USB-C Off feature not working corrctly

Anthracite

Hello, I have big problems with the turn off USB-C feature. In theory it is one of the most important features of GOS but practically it's unusable. You should use this feature on your own risk as long as the charging process is not working because my battery life degraded drastically because of the broken charging process.

I am using GOS for a long time now and have always my USBC port disabled for security reasons. I only turn it on manually when I have to transfer files and then disable it again when I am done. But on the newer pixel devices this feature is not working anymore. To charge your phone you have to turn it off and connect it to the cable. Sounds very simple but it is not when the phone starts booting automatically as soon it is connected to a charging cable. So the phone boots up and because you can't charge it when the phone is powered on and the battery is empty it powers off again. When the phone is off it is recognising the charging cable and powers on again automatically. And it just keeps powering on an off this all the time.

At first I thought this is normal but after some months my battery life is now less then a day. I started looking into the problem and after long research and discussions with the community someone helped me to disable the auto power on feature by booting the phone into fastboot mode and use ADB to change the setting fastboot oem off-mode-charge 1. And it finally worked correctly but just for 1 or 2 weeks. Then a system update was released and this method was patched. It is not working anymore.

Can someone finally fix this feature?

Murcielago

Anthracite

I'm not quite sure if I've understood your problem correctly.

But on the newer pixel devices this feature is not working anymore. To charge your phone you have to turn it off and connect it to the cable.

Have you just tried the default setting or "Charging-only" (Settings> Security & privacy > Exploit protection> USB-C Port> Charging-only)?

See:

The default is Charging-only when locked, which significantly reduces attack surface when the device is locked. After locking, it blocks any new USB connections immediately through either USB-C and pogo pins at both the hardware level via configuring the USB controller and also at the OS level in the kernel to provide a second layer of defense. It disables the data lines at a hardware level as soon as the existing connections end which happens right away if there were no USB connections. It also disables USB-C alternate modes including DisplayPort at both the OS and hardware level.

source: https://grapheneos.org/features#usb-c-port-and-pogo-pins-control

Sounds very simple but it is not when the phone starts booting automatically as soon it is connected to a charging cable.

I don't understand why your phone is booting - are you using an app like Wasted that triggers the reboot when you connect an USB cable?

de0u

Anthracite To charge your phone you have to turn it off and connect it to the cable. Sounds very simple but it is not when the phone starts booting automatically as soon it is connected to a charging cable. So the phone boots up and because you can't charge it when the phone is powered on and the battery is empty it powers off again. When the phone is off it is recognising the charging cable and powers on again automatically. And it just keeps powering on an off this all the time.

Just tap the power button to pause booting, and charge it that way.

Anthracite

de0u

de0u To be clear, independent of severity, the issue is a usability issue, not a security issue.

de0u Is the situation that you would prefer no suggestions from this forum when a perfect solution is not available? If so, it is possible that this forum may turn out to be a source of disappointment.

No I'm actually happy about any suggestion. Anybody who can help is welcome I didn't want to sound rude. Primarily this may ba a usability issue but what follows is a security issue. The USBC port is the only physical attack surface and when you can't protect it is I security issue.

Anthracite I started looking into the problem and after long research and discussions with the community someone helped me to disable the auto power on feature by booting the phone into fastboot mode and use ADB to change the setting fastboot oem off-mode-charge 1. And it finally worked correctly but just for 1 or 2 weeks. Then a system update was released and this method was patched. It is not working anymore.

I am actually mad because I already found the right solution. The right solution for this problem is to change a setting via ADB in fasboot mode. fastboot oem off-mode-charge 1. But after I shared this with the community the devs disabled this with an update. If someone knows how I can make this change persistent please help.

Upstate1618 What Pixel do you have? You can report you problem here with steps to reproduce, expected result and actual result.
I think you want to be able to charge your Pixel when it's turned off with USBC set to Off. This should be possible. It might be a bug that your Pixel turns on automatically when it's connected to a charging cable.
Your can also use wireless charging instead.

Good suggestions. I will try the github report next. Exactly I just want to charge my phone when it is off. As i said the solution to that problem is to make the fastboot oem off-mode-charging 1 setting persistent. Wireless charging is also possible I will try that one.

Watermelon

Anthracite The USBC port is the only physical attack surface and when you can't protect it is I security issue.

The 'Off' setting for the USB-C port is implemented properly. I've never heard that the USB-C port setting can persistently disable the port so that it wouldn't work even before GrapheneOS is booted. I also think it's not the intention of the GrapheneOS devs to implement it this way (even if it was possible) because it'd just brick devices, and what's the use of permanently turning off the ability to charge a battery-powered device anyway?

The way it's currently implemented is secure and works correctly because:

The port is enabled before the OS is booted — you can pause the boot on the verified boot yellow warning screen as was suggested, and I think you should be able to hold the volume down button to charge it while it's in Fastboot mode as well. All data (both Credentials Encrypted and Device Encrypted) should be safely locked so there shouldn't be any harm.
The port is disabled while the OS is booted. You can disconnect the cable and reboot your device after it has charged, which would restart the verified boot process with nothing connected in the USB-C port and ensure you're booting a clean unmodified OS to unlock your data (DE) and give it your credentials to unlock the rest of your data (CE). It also clears the RAM. If any evil code executed in your device when the port was enabled before you rebooted, this code should be cleared from RAM and shouldn't exist on the storage.

Anthracite All new Pixel devices boot automatically when you connect them to the power cable and the device is powered off.

I have observed this myself on the Pixel 8, when connected to charging when powered off with 0% battery, it boots the full OS instead of the limited charging mode. I've reported it previously to the GrapheneOS project leader but he dismissed it as a bug or a faulty charger or something (I don't remember exactly what he said, but it's not a big deal). It's a serious usability issue with the 'Off' setting for the USB-C port, but what did you expect from the strictest setting for the charging port of your device? In any case, it doesn't brick the device, because as I said and as was suggested, you can charge it on the verified boot warning screen and should be able to boot it into Fastboot mode by holding the volume down button when you connect it to the charger. And I don't see how it compromises security either.

Anthracite use ADB to change the setting fastboot oem off-mode-charge 1

This sounds way too complicated to me. Have you tried charging it for a minute or two as I suggested above, then disconnecting it from charging, powering it off, and connecting again? This way the battery wouldn't be at 0% when you connect it to charging while it's powered off, so it should boot into the limited charging mode that displays the battery percentage rather than boot the full OS. This is way simpler and cleaner than the unneeded Fastboot hack. All you need is a bit of patience to charge the battery a bit blindly before the limited charging mode.

Anthracite my battery life degraded drastically because of the broken charging process.

Assuming your battery is degraded, it's because you ruined the battery. You're not supposed to keep your phone in a charging boot loop at/close to 0%. Having the battery at its extremes degrades its health, which is why there's a setting to limit charging to 80% to avoid the 81–100% extreme. You should also avoid the 0–19% extreme for the same reason.

Anthracite

Murcielago

Murcielago I'm not quite sure if I've understood your problem correctly.

For clarification there are 5 options in the menu. The most secure setting is turn usb-c port off entirely and that's what i want to use but it is not working. When the usb-c port is turned off entirely you can only charge the phone when you power it off and connect to the charging cable. I have problem with this feature. More information here: https://grapheneos.org/features#usb-c-port-and-pogo-pins-control

Murcielago Have you just tried the default setting or "Charging-only" (Settings> Security & privacy > Exploit protection> USB-C Port> Charging-only)?

Yes I tried the charging only mode and the other modes are working as they should. I am using the charging only mode at the moment because the turn off entirely feature is not working correctly. But I want the usb-c port off entirely. It is very important to me.

Murcielago Sounds very simple but it is not when the phone starts booting automatically as soon it is connected to a charging cable.

No I'm not using any autostart apps and that's exactly the problem. All new Pixel devices boot automatically when you connect them to the power cable and the device is powered off. But with the usb-c port disabled entirely I can only charge my phone when the device is powered off. This makes the disable usb-c port entirely mode usable. Please read here more about the USB-C off mode entirely: https://grapheneos.org/features#usb-c-port-and-pogo-pins-control

Anthracite

de0u

Good suggestion. This might be an option but this is not a satisfiable solution. I can't even see how much my battery is charged. I wrote this post to let the community and the devs know that there is a serious issue with their security feature and to figure out a real solution for this problem. To rely on a temporary workaround is not a solution for me. What if next week the the airplane mode is not working? Do you suggest to tape my mobile in tin foil as a solution? I hope some dev will read this and take it seriously.

de0u

Anthracite I wrote this post to let the community and the devs know that there is a serious issue with their security feature and to figure out a real solution for this problem.

To be clear, independent of severity, the issue is a usability issue, not a security issue.

Anthracite To rely on a temporary workaround is not a solution for me. What if next week the the airplane mode is not working? Do you suggest to tape my mobile in tin foil as a solution?

Is the situation that you would prefer no suggestions from this forum when a perfect solution is not available? If so, it is possible that this forum may turn out to be a source of disappointment.

Upstate1618

What Pixel do you have? You can report you problem here with steps to reproduce, expected result and actual result.
I think you want to be able to charge your Pixel when it's turned off with USBC set to Off. This should be possible. It might be a bug that your Pixel turns on automatically when it's connected to a charging cable.
Your can also use wireless charging instead.

other8026

Anthracite But after I shared this with the community the devs disabled this with an update.

Based on the wording here, I assume you mean GrapheneOS developers? How do you know they disabled this, not Google? I'm not sure, but I think this would be a firmware thing that GrapheneOS developers cannot change.

Anthracite

other8026 How do you know they disabled this, not Google? I'm not sure, but I think this would be a firmware thing that GrapheneOS developers cannot change.

This is possible too. But it has to be a big coincidence that one week after I shared the solution for this problem publicly google releases a patch and disable this solution.

Watermelon

Anthracite The GrapheneOS devs aren't after ruining your day, and Google is a huge company. Extremely unlikely that it's anything but a coincidence.

fid02

Anthracite I'm losing my patience here. There is an open GitHub issue with other people experiencing the

exact

same issue, and it has been concluded that it's likely an upstream bug: https://github.com/GrapheneOS/os-issue-tracker/issues/3590

TrustExecutor

I am curious why the "charging-only" option is not suitable in your threat model. Do you suspect there is a zero day exploit targeting the usb controller that can bypass the "charging-only" mode but not the "off" mode?