Yes. There aren't many Android smartphones that allow you to re-lock the bootloader after installing a custom operating system. Pixels are the only ones officially supporting `avb_custom_key`.
GrapheneOS developers are free to set their bar wherever they like it. It's an independent, non-profit foundation, driven by community contributions. They provide a web-based, hands-free installer. They offer their work for free, and owe nothing to anyone.
Personally, I wish there was an open/libre device on the market that GrapheneOS could target.
Let's start with HW secure element and boot chain verification (IMHO the minimum bar that's met by e.g. a 2013 Thinkpad), then work thru the rest of GrapheneOS' checklist.
Also: Android. If I didn't need Android/iOS apps, I'd be using a Nokia 3210.
Suspicion constantly comes up in this regard, but their site (as linked by another commenter) provides their rationale.
The last cellbrite leaks show it as more secure against attacks from le than the current iphones, and that's more important to me than abandoning google hardware.
Serious question: can you point out some serious complaints? They seem to have an exhaustive justification for their reasons to only support Pixels, see https://grapheneos.org/faq#future-devices
This list always bugged me. If Pixel - for example - starts to introduce security patches slower, they will change this list... or even ignore it. If something more secure comes into the picture, they will change this list, and they will ditch supporting Pixel. If they don't, then it will be quite obvious, that they formed this list only to meet only Pixel's feature list. Also Google can obviously satisfy this list more easily, than any other company, so basically they created a moot for them.
Is there anything about GrapheneOS that limits it to only Pixel devices, or was it just a prioritization decision?
https://grapheneos.org/faq#future-devices
Yes. There aren't many Android smartphones that allow you to re-lock the bootloader after installing a custom operating system. Pixels are the only ones officially supporting `avb_custom_key`.
https://github.com/chenxiaolong/avbroot/issues/299
It is sus as heck and just about everyone in cybersec was complaining about that weird decision.
Go for Calyx or any other android distro, they have zero difficulties in supporting more devices.
GrapheneOS developers are free to set their bar wherever they like it. It's an independent, non-profit foundation, driven by community contributions. They provide a web-based, hands-free installer. They offer their work for free, and owe nothing to anyone.
Personally, I wish there was an open/libre device on the market that GrapheneOS could target.
> Personally, I wish there was an open/libre device on the market that GrapheneOS could target.
You mean, Pinephone and Librem 5?
Let's start with HW secure element and boot chain verification (IMHO the minimum bar that's met by e.g. a 2013 Thinkpad), then work thru the rest of GrapheneOS' checklist.
Also: Android. If I didn't need Android/iOS apps, I'd be using a Nokia 3210.
https://news.ycombinator.com/item?id=45101400
> Also: Android
Waydroid can run Android apps.
Suspicion constantly comes up in this regard, but their site (as linked by another commenter) provides their rationale.
The last cellbrite leaks show it as more secure against attacks from le than the current iphones, and that's more important to me than abandoning google hardware.
Serious question: can you point out some serious complaints? They seem to have an exhaustive justification for their reasons to only support Pixels, see https://grapheneos.org/faq#future-devices
This list always bugged me. If Pixel - for example - starts to introduce security patches slower, they will change this list... or even ignore it. If something more secure comes into the picture, they will change this list, and they will ditch supporting Pixel. If they don't, then it will be quite obvious, that they formed this list only to meet only Pixel's feature list. Also Google can obviously satisfy this list more easily, than any other company, so basically they created a moot for them.
Calyx development has stopped.