matchboxbananasynergy I imagine that whatever form such as a feature took, it would be possible to shut down the phone and plug the charger in then; I don't think there would be a way to prevent that on the OS level, although, just like you, I'm not familiar with how the code for this all works.
Yes, even if this was implemented on OS level, it could be easily bypassed with turning the phone off. But that would be ok, since the OS is not active anymore and the RAM has been completely storage reset to locked. This is also how USB accessories feature can be bypassed currently[which I assume works as intended].
matchboxbananasynergy Hey there. What would you consider the threat model for such a feature to be? I cannot imagine a scenario where authenticating before being able to charge your device is a security feature since we have auto reboot for putting the phone back at rest.
Also yes, the main point is largely already covered by Auto Reboot feature, as I've mentioned but there is a bit more to this one. However, Auto Reboot is currently purely time based while this would be a different factor. Another [just an example for different scenario] factor theoretically could be distance based with GPS, Auto Reboot after X distance is exceeded from the last time phone was locked. This would be a different factor for a user under which would shutdown/reboot after a certain condition is met[in this proposal, no power during active session].
I think there could be another potential security risk, because of smarter charging methods like USB-PD, there is data transfer and communication occuring between the phone and the charger. AFAIK, there are currently no exploits or known possible threats with data communication in charging protocols but this could be something that GrapheneOS might want to preemptively cover, before such exploit is discovered and executed.
You can get cables and adapters that only have the power pins in them, physically disconnecting any data communication. This usually done by the owner themselves though. If the devices falls into the hands malicious party, that could exploit this communication method with the phone, which is currently not covered by USB accessories feature, it could be a way for an attacker to gain a neccessary vector.
This is all just speculation. My point is more preventitive of something that might be possible in the future, rather than explicitly addressing something currently[other than adding other factor than only time itself]. I don't expect this to be a high priority dor developers right now, more of a food for thought and consideration for future.