What OS are GrapheneOS using?

hhhhh

I browsed https://grapheneos.org/articles/grapheneos-servers, and while is lists all the boxes GrapheneOS uses for various functions, it doesn't list the software these servers are running, or how they are configured.

"We use hardened local machines for building and signing...".

I am curious what hardening is involved. What OS these boxes are using? What security modules (e.g. AppArmor) are these using and how.

akc3n

hhhhh I browsed https://grapheneos.org/articles/grapheneos-servers, and while is lists all the boxes GrapheneOS uses for various functions, it doesn't list the software these servers are running, or how they are configured.

Each repo for those servers is included in the list of all the “boxes” (VPSs) from that same link. This is all part of our infrastructure. All the information is linked and easy to find.

it doesn't list the software these servers are running, or how they are configured.

It does list all the software packages and the initial configuration of the OS we use here:
https://github.com/GrapheneOS/infrastructure/blob/main/deploy-initial-vps

hhhhh "We use hardened local machines for building and signing...".
I am curious what hardening is involved. What OS these boxes are using? What security modules (e.g. AppArmor) are these using and how.

You cut off the key point of that sentence:

We use hardened local machines for building and signing rather than servers outside our physical control, so information on that infrastructure is outside the scope of this page but may be provided in the future elsewhere.

This is not the same as what you started asking about regarding our public servers listed at that link.

grayway2

akc3n I would and many others really appreciate if you could tell us what operating system and hardened machines are used by the foundation.

Apple products with a M1 Chip and later are perhaps the best for security (for example, the password protecting the internal SSD can't be bruteforced in BFU)

I do follow passware to see if there's any new discovery or improvement in the decryption of Apple Chips.

The problem of macOS is privacy. It's not a private operating system. Apple don't even ask your consent and collect spotlight queries.

It's complicate to find the right balance.

hhhhh

@grayway2 they are using Arch, look at the link @akc3n provide, https://github.com/GrapheneOS/infrastructure/blob/4aa646c0f3dfff6383488eb60c42d9103abb4d0c/deploy-initial-vps#L23

grayway2

hhhhh I'm not surprised for Arch https://archlinux.org/people/package-maintainer-fellows/

One developers told use a few times that he was using a Framework laptop but don't remember what the OS was.

Joewiszzy

a hardened, privacy first version of Android.