnesty International’s Security Lab has a post about 3 vulnerabilities exploited by Cellebrite to extract data from locked Android devices. #GrapheneOS blocked exploiting these vulnerabilities in multiple different ways. We also patched them much earlier.
Each of these is an upstream Linux kernel vulnerability:
* CVE-2024-53104: heap overflow in a Linux kernel USB webcam driver
* CVE-2024-53197: heap overflow in a Linux kernel USB sound card driver
* CVE-2024-50302: uninitialized heap memory in a Linux kernel USB touchpad driver
GrapheneOS blocks reaching any of these vulnerabilities for locked devices through our USB-C port and pogo pins control feature disabling new connections at a hardware level and a software level after locking along with disabling USB data in hardware too:
https://grapheneos.org/features#usb-c-port-and-pogo-pins-control
CVE-2024-50302 is benign on GrapheneOS. For both the kernel and the rest of the OS, we use the combination of use zero-on-free and either zero-on-allocate or a write-after-free check at allocation time. On devices with hardware memory tagging (MTE), it's done as part of tagging.
CVE-2024-53104 and CVE-2024-53197 are both kernel heap overflows in slab allocations. We provide improved defenses against these attacks in multiple ways covered in the kernel section at https://grapheneos.org/features#exploit-mitigations. Our defenses in userspace are far stronger due to hardened_malloc.
We recently enabled hardware memory tagging (MTE) for Linux kernel after over a year of deploying it for userspace via hardened_malloc. It provides an approximation of memory safety which can be improved over time. It requires hardware support exclusive to 8th/9th gen Pixels.
GrapheneOS shipped patches for these 3 vulnerabilities significantly before the stock Pixel OS or inclusion in an Android Security Bulletin through shipping the latest Linux kernel GKI LTS releases. However, what really matters is we prevented them being used before discovery.
We have a recent post at https://grapheneos.social/@GrapheneOS/113961075324902277 covering how we've significantly improved our defenses against forensic data extraction since January 2024. It covers a lot more than what we talked about here and we recommend reading it along with our features page covering more.
Thanks the GrapheneOS devs for their hard work, minimizing threats before they happen.