Is there any relevant documentation on how GrapheneOS addresses firmware based supply chain attack vectors?
Is there an SPI chip on the board of a Google Pixel? Does it contain closed source or open source firmware?
Please see:
https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/