zlacker

[return to "Graphene OS: a security-enhanced Android build"]
1. SchwKa+Tn[view] [source] 2025-07-25 00:46:39
>>madars+(OP)
My only problem with Graphene is the ridiculous low number of supported devices, i know I know, security reasons and so on. But I would accept an lower security hardened version but at least have Graphene instead of Google's junk
◧◩
2. mbanan+Kr[view] [source] 2025-07-25 01:19:28
>>SchwKa+Tn
GrapheneOS community manager here. Google's devices are currently the only ones that meet our requirements (https://grapheneos.org/faq#future-devices).

However, we're currently working with another OEM and are hoping to have a device of theirs meet our requirements that can be launched in 2026 or 2027. Nothing set in stone, but we're optimistic thus far.

◧◩◪
3. orbisv+Rt[view] [source] 2025-07-25 01:45:11
>>mbanan+Kr
I'm working my way down your requirements.

> Hardware memory tagging

I had to Google this. Is this like a fine-grained version of mprotect, i.e. associated permissions with each tag? Or are you only interested in the memory safety benefits? Regardless, why target requirements that even most desktop computers don't meet?

◧◩◪◨
4. transp+qu[view] [source] 2025-07-25 01:50:31
>>orbisv+Rt
MTE is an Arm v9 feature subset of CHERI, >>30007474 | https://armor.ch/mte/hw

https://discuss.grapheneos.org/d/8439-mte-support-status-for...

> Hardware memory tagging is going to provide a massive increase to protection against remote exploitation for GrapheneOS users. It's the biggest security feature we'll be shipping since we started in 2014.

[go to top]