• Off Topic
  • Security & Privacy Hardened Desktop OS Based on ChromiumOS

So for those informed, ChromiumOS follows a similar development model to AOSP:

ChromiumOS (open source) --> Development --> ChromeOS (closed source) --> Public Release

ChromeOS is known for being quite secure (among security researchers, at least) despite desktop security being fundamentally broken. It takes a more mobile-based approach to security to accomplish this. Privacy is still a major concern, however.

A desktop OS that is private, secure, and useful on a wide variety of hardware would definitely become a popular choice.

A project of this type would require using the Linux kernel, at least initially. I understand that the GrapheneOS developers want to move away from this. It would also require some reliance on GNU software.

I know that the GrapheneOS developers are very busy, so I'm just offering this as a suggestion.

Here are some possible features:

  • Hardened memory allocator

  • Stronger full-disk encryption

  • A stronger verified boot chain

  • Play Store compatibility layer

  • Wi-Fi Privacy

  • Removal of telemetry & included Google apps

  • Kernel hardening

    ___

    A few things I think are important to consider here:

    There are already other privacy-focused desktop OSs, so not sure those who use those OSs would want to switch to a GrapheneOS desktop build. People who like to write software, etc. can't really use a mobile OS to do their work.

    From what I've read, GOS devs seem pretty confident that the upcoming Pixel Tablet could be a supported device. Though, that remains to be seen, of course. If GrapheneOS works on the upcoming tablet, it would be close to what you're proposing.

    GrapheneOS uses firmware released by Google. I haven't checked, but do Chromium devices have the same thing going on? If not, GrapheneOS devs would have to write firmware from scratch to support these additional devices. And even if firmware was released by Google, would everything cooperate with Android smoothly?

    Would these devices meet GrapheneOS's requirements written about here: https://grapheneos.org/faq#future-devices?

      unwat
      Many of the privacy-focused desktop OSes have significantly reduced functionality and poorly-designed UIs. Popular Linux distributions don't count in this instance, since their security is questionable.

      The extreme variety of devices that support ChromeOS and could also support my proposed OS is a very valid point. GOS devs obviously have very specific hardware requirements. I'm not sure if laptops allow for hardware-based isolation of Wi-Fi, GPU, encode/decode, etc. I wouldn't doubt that such a thing exists, however.

      As far as I'm concerned, the firmware (for Pixel devices at least) is part of the AOSP, so telemetry can be removed. I'm not sure how this works on Chromebooks.