this post was submitted on 19 Oct 2024
6 points (100.0% liked)

Privacy

1 readers
16 users here now

Everything about privacy (the confidentiality pillar of security) -- but not restricted to infosec. Offline privacy is also relevant here.

founded 1 year ago
MODERATORS
[email protected]
6
GrapheneOS version 2024101801 released: (grapheneos.social)
submitted 3 weeks ago by [email protected] to c/[email protected]
16 comments fedilink hide all child comments
 

GrapheneOS version 2024101801 released:

https://grapheneos.org/releases#2024101801

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/16564-grapheneos-version-2024101801-released

#GrapheneOS #privacy #security

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 3 weeks ago (13 children)

@daedaevibin GrapheneOS has always used verified boot as long as it has been available. Why do you think we don't use verified boot? It's clearly listed in our hardware requirements:

https://grapheneos.org/faq#future-devices

We substantially improve the implementation rather than greatly reducing it through the LineageOS changes that are in DivestOS. It doesn't change that none of these is certified by Google. Some of our improvements to verified boot are included on our features page:

https://grapheneos.org/features

[–] [email protected] 0 points 3 weeks ago (12 children)

@daedaevibin The Pixel firmware and driver patches depend on Android 15 since it was released on October 15. Additionally, the full Android privacy and security devices across devices now require Android 15. Only a subset of the patches are backported to older Android releases. If you're using DivestOS on a Pixel, you're not getting current privacy/security patches. It's also a much less hardened OS than GrapheneOS with only a subset of the privacy and security features ported to LineageOS.

[–] [email protected] 1 points 3 weeks ago (1 children)

@[email protected] DivestOS does what they can to undo the reduction of privacy and security caused by LineageOS, which they use for broad device support rather than because it's a good base for a private or secure OS. DivestOS themselves recommends using GrapheneOS if you can afford a device supporting it. Anyway, it's very strange that you would think GrapheneOS was the first alternate OS using it. We've made substantial improvements to verified boot over the standard Android implementation...

[–] [email protected] 1 points 3 weeks ago

@[email protected] It's not clear where you get the idea that we don't use verified boot. That's clearly contradicted across our documentation. If you look at https://grapheneos.org/install/web, https://grapheneos.org/install/cli, https://grapheneos.org/features, etc. you can clearly see we don't only use verified boot but significantly improve it over the standard Android implementation. We also provide our Auditor app using the secure element for hardware attestation using per-pairing attestation signing keys.

load more comments (10 replies)
load more comments (10 replies)