xxx Brute force attacks are always prevented by the secure element's throttling if you have at least a random 6 digit PIN. The throttling is explained here:
https://grapheneos.org/faq#future-devices
This throttling is implemented by the secure element and therefore cannot be bypassed by restoring OS data on the SSD or exploiting the OS, unlike an OS-based counter for unlock attempts. Bypassing this requires a secure element exploit, which is astoundingly more difficult than an OS exploit to the point that Cellebrite has not figured it out for the Titan M2 (Pixel 6 and later) yet even with an older version. They did figure it out for the Pixel 2 NXP secure element and Titan M1 (Pixel 3 through Pixel 5a). They bypassed it on Samsung phones and Apple's comparable feature up until the iPhone 12 too. They'll likely bypass it on newer Pixels and iPhones eventually. If you want to prevent brute force even if an attacker exploits the secure element, you need a strong passphrase, which we'll be making more usable without resorting to fingerprint-only secondary unlock via 2-factor fingerprint unlock support where you can add a PIN to it.
Duress PIN/password is an OS feature without secure element support. An attacker successfully exploiting the OS can try the duress PIN/password without risking a wipe since they can control the OS. In theory, the secure element could implement duress PIN/password support by having a 2nd authentication token for each Weaver slot which wipes the Weaver token instead of providing it. There's no way for GrapheneOS to implement this without having our own hardware where we can add secure element features. We can explicitly document this in the future usage guide section.