GrapheneOS I should be more specific. I have been on the market for a new computer for some time, and I cannot decide between another macos laptop or the framework desktop. I have looked at this site which covers full disk encryption, TPM 2.0, systemd-boot, and secure boot. I thought if I enabled all of this on Fedora, I would have a reasonably secure system without all of the Apple privacy concerns.

      n2gwtl Fedora on a Framework laptop will provide essentially zero physical security with no protection against data extraction after you've entered the encryption passphrase. It will only protect your data while the device is powered off. macOS on a Mac will provide far better physical protection. macOS will also be harder to exploit.

      TPM 2.0, systemd-boot, and secure boot

      The implementation of secure boot and attestation by both that hardware and the OS (Fedora) is incomplete and insecure. It provides no real world security benefits. It neither provides against attacker persistence after exploitation or physical attackers. It's work towards real security features without getting to the point that it actually works. It's similar to locking your front door on a house where there are no walls, just a wooden frame people can step through. It does not deter an attacker.

        Locart According to this specialist

        He is not a specialist and his video contains errors, that said, he seems to be acting in good faith, yes a modern iPhone is pretty good when it comes to security (much better than most Android devices) and he cites GrapheneOS as the best solution currently, he says he'd rather make a dedicated video of it, which will probably also contain errors.

        The comment section is 99.9% full of nonsense and inaccuracies.

            Xtreix What does the video contain as an error? This is not a comparison with GrapheneOS.

                n2gwtl I should be more specific. I have been on the market for a new computer for some time, and I cannot decide between another macos laptop or the framework desktop. I have looked at this site which covers full disk encryption, TPM 2.0, systemd-boot, and secure boot. I thought if I enabled all of this on Fedora, I would have a reasonably secure system without all of the Apple privacy concerns.

                As it looks, Cellebrite has relied solely on USB exploits when attacking Android. Most traditional Linux desktop distributions, including Fedora, does not implement any security against USB exploits at all. The only desktop operating system I am aware of with strong USB security is QubesOS. QubesOS protects against USB exploits to a similar degree as GrapheneOS, it is a very adequate protection. QubesOS also offers some protection against you unknowingly plugging in a malicious USB device when your screen is unlocked, which GrapheneOS does not. USB security was a primary design goal for QubesOS.

                Still, you shouldn't expect that much physical security on a desktop computer while it is running and your encrypted disk is unlocked. Phones have always been far ahead in physical security, since the likelihood is far higher that a phone gets taken while powered on. Computers are usually only located in trusted places while powered on, such as your home or workplace. Phones you always carry with you, while they are powered on. So there have never been much priority to implement strong physical security for computers, as there have never been the same need for it. This means, the hardware and firmware itself often lacks support for implementing proper physical security in the desktop world.

                Solution, power off your computer whenever you don't use it, so that the disk encryption key gets unloaded, and all your files become inaccessible without knowing your passphrase.

                    ryrona Thanks for the perspective. I would like to purchase the framework desktop and then an android laptop (maybe coming??) with GrapheneOS for travel.

                      Locart I pointed out in his video that he's wrong about the automatic restart after 72 hours without user lockout, this isn't a Google feature, GrapheneOS introduced it around 2021 (I'm not sure of the date), the timer was set to 72 hours then reduced to 18 hours, Apple did the same thing then recently. I don't know if current stock Android (or Pixel OS) Pixels support auto-restart.

                      Don't get me wrong, his video is pretty good I think, he doesn't make any sensational speeches and you can see he's done some serious research, I thought I'd seen another mistake but I left it.

                        Locart Cellebrite's current documentation shows they can exploit iOS 18 and later versions. Cellebrite is also only one of the organizations developing these kinds of exploits. We have access to later documentation than July 2024, we just don't plan to publish it anymore to avoid the leaks to us being closed.

                            ryrona QubesOS doesn't protect against USB exploits while locked to the same degree as GrapheneOS because the USB controller and USB guest can be exploited. Containing the attacker to the USB controller and to a virtual machine for handling USB isn't comparable to eliminating most of the attack surface. The attacker getting code execution in the USB controller or a virtual machine is much more than not having something to exploit.

                            GrapheneOS provides much stronger protections against USB drivers being exploited. QubesOS provides much better containment and access control for USB. We do plan to add USB peripheral access control for users but it needs to avoid destroying usability. It's lower priority than a desktop/laptop due to how they're used.

                            Laptops / desktops don't have serious physical security so USB exploits are really not needed for exploiting them after the encryption passphrase is entered.

                                GrapheneOS Cellebrite's current documentation shows they can exploit iOS 18 and later versions

                                What sense is there to be afraid of Cellebrite if they use these vulnerabilities only to read the encrypted file system image? But the file system remains encrypted. A password longer than 10-15 characters does not even make sense to brute force. They cannot bypass password protection even on the Samsung S20 etc. All attempts to prevent access to the USB port are attempts to prevent reading the file system image, but no one will brute force a password longer than 10 characters. A good password, updating the system and rebooting the phone for a few hours - completely makes the phone invulnerable on any version of the latest OS. Sorry for my bad English

                                    Alllus Their give them access to essentially all of the data on the device for devices in the After First Unlock state which is the typical situation.

                                    They cannot bypass password protection even on the Samsung S20

                                    They can bypass passwords with brute force since people usually don't set strong random passphrases. Samsung devices do not successfully block brute force like modern iPhones and Pixels are doing successfully with their secure elements.

                                    All attempts to prevent access to the USB port are attempts to prevent reading the file system image

                                    No, that's not what they're doing. They're exploiting the device to gain control over it and access everything the OS can access, which is essentially everything on the device in After First Unlock state.

                                    A good password, updating the system and rebooting the phone for a few hours - completely makes the phone invulnerable on any version of the latest OS.

                                    Rebooting most Android devices doesn't clear the memory. People also often don't get a chance to reboot or power down in these situations even if they know that's a good idea.

                                    Our locked device auto-reboot feature automatically returns the device to the Before First Unlock state in combination with other features for zeroing memory, etc. Before that, the device still needs to defend itself from being exploited.

                                    Aside from that, a password is hardly immune to brute force unless you use something like 6+ random diceware words or 18+ random letters/digits.

                                        GrapheneOS Aside from that, a password is hardly immune to brute force unless you use something like 6-8 random diceware words.

                                        Do you think that the police will do BruteForce PIN code of more than 10-15 digits BFU State? Even Oxygen Forensic Detective does not see it appropriate to hack a PIN code of more than 9 digits. All BruteForce templates are designed for a graphic key (up to 9 points) and PIN code (up to 9 digits). Everything else is months and years. The criminalistic police department has hundreds of smartphones for analysis per week ...
                                        In addition - it makes no sense to reboot in a few hours, if the UFED - is a mobile portable device and the dump of your owner’s phone will be extracted immediately during a police search of the apartment (in AFU State).

                                        The user of the phone that has with important data - must do all efforts to turn off the phone before his return to the police. With one button or gesture of the finger. Any options.

                                        P.S. Support for Pixel 8 and 9 (Physical Dump ( ADB(Rooted) ), File Dump (Android Backup, APK Downgrade), Logical (Apps Data, Phone book, Call logs, SMS etc) ) added to the UFED version 7.72 (release from 2024-10-31).

                                        GrapheneOS - nice security OS, but no Applepay/Gpay method payment(((. Its very important minus for me..

                                            Alllus

                                            In addition - it makes no sense to reboot in a few hours, if the UFED - is a mobile portable device and the dump of your owner’s phone will be extracted immediately during a police search of the apartment (in AFU State).

                                            Cellebrite Premium doesn't have exploits which work with GrapheneOS with a patch level later than mid-2022. The purpose of the locked device auto-reboot feature is getting the device back to Before First Unlock state before they develop exploits for a current GrapheneOS and Pixel firmware release. It defends against future exploits.

                                            The user of the phone that has with important data - must do all efforts to turn off the phone before his return to the police. With one button or gesture of the finger. Any options.

                                            We provide strong defenses against exploitation combined with getting the device back to Before First Unlock state. Whether or not people manage to reboot to turn it off, GrapheneOS does a great job protecting their data.

                                            https://discuss.grapheneos.org/d/20401-grapheneos-improvements-to-protection-against-data-extraction-since-2024 is a thread about recent improvements to the defenses.

                                            https://discuss.grapheneos.org/d/20402-cellebrite-exploits-used-to-target-serbian-student-activist is a thread about a recent example where GrapheneOS blocks all the exploited vulnerabilities for locked devices. It prevents one from being exploited even unlocked and the other 2 would be much harder to exploit due to the generic memory exploitation protections.

                                            P.S. Support for Pixel 8 and 9 (Physical Dump ( ADB(Rooted) ), File Dump (Android Backup, APK Downgrade), Logical (Apps Data, Phone book, Call logs, SMS etc) ) added to the UFED version 7.72 (release from 2024-10-31).

                                            You're talking about an extraction tool requiring them to already have the PIN/password. We're talking about their exploit products for law enforcement which do not have the ability to exploit modern GrapheneOS in practice, only iOS and Android. We have access to Cellebrite Premium documentation from January 2025 and can obtain more recent documentation if we ask.

                                                GrapheneOS https://discuss.grapheneos.org/d/20401-grapheneos-improvements-to-protection-against-data-extraction-since-2024 is a thread about recent improvements to the defenses.

                                                https://discuss.grapheneos.org/d/20402-cellebrite-exploits-used-to-target-serbian-student-activist

                                                You are very convincing in your arguments! Today, the Pixel 9 order). I have a question - I used the Honor MAGIC 6 Pro (Quallcom Snapdragon 8 Gen 3, MagicOS 9.0 Android 15, with descret security chip S1, MagicOS-8.0-Security-White-Paper.pdf ) and use processes automation - "Macrodroid" on the phone. I provided this application with all possible access. I write triggers under my phone model:

                                                • turning off the phone in 15 seconds when turning off the mobile network (Faraday box);
                                                • blocking the phone when stealing a phone from my hands;
                                                • Turning off the phone within 10 seconds when connecting the USB cable;
                                                • the second factor in the authorization of PIN when unlocking with a finger;
                                                • turning off the phone if not unlocked within 1 hour,
                                                • turning off the phone after 2sec clicking the volume button up and other safety macros.

                                                This is a good set of security addons functions. Therefore, is it possible to use a macrodroid on your OS for extra experiment for me?
                                                My profession is an activist ... And every day it can be dangerous for my work. All information in my phone.

                                                    Alllus I asked Macrodroid to format the phone without unlocking it for a certain period of time, but they didn't agree.

                                                        troika no any problems. Example trigger actions - Run "settings" applet, Enter search "factory reset", click confirm button...

                                                        P. S. Its very simple example.. You can make it more complex. For example, add a screen sensor lock, multiple retries, etc.

                                                          GrapheneOS are you saying, that a pixel 7a with grapheme is less secure than a newer Pixel device? If so, which is the safest device for graphene?

                                                          • de0u replied to this.

                                                              If I bought a Pixel 9. I install GraphenOS, install all Google programs (google translate, Play Market, Chrome, Google Drive, Google Photos and others), completely disable the USB port, set an 18-character password and a fingerprint (for convenience), set the device reboot time to 1 hour. I am not interested in anonymizing the phone. What is important to me is counteraction to hardware complexes UFED, GRAYKEY, etc. Will this be enough? Will this be a protection mode similar to the iPhone downlock mode?