GrapheneOS: a open source privacy and security OS

  • Thread starter ForgottenSeer 85179
  • Start date
F

ForgottenSeer 85179

Thread author

2021.02.06.05

Changes since the 2021.02.02.09 release:
  • Vanadium: update Chromium base to 88.0.4324.152
  • rework the GrapheneOS HTTPS-based network time updates to enforce certificate expiry based on the OS build date for the whole certificate chain to avoid failing to fix significant time sync issues while still having a reasonable expiry check
Click to expand...
 
  • Like
Reactions: Nevi, Andrew999, harlan4096 and 2 others
F

ForgottenSeer 85179

Thread author

2021.02.19.15


Changes since the 2021.02.07.17 release:
  • Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5: update APNs
  • Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5: update CarrierConfig vendor.xml
  • Auditor: update to version 24
  • Auditor: update to version 25
  • Pixel 4a: set boot security patch level to leverage the YYYY-MM-01 vs. YYYY-MM-05 distinction for attestation
  • Pixel 4a (5G), Pixel 5: complete initial device support including porting hardening features
  • kernel (Pixel 4a (5G), Pixel 5): enable slab canary feature
  • kernel (Pixel 4a (5G), Pixel 5): set correct variable for 32-bit vdso toolchain
  • kernel (Pixel 5): disable unnecessary touch driver
  • kernel (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5): use LLVM toolchain for everything other than the assembler
  • kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): use LLVM toolchain for everything other than the assembler and target linker
  • kernel (Pixel 4a (5G), Pixel 5): use new kernel build-tools prebuilts repository
Click to expand...
 
  • Like
Reactions: enaph, Gandalf_The_Grey, Nevi and 1 other person
F

ForgottenSeer 85179

Thread author

2021.02.23.15

Changes since the 2021.02.19.15 release:
  • Camera: set flash mode to off by default (camera flash causes a substantial delay and substantially lower image quality so it generally isn't desirable)
  • device theme: use black for settings background in the dark theme
  • drop legacy code for setting Seedvault as the enabled backup service
  • hardened_malloc: drop workarounds for camera driver bugs on the Pixel 3, Pixel 3 XL, Pixel 3a and Pixel 3a XL
  • hardened_malloc: drop workaround for USB audio bug
Click to expand...
 
  • Like
Reactions: Nevi, Gandalf_The_Grey, enaph and 1 other person
F

ForgottenSeer 85179

Thread author
Installing GrapheneOS from other devices with GrapheneOS is now officially supported and tested: GrapheneOS web install guide
ChromeOS and Google Android are also now officially supported and tested platforms.

Increased portability is a nice advantage over the traditional approach.
Click to expand...

Also always stay on official instructions!
There's a popular Windows install video telling users to use a sketchy 3rd party fastboot.
It leads to bricked devices. A contributor helped port the fastboot version check to Windows.
The guide's author made a follow-up video with a guide on removing this added safety check.
Click to expand...
 
  • Like
Reactions: Nevi, Gandalf_The_Grey and harlan4096
F

ForgottenSeer 85179

Thread author

2021.03.02.10


Changes since the 2021.02.26.16 release:
  • full 2021-03-01 security patch level
  • full 2021-03-05 security patch level
  • rebased onto RQ2A.210305.006 release, initial release of Android 11 QPR2 (Quarterly Platform Release 2)
  • Settings (Pixel 4, Pixel 4 XL, Pixel 5): enable refresh rate control
  • Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5: update APNs
  • Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5: update CarrierConfig vendor.xml
Click to expand...
 
  • Like
Reactions: Nevi, Gandalf_The_Grey and harlan4096
F

ForgottenSeer 85179

Thread author

2021.03.06.00

Changes since the 2021.03.02.10 release:
  • Vanadium: update Chromium base to 89.0.4389.72
  • Vanadium: enable user agent freeze by default
  • Vanadium: disable building code as dynamic feature modules
  • kernel (Pixel 4a): fix techpack/audio build reproducibility issue
  • backport upstream fix for building on compressed filesystems
  • Calendar: remove launcher icon since the app exists for compatibility / testing
  • Seedvault: update to latest revision
Click to expand...
 
  • Like
Reactions: Nevi, harlan4096, Gandalf_The_Grey and 1 other person
F

ForgottenSeer 85179

Thread author

2021.03.19.14

Changes since the 2021.03.06.00 release:

  • integrate the latest open source release of TalkBack and Switch Access as first party accessibility services again (a text-to-speech service like RHVoice needs to be installed, configured and enabled to be able to use TalkBack)
  • SELinux policy: add back removing tmpfs execute for all base system app domains
  • SELinux policy: expand exception from ashmem execute restriction to legacy non-base system app domains (was more strict than currently intended since we don't want to break app compatibility)
  • add Bluetooth timeout feature with a security fix applied to the original implementation
  • Updater: rename title of the management activity launched via Settings
  • set GrapheneOS launcher as a default notification listener on fresh installs so that the default enabled notification integration is permitted by default like the stock OS (existing users still need to manually enable the permission for the built-in launcher)
  • add back removing DUN requirement for tethering
  • add back ignoring tethering provisioning requirement
  • enable app compaction by default
  • enable app freezer by default
  • enable camera/microphone indicators by default
  • kernel (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5): switch from standard 39-bit address space to 48-bit address space via 4-level page tables
  • Vanadium: update Chromium base to 89.0.4389.86
  • Vanadium: update Chromium base to 89.0.4389.90
  • Vanadium: enable partitioning connections by default
  • hardened_malloc: update libdivide to 4.0.0
  • hardened_malloc: use longer region quarantine random array (256 regions instead of 128)
  • Auditor: update to version 26
Click to expand...

Specially "enable camera/microphone indicators by default" is very nice (y)
 
  • Like
Reactions: Nevi, harlan4096 and Gandalf_The_Grey
F

ForgottenSeer 85179

Thread author

hardened_malloc version 7 released

These integer numbered tags are the standalone releases, while the RQ1A.210105.003.2021.01.05.03 style tags are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.
Click to expand...
github.com

Release 7 · GrapheneOS/hardened_malloc

Full list of changes from the previous release (version 6). See the README for this release for an overview of the project and many details about the design goals and implementation. These integer...
github.com github.com
 
  • Like
Reactions: Gandalf_The_Grey, Nevi and harlan4096

Similar threads

enaph
    • Like
    • +Reputation
Privacy News Strava Tightens API Policies to Bolster User Privacy and Security
Replies
0
Views
136
Security News
enaph
enaph
Gandalf_The_Grey
    • Like
    • +Reputation
New Update Apple Releases iOS 18, iPadOS 18, watchOS 11, macOS Sonoma, and visionOS 2
Replies
16
Views
1,203
macOS, iOS & iPadOS
silversurfer
silversurfer
vtqhtr413
    • Like
    • Applause
Technology Beeper vs. iMessage is a fight about how tech works
Replies
7
Views
1,316
Technology News
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top