Comment by lucb1e

That's all great but what prevents the OS from reading the /dev/input/* device that corresponds to the touchscreen while they enter that password? Or, XKCD#1200 style ("they can get my browser and app data but at least they can't get my disk password") reading all data after 'disk' unlock

Assuming Canada is like most countries and there exists an agency (or laws can be passed to create an agency) which has the authority, optionally after running it by a judge, to compel an entity to secretly implement a backdoor of their choice and they hand such an order to Google, Shiftphone, GrapheneOS, LineageOS, Samsung, or anyone else that is operating within their jurisdiction. Not meaning to single you out, but needing to trust your OS' updates does seem fundamental for a practically workable threat model. Unless you trust your vendor to prefer going out of business and destroying the keys on the way out, over implementing a backdoor for 1 user and tripping the warrant canary (many people will have that level of trust in GrapheneOS but not, say, Samsung; it's a tall ask of any vendor though)