this post was submitted on 19 Oct 2024
6 points (100.0% liked)

Privacy

1 readers
16 users here now

Everything about privacy (the confidentiality pillar of security) -- but not restricted to infosec. Offline privacy is also relevant here.

founded 1 year ago
MODERATORS
 

GrapheneOS version 2024101801 released:

https://grapheneos.org/releases#2024101801

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/16564-grapheneos-version-2024101801-released

#GrapheneOS #privacy #security

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 3 weeks ago (1 children)

@daedaevibin It's not a partition. It gets flashed to the secure element via an API provided by the secure element. The fastboot firmware implemented support for flashing it via the image flashing interface. There's also not actually a bootloader partition but rather those are containers with images nested inside. There a whole bunch of boot firmware images flashed to separate partitions from bootloader.img. An over-the-air update has them as separate images, not bundled into the bootloader.img.

[–] [email protected] 1 points 3 weeks ago (1 children)

@[email protected]

> would love to see GrapheneOS develop further and be properly allowed to pass play integrity API.

We fully preserve the privacy/security model and then substantially improve it. We use all of the same hardware-based security features as the stock Pixel OS but also a lot more including MTE (hardware memory tagging), PAC/BTI for userspace too, hardware-level disabling of new USB connections, USB data and the overall port for our USB-C port control feature and other features.

[–] [email protected] 1 points 3 weeks ago

@[email protected]

GrapheneOS fully supports hardware-based attestation. Google is entirely capable of verifying a device runs the genuine GrapheneOS releases:

https://grapheneos.org/articles/attestation-compatibility-guide

Play Integrity API has nothing to do with security regardless of how it's marketed. It allows a device to pass if it hasn't received security patches for 8 years. All it does is check if it's a Google certified device and tries to stop spoofing within constraints of allowing highly insecure, ancient devices to pass.