zlacker

Why can't you port Graphene OS to Librem 5 and use its security features there? Librem 5 is actually based on FLOSS drivers unlike any Android phone, so it should be doable. It's also the only phone with a FLOSS OpenPGP card .

>>fsflov+(OP)
Please read https://news.ycombinator.com/item?id=30761693 and the other comments again. Librem 5 has incredibly poor hardware/firmware security and it isn't possible for us to work around that at a software level. It's missing the basic hardware and firmware security features that are required. It's also missing functionality beyond that required to run the full OS.

> It's also the only phone with a FLOSS OpenPGP card .

It has no such thing (there is no open source secure element available aside from OpenTitan, although Trezor is working on one too) and it isn't an alternative to a proper secure element used by apps via the standard AOSP hardware keystore API (StrongBox keystore) and integrated into the rest of the hardware/firmware/OS for verified boot, attestation, throttling disk encryption key derivation attempts, insider attack resistance (only allowing signed firmware updates after owner account authentication) and the other features that are provided.

>>strcat+3d1
And what little "security" features the Librem 5 has, they aren't even using. One of their engineers came at me with "we have RPMB!" (a poor excuse for anti-replay memory that is semi-standard these days, and vastly inferior to dedicated chips like Pixels and iPhones have). I asked what they use it for, and got crickets.