English

Has anyone tried to build GrapheneOS for FP3?

Hello,

the GrapheneOS seems to be the gold-standart for mobile privacy and security.

Has anybody experience using it on the FP3, or any FP whatsoever?

Many greetings
-Hendrik

It requires some security chip on the Pixel phones. The authors of Graphene said the FP3 doesn’t have the required hardware.

I suspect Google designed the Pixel to suit the specifications for government and corporate buyers, so has some sort of hardware encryption technology.

That’s not to say you couldn’t get it to work with a lot of fiddling around (ie, kernel modifications etc). I have a used Pixel turning up tomorrow which I am going to dabble with Graphene on.

3 Likes

Hi @gilesjuk,

That sounds great. Please consider describing your experience at some point. It is strange, that google builds the most secure phones. If it is only this one chip missing, might there be a chance, FP will implement it?

Many greetings
-Hendrik

I’m only going to install it on a Pixel 4 and see what it is like. I’m doing the same with Ubuntu Touch on a Nexus 5.

The chip in question is a Titan M. Other Android phones have something by ARM. iPhone has its own proprietary chip. It’s mostly for storing personal data securely, so fingerprints, face ID and card details. But it is also involved in booting the OS, so I’m not sure if it would prevent you loading an alternative OS and then locking the bootloader.

The Graphene people seem to have a method to lock the bootloader again. My question here would be: How do we know, that google does not grab our data through Titan M? Have the GOS people figuerd this out? They seem pretty confident about it.

What I am really hoping for is proper open hardware in a not too distant future.

1 Like

:rofl: Such an amusing oxymoron… :rofl:

@dornhe

That comes at a price though, have you read some about the Purism– Products?

2 Likes

Hi @Patrick1,

nice one :laughing:

Yes, I have. I am not so sure about the Purism Phone. Might need to check out its actual security features. You know, it is not always “What they say is what you get”. But it es very expensive, ~800$.
Concerning the purism notebooks: I do not care for them. They too use intel-cpus with the very nice Management Engine*. They are way too expensive. For every day use I have a very old Lenovo x230, running Arch-Linux and i3-wm. It does everything just fine and comes at a fraction of the price. If i wanted, I could coreboot my x230, which I might do at some point.
Modern CPUs are overrated. You only need them if you do scientific computation, editing or if you want to play the newest “Battlefield”. For your homeoffice work the oldest i5 generation will be sufficient. It is for me at least.

Many greetings
-Hendrik

*This is a small Operating System inside your CPU with full access to your hardware, e.g. the communication devices. The ultimate backdoor.

1 Like

Concerning the purism notebooks: I do not care for them. They too use intel-cpus with the very nice Management Engine*.

It think you cannot mention this without simultaneously noticing, that the Intel ME is by default disabled on all Purism Notebooks.

1 Like

Hi @m4ur1c3,

I am at this moment not sure, what exactly they mean. I know that they use coreboot, as is mentioned in that article and with this you can disable part of the ME, if I recall correctly. But I also seem to remember, that there was still a tiny part of ME left.

In any case I will follow this information. My question is: Did they publish, how they did it?

Many greetings
-Hendrik

Hi @gilesjuk,

the Titan M is a RoC (Root of Confidence) and the security feature, that distinguishes it, is that its architecture is open source. As you already said, it stores passphrases, fingerID, faceID, but also has a random number generator.

Here is the project in question. Now I am thinking, that FP could possibly implement this as their RoC. Wouldn’t that be nice?

Many greetings
-Hendrik

@dornhe There’s no way they would get certification for use by government employees if they did that I guess. They will have had these products independently audited and tested before allowed government use.

Hopefully. When I look at state officials, my hopes die quickly :frowning_face:

Hi @dornhe ,

your are right, there is still a part of ME left. There are a few posts from Purism how they (and others) have worked on disabling, neutralizing and hopefully someday removing ME completely in detail. Haven’t followed this most recently, so don’t know how the state ist 3-4 years after from there.

I think you can find more technically details e.g. in the wiki of me_cleaner.

Hi @m4ur1c3,
Thanks for clearing that up and for the links.
I think you can try to coreboot your device and get a similar result.
Anyways I always think the less eyes the better. But if you can get around paying purism prices
by doing things yourself, then you might want to go for that.

Many greetings
-Hendrik

https://www.coreboot.org/

It does give an extra layer of pleasure to run a google free Android system on google hardware, though. I switched from FP2 to a used Pixel 4 a while ago, and it runs great

Having tried a Pixel 4 XL with Graphene, decided to make that my main phone. Although I compromised on CalyxOS as push notifications and some apps I use need MicroG.

BTW as for why GapheneOS is not supported it’s likey because of the same reasons CalyxOS is not:

The reason is, that the Pixel phones are the most secure phones on the market. They implement the Titan Module which is an open-source RoC.

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.