← Back to context

Comment by petu

14 hours ago

Pixels are consistently "third party Android builds friendly", plus GrapheneOS has a list of required security features (beyond their control): https://grapheneos.org/faq#future-devices

e.g. first one in the list:

> Support for using alternate operating systems including full hardware security functionality

GrapheneOS wants users to lock the bootloader (≈enable Secure Boot) after install by providing user signing keys (avb_custom_key) -- that already seems to leave only Pixel, Nothing and Fairphone.

https://github.com/chenxiaolong/avbroot/issues/299

Why don't they support Fairphone and Nothing, then?

  • These devices fall far behind the industry standard hardware security requirements GrapheneOS has.

    • If they're only supported on a single line of devices made by a single company and there are thousands of devices made by hundreds of companies, then that's not industry standard. It might be better than industry standard, and it might be good, but it's hardly common.

      1 reply →