GrapheneOS Laptop?

HecticHector

Bimmy good closing paragraph

lcalamar

upstage4186 The difference between a laptop and mobile device regarding security/privacy is quite large.

I have the ability to choose the OS I prefer on a laptop... I can choose one based on ease of use, convenience, security, privacy... and I can easily? tweak any of those aforementioned 'dials' to get the mix of usage I am looking for.

Whereas a mobile platform does not have the ability to choose anything other than IOS or Android. Thank goodness we have GOS as an 'android-choice', but it is still android (just a better version).

My laptop(s) are running different linux systems and I can very easily manage the depth of security and privacy I want.... again on a mobile os - outside GOS, I'm pretty limited.

Long-winded rebuttal to why GOS should spend ANY time working on a GOS version on a laptop should google come out with one...

yore

lcalamar I can very easily manage the depth of security and privacy

Privacy, it depends but it is possible.

As for security, there is no public desktop OS (that I'm aware of) that comes even near to smartphone OS security, and no amount of hardening can achieve it. Ideally, a large team of skilled workers could rewrite the now-archaic desktop systems and create something new, but with open source developers and limited resources, that's quite unlikely.

So the best bet is likely to take an existing, open source OS and harden it, similar to how GrapheneOS does with AOSP; yes, the Linux kernel which has an immense attack surface is still in use, but the goal is to do that which is realistically achievable and useful for the average user.

Now as far as I'm aware, the desktop OS most closely aligned with security in mind appears to be ChromeOS (or ChromiumOS which is its open source variant). It is far from perfect and unlike most OSes, it's more oriented towards web apps than actual app software. But from a security standpoint and based on my understanding, this is the closest thing we have, followed by MacOS.

lcalamar

yore There are several security based linux OS: Kodachi, CubesOS, etc...

... are you saying these aren't very good?

iamdumb

lcalamar

kodachi seems like spyware to me ngl
cubesos i think you mean qubesos? it is the best in terms of desktop linux but there is also problem of computer hardware and also firmware and stuffses i think?

edit
https://madaidans-insecurities.github.io/security-privacy-advice.html
https://seclists.org/dailydave/2010/q3/29
i didnt read these because im lazy but the titles looks interesting

lcalamar

iamdumb Yes - qubes os

The point is - there ARE options with laptops whereas mobile OS have no options (outside GOS).

So perhaps there are hardware challenges with laptops but again - lots of choices...

Main point is - better things to do than create a GOS laptop os...

argante

iamdumb This is a bit out of date:

Microsoft Edge is a better choice for Windows users, as it can utilise Microsoft Defender Application Guard (MDAG)

btw:

Microsoft Defender Application Guard, including the Windows Isolated App Launcher APIs, is deprecated for Microsoft Edge (...) Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding browser extensions and associated Windows Store app are no longer available. If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or Microsoft Edge management service.

So this is something more similar to SELinux, based on the polices.

locked

It's likely that with the curve ball Google just through with Android 16, not providing the source trees for Pixels, it's likely not in the cards for the moment...

n2gwtl

Android laptop info has leaked recently. @GrapheneOS any chance you will support it?

userofgos

n2gwtl I wouldn't tag the project account for an answer you can find on the GrapheneOS FAQ: https://grapheneos.org/faq#future-devices but maybe that's just me. If it meets the device requirements it has the "potential" to be supported. :)

X thread: https://xcancel.com/GrapheneOS/status/1988299183456231452#m

In the future, we could support currently non-existent higher security laptop and/or desktop hardware. Android's desktop support and virtualization support have a long way to go before it makes sense. We'd also need a lot more development resources to have enough to spare for it.

https://xcancel.com/GrapheneOS/status/1988299183456231452#m

There's potentially going to be a Pixel laptop running Android rather than ChromeOS followed by an overall move away from ChromeOS to a new form of Android following the ChromeOS distribution model instead of having OEMs each having their own forks of the OS for their devices.

No, we don't have more information and don't know if it would meet our requirements.

https://xcancel.com/GrapheneOS/status/1863657649775985042#m

On the other hand, it's likely that Android's desktop user interface will be completely open source as part of AOSP. That will be useful when plugging in a monitor, mouse and keyboard to a phone but would also enable us to support a laptop which met our security requirements.

We plan to use hardware virtualization support available since the Pixel 6 to support running desktop applications via Windows 11. We could also support desktop Linux distributions. Some software like Krita has native Android support already despite not having a mobile UI yet.

There's a fairly high chance of there being a Pixel Laptop built to run Android with everything we need in the Android Open Source Project for supporting it in the near future. The usefulness of it would depend a fair bit on us having good built-in VM support similar to ChromeOS.

de0u

n2gwtl Android laptop info has leaked recently.

I would expect that the GrapheneOS project would decide whether to support such a device after having possession of one, which I would expect to occur after they are shipped, which I would expect to occur after they are officially announced.

I would not expect that the GrapheneOS project would decide whether to support such a device based on rumors, leaks, or even pre-release press reviews. That just doesn't make sense to me.

Also, since Google has recently been slow to release source code for new devices, it might not be possible for the project to decide until months after the devices ship.

n2gwtl

I'm not asking from a hardware security perspective. GrapheneOS is moving away from Pixels to their own devices after Google stopped publishing device trees. What is their perspective on this device? Would they attempt to support it if device trees are not available? Would they consider their own laptop?

de0u

n2gwtl GrapheneOS is moving away from Pixels to their own devices after Google stopped publishing device trees.

If you believe that the GrapheneOS project is "moving away from Pixels", please provide evidence. If you believe the GrapheneOS project is planning "their own devices", please provide evidence.

final

n2gwtl GrapheneOS is moving away from Pixels to their own devices after Google stopped publishing device trees.

This isn't true. We will continue supporting Pixels as long as possible including future devices should they still allow installing other operating systems. We build our own device trees instead now.

Any new devices will be additional to any devices that are currently supported.

avaluedcustomer

de0u f you believe the GrapheneOS project is planning "their own devices", please provide evidence.

https://grapheneos.social/@GrapheneOS/115877674396254367

We're working with a major Android OEM. It's one of the top 10 Android OEMs by sales. It's a definitely company you know already. They're hard at work on developing GrapheneOS support for one of their upcoming 2026 devices but it won't be possible to meet the requirements until the next generation, likely in 2027. Snapdragon Elite 8 Gen 5 is currently the only SoC meeting our requirements for non-Pixel devices but that doesn't mean any device using it meets our requirements at all.

userofgos

avaluedcustomer I'm certain de0u is already aware of that. However, these are NOT "their own devices" and they will still support Pixels until EOL (End-of-life).

horde

de0u https://discuss.grapheneos.org/d/27687-new-manufacturer-theories-and-predictions/159

de0u

avaluedcustomer

https://discuss.grapheneos.org/d/27687-new-manufacturer-theories-and-predictions/89

de0u

horde https://discuss.grapheneos.org/d/27687-new-manufacturer-theories-and-predictions/159

If the claim is that "we aren't sure if we'll add support" means the same thing as "moving away from", I guess I don't see it that way. Is that the claim?

Rca237

final

Did Google gave the device trees of the pixel 10 series if I may ask?

zten

final That’s great news to hear

de0u

Rca237 https://discuss.grapheneos.org/d/31185-question-regarding-the-pixel-series-10-and-going-forward/7

« Previous Page