GrapheneOS: a open source privacy and security OS

[ForgottenSeer 85179]

2021.03.30.02​

Changes since the 2021.03.19.14 release:

• hardened_malloc: add initial malloc_trim slab quarantine purging to reduce system memory usage from the slab quarantine without sacrificing security
• Vanadium: update Chromium base to 89.0.4389.105
• android-prepare-vendor (Pixel 4a (5G), Pixel 5): stop incorrectly treating new vendor_boot partition as a firmware partition and use our own build
• SetupWizard: update to latest upstream code

 

[ForgottenSeer 85179]

2021.04.05.20​

Changes since the 2021.03.30.02 release:

• full 2021-04-01 security patch level
• full 2021-04-05 security patch level
• rebased onto RQ2A.210405.005 release
• SetupWizard: rebrand to GrapheneOS for other languages
• disable OpenGL preloading and load it on demand instead since this isn't useful with exec-based spawning

and from today:

2021.04.16.04​

Changes since the 2021.04.05.20 release:

• kernel (Pixel 4a (5G), Pixel 5): rebuild with updated techpack/camera submodule
• add back support for fully disabling native debugging support in Settings → Security
• kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5): enable support for native debugging toggle
• Settings: add back extra field with bootloader version
• Settings: only allow disabling Vanadium WebView library via developer tools since disabling it breaks app compatibility and almost always results in crashes rather than user friendly errors, including for base OS components using it
• Vanadium: update Chromium base to 90.0.4430.66
• Vanadium: fully disable autofill assistant
• Vanadium: disable unused autofill assistant configuration
• Vanadium: disable speculative service worker start by default
• Vanadium: disable safety check for Android by default
• Vanadium: disable new interest feed feature too
• Vanadium: disable unused password check feature

 

[ForgottenSeer 85179]

2021.04.22.20

Changes since the 2021.04.16.04 release:

* kernel (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5): update our change to use max ASLR entropy before the init process enables it for the larger address space enabled by GrapheneOS

* kernel (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5): add back hard-wired check for the INTERNET permission on socket creation at least until the eBPF code is improved and fixed to work properly for secondary profiles

* Vanadium: disable unused FLOC feature

* Vanadium: update Chromium base to 90.0.4430.82

 

[ForgottenSeer 85179]

2021.05.04.01

Changes since the 2021.04.22.20 release:

full 2021-05-01 security patch level
full 2021-05-05 security patch level
rebased onto RQ2A.210505.003 release
enable backup service for non-owner users so that secondary users can be backed up
add SetupWizard activities for secondary users including support for restoring backups
Settings (Accessibility): add Monochromacy (grayscale) option to color correction
improve the newer generation eBPF-based implementation of the INTERNET permission to properly support revoking the permission in secondary profiles (we'll be keeping our restoration of the much simpler non-eBPF-based approach to avoid relying on this on devices using our hardened kernels)
Vanadium: update Chromium base to 90.0.4430.91
Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5: set slot number for eSIM (still need an eSIM activation app since it's one of the remaining missing components from not including Google apps and services)
hardened_malloc: use 1 slot for all extended size classes (reduces memory usage and improves security in combination with the guard slab feature)
use device theme accent color for fingerprint dialog instead of teal
integrate modern Android theme and wallpaper configuration
remove legacy WallpaperPicker app
Updater: modernize update settings via androidx preference library (new theme has minor quirks we'll be fixing in the next release)
use alternate grapheneos.online domain for connectivity check / captive portal fallback URLs to improve handling of future issues comparable to Quad9 temporarily blocking grapheneos.network due to some kind of false positive
Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5: update APNs
Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5: update CarrierConfig vendor.xml

 

[ForgottenSeer 85179]

hardened_malloc version 8 released

Release 8 · GrapheneOS/hardened_malloc

Full list of changes from the previous release (version 7). See the README for this release for an overview of the project and many details about the design goals and implementation. These integer...

github.com

 

[ForgottenSeer 85179]

2021.05.16.04​

Changes since the 2021.05.16.04 release:

• enable gesture navigation by default (you can change it via Settings → System → Gestures → System navigation) since it's superior to the previous default in nearly every way and is the only option in the stock OS: swipe left/right on the navigation bar to switch apps, swipe up to go home, swipe up and hold for the app overview, swipe from either the left/right edge of the screen to go back
• Updater: fix minor theme issue for light theme when pressing preferences
• replace our workaround for an upstream user profile crash issue with a proper upstream fix from Sony
• replace our workaround for another upstream user profile crash issue with a proper fix based on the approach of the fix from Sony
• Vanadium: update Chromium base to 90.0.4430.210
• hardened_malloc: purge memory even if VMA exhaustion causes munmap or MAP_FIXED mmap calls to fail
• hardened_malloc: increase class region size on x86_64 to 32GiB
• hardened_malloc: increase class region size on arm64 to 2GiB (should be 32GiB on devices where we've enabled 4-level page tables but that requires setting up build configuration infrastructure)
• raise vm.max_map_count further to have even more leeway before VMA exhaustion occurs from fine-grained guard regions
• kernel (Pixel 4a (5G), Pixel 5): fix build reproducibility issue by backporting upstream fix
• kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5): make CONFIG_LOCALVERSION_AUTO ignore Git tags so adding tags doesn't change the result of a build
• kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5): apply fixes for Qualcomm audio driver vulnerabilities from CAF including one missed in the upstream May security update for Pixels
• kernel (Pixel 4a): apply fix for use-after-free in GPU driver missed in the upstream security updates for the Pixel 4a
• switch HTTPS network time URL from / to /generate_204 to allow for a future / redirect
• Settings: remove field referencing the mainline module (APEX) version (also as as the Google Play system update version) since we ship these changes as part of the OS and have out-of-band module updates disabled since we have no use for them

 

[ForgottenSeer 85179]

Auditor app version 27 released

Release 27 · GrapheneOS/Auditor

Full list of changes from the previous release (version 26). Notable changes: modernize UI (dark mode, etc.) modernize implementation update dependencies The Auditor app uses hardware security f...

github.com

 

[ForgottenSeer 85179]

2021.05.19.06​

Changes since the 2021.05.16.04 release:

• Settings: remove field referencing the mainline module (APEX) version (also known as the Google Play system update version) since we ship these changes as part of the OS and have out-of-band module updates disabled since we have no use for them
• remove legacy Calendar widget
• add toggle for disabling fingerprint unlock while having fingerprints registered for usage in apps (authentication and protecting hardware keystore keys)
• Auditor: update to version 27

Important news about the official GrapheneOS chat rooms:

Our official chat channels are migrating away from freenode IRC due to a hostile takeover of the network. As part of this, we're migrating to new Matrix rooms with an upgraded room version which are not bridged to the freenode channels. The #grapheneos:matrix.org and #grapheneos-offtopic:matrix.org aliases now point at the new rooms, although we've also made #grapheneos-new:matrix.org and #grapheneos-offtopic-new:matrix.org to make it easier to join from home servers with broken caching of aliases. Web client links:

• Join the #grapheneos:matrix.org room with the Element web client
• Join the #grapheneos-offtopic:matrix.org room with the Element web client

Matrix rooms are decentralized and these rooms aren't inherently tied to matrix.org or another server. We plan to add tombstones redirecting users from the legacy rooms, but the half-baked automatic room upgrade feature wasn't appropriate for this migration.

 

[ForgottenSeer 85179]

2021.05.29.09​

Changes since the 2021.05.19.06 release:

prevent DHCP (IPv4) from reusing state across connections to the same network when full MAC randomization is enabled
Vanadium: update Chromium base to 91.0.4472.77
Vanadium: enable opportunistic HTTPS by default
Vanadium: disable mobile identity consistency by default
revert our change adding the screenshot button to the power menu for 3-button navigation since it's provided by the recent apps activity for both gesture and 3-button navigation (we originally added it back for both 2-button and 3-button navigation even though it was only needed for 2-button navigation, and then the stock OS implemented the same fix only for 2-button navigation, which makes more sense)

Important news about the official GrapheneOS chat rooms:

Our official chat channels are migrating away from freenode IRC due to a hostile takeover of the network. As part of this, we're migrating to new Matrix rooms with an upgraded room version which are not bridged to the freenode channels. The main addresses for the new rooms are #grapheneos:grapheneos.org and #offtopic:grapheneos.org. The #grapheneos:matrix.org and #grapheneos-offtopic:matrix.org addresses now point at the new rooms but some clients / home servers appear to have broken caching of the addresses. You can also join the new #community:grapheneos.org space in a client like Element supporting the Spaces Beta. Web client links:

Join the #grapheneos:grapheneos.org room with the Element web client
Join the #offtopic:grapheneos.org room with the Element web client
Join the #community:grapheneos.org space with the Element web client
Matrix rooms are decentralized and these rooms aren't inherently tied to grapheneos.org or another server. We plan to add tombstones redirecting users from the legacy rooms, but the half-baked automatic room upgrade feature wasn't appropriate for this migration.

 

[ForgottenSeer 85179]

2021.06.08.06​

Changes since the 2021.05.29.09 release:

• full 2021-06-01 security patch level
• full 2021-06-05 security patch level
• rebased onto RQ3A.210605.005 release, initial release of Android 11 QPR3 (Quarterly Platform Release 3)
• experimental new feature for configuring auto-reboot after N hours of the device being locked to put all logged in user profiles back at rest (i.e. data inaccessible to the OS until logged in again) when the device isn't in your possession
• kernel (Pixel 4a (5G), Pixel 5): apply fixes for 2 Qualcomm Wi-Fi driver vulnerabilities from CAF missed in the upstream December 2020 security update for Pixels
• Vanadium: update Chromium base to 91.0.4472.88
• android-prepare-vendor: fix resuming image downloads due to broken HTTP/2 server semantics
• Settings: fix hardcoded black text in storage summary
• remove redundant property for disabling OpenGL preloading

 

[ForgottenSeer 85179]

2021.06.09.13​

Changes since the 2021.06.08.06 release:

• Updater: add support for custom accent color
• re-enable current camera/microphone privacy indicator implementation
• kernel (Pixel 4a (5G), Pixel 5): use new GNU assembler (gas) prebuilts and drop all other usage of the GNU toolchain since LLVM provides everything else (LLVM assembler is used for userspace, but can't yet handle the Linux kernel)

 

[ForgottenSeer 85179]

As i switched to an iPhone, i will no longer post GrapheneOS updates.
If someone wants to take it over, I have no objection.

Releases are announced on this page including via an atom feed, via our @GrapheneOS Twitter account, on the official subreddit and in the official GrapheneOS chat room A release announcement indicates that the source code tags are available and that the official builds will soon be pushed out via the Beta channel. The changelog is also available as an atom feed usable in any standard feed reader.

 

[CyberTech]

 

[ForgottenSeer 85179]

i wonder how you found a picture about me.

 

[SeriousHoax]

 

[CyberTech]

i wonder how you found a picture about me.

I asked Sundar if he has a pic of SecurityNightmares that he met Tim Apple at Apple he said yes he have it he sent me on Whatsapp took a pic with the Pixel 3a