Yes. See my response to the sibling comment (I don't want to pollute the discussion with sending twice the same)
> please tell me graphene is not rawdogging Alphabet's compiled stuff
What do you mean? Patching and compiling AOSP tree like every OEM does is "rawdogging Alphabet's compiled stuff" now? Or allowing users to run unprivileged/sandboxed Google services in the isolated user profile they choose?
> if so they ought to be replaced anyways for a secure phone. please tell me graphene is not rawdogging Alphabet's compiled stuff.
Say you don't know what GOS does without saying that out loud.
> if you are talking about tpm and other stuff, eh. they are closed source anyways and i, as a user, cannot actually validate them
Yeah, closed source BUT they exist so for example there's actual, physical throttling of the PIN, Weaver token is stored in the safe place, and we can have downgrading protection support, etc