GrapheneOS The link should have been https://grapheneos.org/features#two-factor-fingerprint-unlock now but it used to be https://grapheneos.org/features#Two-factor-fingerprint-unlock so we have a redirect for the capitalized variant. Fragment redirects cannot be implemented in HTML or server-side so it's only of the few things we use JavaScript to implement
Oh alright, I see.
GrapheneOS Perhaps @Dumdum has JavaScript disabled.
Perhaps yes.
GrapheneOS Perhaps @Dumdum has JavaScript disabled.
Correct, nevermind my comment then.
GrapheneOS World Class! We are so grateful for Graphene OS, thank you!
Should I still use a regular password for protection in addition to fingerprint with second factor PIN?
Thanks for your amazing contribution to security and privacy worldwide! I'm so happy and grateful you guys exist!
Thank you very much for your hard work
i feel personally safer and thank you for protecting journalist and activists world wide
GrapheneOS For example, we plan to add a toggle for essentially toggling off Device Encrypted data.
could someone please explain what this means? I mean as in toggle off that my data is getting decrypted automaticaly?
Again the team always doing things others can't or just simply are not willing to.
This project is amazing. The security and privacy community we are is so lucky to have this.
To all : please consider donation, even a few bucks, for supporting this essential and valuable work !
could someone please explain what this means? I mean as in toggle off that my data is getting decrypted automaticaly?
Data blocks and filenames for data in users is encrypted with per-user keys based on their primary lock method, which is the Credential Encrypted (CE) data. A small subset of data is stored globally outside of users including global device settings, installed packages and Wi-Fi networks. This allows the device to partially function after reboot in the Before First Unlock state. Apps can go out of the way to implement special Direct Boot support for a subset of their functionality and specifically store data in Device Encrypted (DE) storage to support this mode. For example, the GrapheneOS System Updater supports this to download/install OS updates in Before First Unlock state.
We plan to add a toggle for requesting the Owner PIN/password in early boot and using it for Device Encrypted data, largely making it the same as Owner Credential Encrypted data. The overall metadata blocks where the encrypted filenames are stored are also Device Encrypted, with the filesystem structure including file sizes.
GrapheneOS For ARMv9 devices, we greatly improved our hardware memory tagging implementation in hardened_malloc, deployed it for the Linux kernel allocators and greatly expanded the use of PAC and BTI across the OS.
Would this be something you could port to Armv8 for the pixel 8 line?
It is hardware dependant
n2gwtl 8th/9th generation Pixels are ARMv9 devices and have the optional hardware memory tagging feature (MTE). GrapheneOS began using hardware memory tagging on 8th generation Pixels shortly after they were released. It's still not deployed by other general purpose operating systems in production, let alone with a comparable implementation to ours.
