community ports of GrapheneOS into other devices

someone1223

Just wondering, are there any community ports available for GOS for other devices? Even if not maintained now, were there any attempts? Does anyone in the community plan to do stuff like this?

de0u

someone1223 Just wondering, are there any community ports available for GOS for other devices? Even if not maintained now, were there any attempts? Does anyone in the community plan to do stuff like this?

Personally I am unaware of any such efforts. A big issue is that, so far, non-Pixel hardware is sufficiently less secure so that porting GrapheneOS would result in a much-lower-security OS (see platform security feature list).

A low-security port of a security-focused OS might seem a little contradictory. Obviously there is no rule against such an effort, but it seems plausible that one wouldn't exist.

treequell

The best option for that would be DivestOS. The developer has ported a number of features from GrapheneOS which do not depend on the hardware of the Google Pixel device, and supports more devices.

de0u

someone1223 As mentioned by treequell , DivestOS is an already-available platform, including some security hardening from GrapheneOS, running on many devices. It isn't a port of GrapheneOS, but a port of GrapheneOS to low-security hardware wouldn't really be GrapheneOS either.

someone1223

de0u I believe it can still be more secure than other OS, with it's exploit protection and hardened malloc etc..

GrapheneOS

someone1223 Many of our exploit protections depend on hardware or device support code features. For example, hardened_malloc now provides dramatically more security on devices with hardware memory tagging support at the hardware level which is supported by the firmware. This also depends on the device support code avoiding memory corruption making it incompatible with it. Pixels are officially tested with hardware and software (HWASan) memory tagging, etc. which deals with most but not all of these bugs for us within the base OS and the device support code. Other devices would have a lot more blockers to using our exploit protections while being stable.

missing-root

de0u do they also include

hardened malloc
hardened kernel
sandboxed play support
permission system
auditor app compatibility

? These would be enough I suppose, to have it moderately secure. And agree, it is important to see that GrapheneOS JUST supports Pixels.

The world runs Android and Pixels are a small fraction. So it may not be state of the art, but works. And replacing stock OS on such devices would still work, and be a good alternative.

Example: throwaway phones. Criteria:

resonably private
reasonably secure
easy to verify integrity OR
easily reflash the OS from a trusted machine and restore backup from seedvault (?)

de0u

missing-root do they also include

hardened malloc

On some devices, see the FAQ on the DivestOS site.

If you are interested in DivestOS, I recommend the DivestOS web site, which is detailed. I believe members of the GrapheneOS team have favorably mentioned DivestOS for people interested in some amount of security for devices it isn't possible to run GrapheneOS on.

GrapheneOS

missing-root

hardened malloc

It has it on some devices, but it may be more limited without the 48-bit address space support, etc. Also, no hardware memory tagging.

hardened kernel

Significantly less hardened on most devices.

sandboxed play support

They don't include it.

permission system

They don't include Storage Scopes, Contact Scopes, etc. They include the Sensors and Network toggles but likely not all of the changes to improve them.

auditor app compatibility

No, but we would be willing to support it if they were interested.

The world runs Android and Pixels are a small fraction. So it may not be state of the art, but works. And replacing stock OS on such devices would still work, and be a good alternative.

Most devices either don't permit installing another OS or don't properly support it. They often disable important security features with an alternate OS. Alternate operating systems also often don't properly update the firmware, etc.

If the device lacks the basics like monthly security updates, what's the point?

It should always be expected that people buy a device to use GrapheneOS. Adding a dozen more phones wouldn't change it significantly, and then people would be buying dramatically less secure devices to use GrapheneOS.

resonably private
reasonably secure

Most of the list of requirements at https://grapheneos.org/faq#future-devices is essentially for providing a reasonable level of privacy and security. These are not niche features.

easy to verify integrity OR
easily reflash the OS from a trusted machine and restore backup from seedvault (?)

You don't get the ability to properly reflash to wipe away a compromise without having working verified boot with downgrade protection for the firmware.

Verified boot is not one of the top 5 most important things in that list of requirements. The top 5 most important things on that list in no particular order are the 3 about updates, the 1 about proper alternate OS support and hardware memory tagging. There are other things there that are also more important than verified boot. We consider verified boot with downgrade protection for firmware and the OS to be a hard requirement, but that doesn't mean it's even near the top of the list of the most important requirements. It's a common misconception that lack of verified boot for an alternate OS or broken verified boot is why we don't support other devices, but that's wrong. It's just one of the things that's often missing elsewhere. Proper privacy/security patches is right near the top of the list and is one of the most frequently missing requirements.