Are you calling the above a "character attack"?
I would love to use GrapheneOS on my Librem 5 and Pinephone. No proprietary drivers are required. Yes, some security features are lacking. Yet it would be a win for everybody.
I didn't say anything about CalyxOS: I don't care about this.
Can you give me a quote where they outright say this? Because my hunch is that what they actually say is something along the lines of 'because it doesn't have the security requirements that we desire' which would be true. Whatever their reasons for those choices, it also makes sense to limit scope given the extreme constraints they're working under and that scope is best limited to phones with the widest security feature support for their security-focus Android OS.
> Are you calling the above a "character attack"?
Grow up.
All phones are insecure to some extent, most phones compared to GrapheneOS/Pixels are less secure and this has largely proven out whenever there's been leaks of the capabilities of law enforcement phone cracking tools.
Anyone can fork GrapheneOS and build it for other phones if they want, instead of doing this the developers instead focus their time and effort on the most suitable hardware for their needs. This isn't a part of some agenda or a swipe at Linux, open source or Stallman's cholesterol filled heart, it's just pragmatism.
It really seems like you're more concerned about hurt feelings than objective fact here. Every link you've provided thus far was framed by you as evidence of poor decisions or behaviour on the part of the GrapheneOS team but you've done nothing to elaborate, and after reading the content of those links for myself there is nothing there that support the things you've been implying.
It doesn't make a whole lot of sense, at least not unless I put myself into the mindset of a child and read any negativity expressed towards FOSS projects as an attack, or taking their choice to not target phones I like personally.
The linked security-related arguments aren't reasonable at all. They talk about improving users' security but instead the actual result is less security for the majority of people, due to (1) the high price of the supported hardware, (2) reliance on Google hardware not trusted by many users (>>45101524 ).
Your username is fsflover and your posts clearly have an ideological bias that favours purely open source solutions even if it goes against reason.
> The linked security-related arguments aren't reasonable at all. They talk about improving users' security but instead the actual result is less security for the majority of people, due to (1) the high price of the supported hardware, (2) reliance on Google hardware not trusted by many users
All SoCs are a black box and all of them are made by untrustable companies that are likely already working with the security services of whatever country they're R&D'd or manufactured in. There is no good solution to this, so they picked the best worst option.
Nonetheless, most of the evidence that is available shows that GrapheneOS on Pixels are the most secure phones currently available. So, clearly not security theatre, whereas if they also supported phones that didn't even let you lock the bootloader it absolutely would be.
GrapheneOS isn't to blame for every other phone manufacturer dropping the ball.
Thanks for the clarification. Free software ideology is not like a religion, where people believe in a god. Every Stallman's essay explains a very practical reason for following his ideas. FLOSS protects you from the enshittification, walled gardens, backdoors (to a degree) and similar things.
GrapheneOS have put themselves in Google's walled garden in terms of the supported devices and now Google can easily make them less secure or even kill them completely at will.
This is like saying "you clearly have an ideological bias that favors democracy/ or freedom even if it goes against reason". Sometimes a tyranny is more efficient at forcing people to do a particular thing, e.g., produce weapons. It doesn't mean that choosing it can be reasonable sometimes.
> All SoCs are a black box and all of them are made by untrustable companies
You clearly can't understand that different people have different threat models. This is a huge problem of GrapheneOS developers: they never accept this possibility and force the single threat model upon everyone. This reminds me of Apple by the way: They do the same. In reality, some people can trust Chinese devices more than Google's ones (imagine that), or trust a particular company that didn't perform a ton of evil action like Google did (that's me and many others).
> There is no good solution to this
The good solution to this is security through compartmentalization, which is the best security approach ever invented. The more varied hardware people use, the harder it is to make a targeted attack or to mass compromise every single device sold.
> most of the evidence that is available shows that GrapheneOS on Pixels are the most secure phones currently available
I don't dispute that, and you won't find me saying that GrapheneOS is insecure in itself. I am saying that they did a wrong bet long-term, and their approach leaves a lot of people without Google's hardware insecure.
> not security theatre, whereas if they also supported phones that didn't even let you lock the bootloader it absolutely would be.
Once again, this is implying one single threat model upon everyone. I never leave my phone unattended, so nobody can secretly reflash it. And whenever I suspect a compromise, I reflash it myself using a disposable VM on Qubes OS. Does it look somewhat secure to you?
GrapheneOS is actively working with a major Android OEM towards a subset of their future devices meeting all of our official requirements and providing official GrapheneOS support. This OEM is providing us with partner access to Android which is already helping the project. The vast majority of mobile devices have poor security including lack of firmware security updates and lack of essential defenses for providing the security GrapheneOS offers. GrapheneOS has to do substantial work on each supported device to integrate the hardening features and fix the issues those uncover. Supporting other devices is not easy and involves a lot of resources.
> Are you calling the above a "character attack"?
Yes, it is a character attack falsely claiming our goal is to "force Google" on people. That's utter nonsense.
Support for the devices we're working on with an OEM will become available and will be much better than their current devices not meeting our requirements. They were already planning to make substantial improvements to security but now more will be done and the end result will be devices we can support. The devices will meet all of the official requirements listed at https://grapheneos.org/faq#future-devices and may not be more secure than Pixels initially but future generations can make further improvements and we can do lower level hardening at a firmware and even hardware level. It starts with the OEM having devices meeting the very reasonable baseline standards.
> I would love to use GrapheneOS on my Librem 5 and Pinephone. No proprietary drivers are required. Yes, some security features are lacking. Yet it would be a win for everybody.
These have absolutely atrocious security and do not come anywhere close to the security requirements listed at https://grapheneos.org/faq#future-devices. Using devices with outdated components not receiving important security patches for known vulnerabilities and not providing basic defenses is not what GrapheneOS requires. It's far more than security features being lacking. The standards we list are very reasonable, which is the position of the OEM we're working with which did not previously meet them. There's nothing Pixel exclusive listed there, only standard security patches and features. We've kept the requirements lower than what Pixels provide to keep room for other devices such as only requiring 5 years of proper support instead of 7, omitting many unimportant security features, etc.
Both devices are still closed source hardware with closed source firmware, not open devices. They have a closed source SoC (CPU, GPU, MMU, etc.), radios, SSD, memory, battery, touchscreen, etc. They're advertised as if they're open despite that being the case. PinePhone has misleading marketing presenting the cellular baseband as having open source firmware available as a replacement when it doesn't based on having an extra general purpose CPU running a super outdated proprietary fork of Android next to the cellular baseband which can be replaced, but not the cellular baseband firmware itself. The radios are also less isolated and much less secure including lacking proper security support. The most important and most privileged component in a device is the SoC, which is not more open.
The purpose of GrapheneOS is not an OS which people can install on as many devices as possible where substantial security sacrifices need to be made even compared to the stock OS and a reasonable level of privacy and security cannot be provided due to lack of firmware/driver updates. Without the hardware-based features we use as part of our work, it would also hardly actually be GrapheneOS.
Support for installing another OS on devices has been removed or is in the process of being removed by several OEMs. Providing an OS for most mobile devices isn't an option in the first place.
GrapheneOS is actively working with a major OEM since June 2025 on a small subset of their next generation devices meeting all of our official requirements and providing official GrapheneOS support. The initial phase of support may still require people to install it themselves, but it will be another option than Pixels and the plan is to do more than that. The OEM is very interested in GrapheneOS and there may be devices sold with it as an official option. We'll be able to start doing lower level hardening work on firmware rather than our work not going below the level of the hypervisor, kernel and kernel drivers beyond reporting vulnerabilities or making suggestions. We already do a large amount of low-level work specific to devices and will be doing much more of it in the future including at a lower level. We have a lot of improvements we want to make at the level of the boot chain and secure element.
GrapheneOS in the long term will be a hardware, firmware and software project working closely with one or more OEMs to make highly private and secure devices. We'll support the existing Pixel devices until end-of-life and will add support for new generations of Pixels as long as they continue meeting our requirements, but our focus will shift to devices made in partnership with OEMs.
The purpose of GrapheneOS is not something people can download for their existing device to make it less bad. That's not even generally possible due to lack of support for using another OS and crippling of devices when another OS is used, especially the security features. You're talking about doing something which has never been the project's purpose. The purpose requires using the best available devices and ideally working with an OEM to make better devices for it as we're working towards (the first generation will likely not be more secure than Pixels, but it will meet our official requirements and improve from there).