Hello, I just randomly found the following page:
https://source.android.com/docs/core/ota/resume-on-reboot
It sounds like an awful feature whereby when the device reboots after an OTA update to boot into the new version of the OS, it boots straight into AFU mode by decrypting the Credentials Encrypted (CE) contents automatically. This feature would break the normal expectation of reboots and the GrapheneOS auto-reboot feature bringing the device into BFU mode with the RAM wiped using the zero-on-free and the new (since version 2025021100) zero-on-boot features, and I don't know how secure this feature is, so it sounds like something the GrapheneOS team would (thankfully?) never implement, but I'm curious what's their stance about this.