logoalt Hacker News

GoblinSlayertoday at 4:47 PM1 replyview on HN

The dichotomy here isn't grapheneos or updates, it's grapheneos or android.


Replies

grapheneostoday at 6:53 PM

GrapheneOS uses all of the standard Android security features including hardware-based security features. It also adds major security improvements including features heavily based on hardware security features which are either entirely unused or barely used by AOSP or the Pixel OS. Heavily using hardware memory tagging, integrating our USB protection with the USB controller and other features are core parts of what makes it GrapheneOS. An incomplete port without all the standard security features or the GrapheneOS added security features isn't GrapheneOS.

GrapheneOS closely follows along with Android releases, Linux kernel LTS revisions and driver/firmware updates. It had an experimental release based an Android 17 after only 2 days of it being released earlier this month. It quickly made it through our testing process with many regressions resolved to our Stable channel. This is part of what makes it GrapheneOS and an incomplete port to another device without the same updates wouldn't be GrapheneOS.

GrapheneOS is open source. People can make an incomplete port of GrapheneOS to other devices using their own project name. It's not a port of GrapheneOS to another device without having all the features and updates.

We phase in new hardware requirements for standard security features and the older generation devices without those are eventually gone. Adding a new device without hardware memory tagging would be far different than still supporting 6th/7th gen Pixels without it since we strongly recommend against buying those devices anymore and they're going to end up end-of-life.