I always disliked that GrapheneOS uses bootloader re-locking as an excuse to not support more phones.It just feels like trying to convince someone to use Secure Boot because of "security". When infact its the first thing I disable when installing Linux, and keep disabled. I surelly dont need it on my PC, and certainly wont on my phone. So this sounds pointless.This is a security theater, just like secure boot on PCs, you as linux users should understand, its the first thing you disable on any PC you want to install Linux on, you keep it disabled because it exists to stop you from using arguably much more secure alternative OSes.Locked bootloaders on Android are the exact same thing, they exist to stop the user from having control of their own hardware, not to actually secure your device.
it's too bad nobody can fork grapheneos and make it widely available
GrapheneOS is just Android cosplay for tinfoil dads who think bootloader locking = freedom.>b-b-but muh verified boot!bro you literally re-installed Google’s leash and called it security.It’s the same clown logic as Secure Boot on PCs. Corporate nannyware pretending to “protect” you while making sure you can’t touch your own hardware. Real Linux chads flash, root, and yeet verified boot into the sun.Graphene is great if you’re a spook, narc, or Reddit mod. Everyone else? flash Lineage and move on, you paranoid NPC.
Venmo and Cashapp don't even work on GrapheneOS. Uber and Lyft probably don't even work either.
On an older pixel is an unsupported/out of date grapheneos more secure than fully up to date android 16 lineageos ? My senses say yes because lineage contains latest android security patch and this difference will increase over time
>Mom, I posted it again!
>>107026830Nice try, CIA NIGGER.The feds HATE GrapheneOS for a reason. They SEETHE at the mere existence of it. Do not fall for these demoralization threads.
>>107027637And when it's reported, jannies just ignore it
>>107027017All of those apps work so
>>107030619Uber doesn't
>>107030695Why lie on the internet?
>>107030695It sure does but keep lying
I use Grapheneos, I like it
>they don't enable secure boot and set a bios password Are there really retards who do this and then think they're secure? Nice delusions
>>107030695Uber literally added GrapheneOS Hardware Verfication Keys you lying Nigger.
>>107026830>NOOOOOOOOOOOOO STOP USING GRAPHENE MY HECKIN' CELLEBRITE CAN'T HACK INTO IT THIS IS LITERALLY FASCISM
>>107030878Really?
>>107026830>It just feels like trying to convince someone to use Secure Boot because of "security". When infact its the first thing I disable when installing LinuxThe difference is that you do not dual boot your phone. Also you don't take your PC with you EVERYWHERE where any random person can grab your phone and fuck with your data if it isn't boot locked by default.Also Linux is NOT secure in the way GrapheneOS is. It's different priorities and thread models.
>>107027000>>107027034LineageOS is an amateur hobbyist customROM compared to GrapheneOS.Also LineagOS "devs" didn't even bother to change any of the google IP address connections that are default in AOSP. It's literally just a worse stockROM.>Yes, LineageOS supports many devices. Yes, with LineageOS you can also continue to operate older devices. But: If you actually want to do without Google or want to receive security updates for your device in a timely manner, you should look for another custom ROM. LineageOS itself is not making any special efforts to cut itself off from Google. To be fair, however, it must also be mentioned: they never claimed that. The renunciation of the Google Apps or Google Play services do not automatically mean that a custom ROM is Google-free. For this, further steps are necessary, but the lineageOS does not work.>Overall, LineageOS leaves neither a privacy-friendly nor truly secure impression. This is mainly due to the following points:>Despite abandoning Google Play Services, LineageOS is closely linked to Google services>Delayed delivery of (security) updates>Older devices do not receive full security updates from proprietary components such as bootloader or firmware>No support from Verified Boot>The quality of LineageOS on a particular device is significantly influenced by the capabilities and use of the maintainer>Ultimately, LineageOS is primarily aimed at users who want to continue using their older devices because they may no longer be supplied by the manufacturer with the latest Android versions and security updates. From an ecological point of view, this also makes sense, since most devices still work flawlessly on the hardware side, but due to the consumer orientation caused by capitalism often have to vacate the place. In the end, this means: even more e-waste – and we can all do without it well and gladly.https://www.kuketz-blog.de/lineageos-weder-sicher-noch-datenschutzfreundlich-custom-roms-teil4/
what's the consensus on e/os/ vs graphene if i'm not at all concerned with three letter agencies?
>>107030985LineageOS runs so many google connections, it could actually be from google themselves.
>>107031011e is abysmal garbage and people using it are just coping because they run hardware that can't run GrapheneOS.
>>107031015I think it's more likely to just be laziness. Personally I don't get the point of a custom rom at all if it's reliant on google servers anyway.
>>107031033>I think it's more likely to just be laziness.Why do you want to ran an OS by "lazy" or incompetent people?
>>107031038Which is why I don't. Not everything is an argument, anon.
>>107031015It's hilarious what Lineage is doing.>4.4 Browser: Jelly Browser>The included browser is called Jelly, which uses the WebView included in Android for displaying websites. In contrast to Chrome, the browser should be lighter and was apparently optimized especially for mobile devices. Immediately after the first/initial start, the following compounds are initiated:>google.com (Home)>fonts.gstatic.om (Home)>apis.google.com (Home)>consent.google.com (Home)>update.googleapis.com (Update-Check)>dl.google.com (Update-Check)>edgedl.me.gvt1.com (Update-Check)
>>107030985The point of LineageOS isn't to be degoogled so idk what your point is
>>107031062What's the point of Lineage?I remember when I was younger and poor the point of CyanogenMod and LineageOS was to get the newest Android version for your cheap shit Android device for functionality. But functionality is not an issue anymore. You don't need to run the newest Android version to get apps working.Also I'm not poor anymore and don't have to run outdated garbage device with 0 support.So what is the actual point of LineageOS? Keep in mind better stuff exists now that didn't exist back in the day.
>>107031011Just buy a cheap Pixel 8 pro and install GrapheneOS and be done with it.
>>107031080It doesn't matter. Its not to be degoogled.
>>107031080>What's the point of Lineage?It is>to get the newest Android version for your cheap shit Android device for functionality. Also allows rooting, which gives some apps more functionality.
>>107026830Secure Boot ain't necessarily there to enslave you by the joooos though it was promptly adapted to do so by MS. But you don't have to! You may yeet their keys away and put your ownWhat better alternative do you have?? You have Heads but you can't use it on most mobos. Secure Boot if properly implemented and configured can absolutely shield you from some attacks. The problem is the proprietary UEFI implementations preflashed in mobos that you're forced to use
>>107031080It's a clean AOSP distribution free from Google Play Services that supports many different phones. It's so much faster than the shit stock Android that came with my Motorola phone.Yes, it's not 100% Google-free, but it's 95% of the way there and you can mitigate many of the Google connections like SUPL, DNS, captive portal, etc.>GrapheneOSI'm not buying a Google phone when I'm trying to avoid using Google shit. If the new Graphene phone is any good I will consider buying it.>/e/OSThe UI looks like a shitty knockoff of iOS you would expect from a no-name Chinese phone.>CalyxOSTheir project has shutdown indefinitely
>>107031237>It's a clean AOSP distributionIt isn't>free from Google Play ServicesOnly the dedicated GPS app, not the actual connections>that supports many different phonesMost of the "support" is hackjobs done by incompetent maintainers
>>107027675>>107030890
>>107031237>I'm trying to avoid using Google shitAndroid is "Google shit". By not buying a Google phone you just increase the amount of corporations that are part of your phone and can potentially install backdoors.
Genuine question - why give a fuck about locking bootloader? I don't have locked boot, or BIOS for that matter on my PC. However I do have the entire OS partition encrypted with VC>inb4 muh VC bad!Then imagine TC, LUKS or some other encryption you prefer, the point still stands. When your entire OS drive is encrypted, it does not matter if you boot into some other shit, you still can't access the data. Why should I care about locking bootloader on phones? Is OS-level/entire drive encryption not feasible for some gay reason?
>>107031440evil maids
>>107031440I can make a copy of your shitty encrypted OS and install a fake OS on your system with a not locked bootloader.Then you will try to login with your password which is immediately uploaded to me.I then use your password to get access to your shitty encrypted OS, which isn't encrypted anymore lol!
When GrapheneOS lands on Xperias, I will be a fanboy officially.https://software77.in/is-sony-xperia-the-next-big-partner-for-grapheneos-privacy-os-expands-beyond-google-pixel/If it doesn't, I'm basically giving up smartphones entirely after google announced they're going to yeet all the open source sideloading.
>>107031542It will probably be Oneplus
>>107031513describe a realistic scenario where this occurs
>>107026830Why would you disable sexo boot on linux
>>107031575He literally described an example, retard.>But I will never ever be targeted anyways lol I don't care about any of that!Then just run your stock OS and shut the fuck up.
>>107031542I guess this is better than a Chink brand. My last entry level Xperia was shit but apparently their higher end stuff is good.
>>107031595calm down and read again, retard. i asked for a specific scenario where this chain of events occurs, as in your phone gets stolen and then planted back? or a secret agent sneaks into your apartment? a scenario that is grounded in reality. >Then just run your stock OS and shut the fuck up.i want a degoogled phone and i'm figuring out whether grapheneos is a viable option or its "threat model" larpOS for muh government targeted haxxors
>>107031715There is no LARP. You don't trade in security for convenience with GrapheneOS. You get both.GrapheneOS is more secure AND easier to install AND easier to maintain AND more privacy oriented AND has the best app compatibility with sandboxed Google play services installed (if you need it) than any other option.There is no trade-off.Don't trust me. Just read.https://grapheneos.org/faq
>>107031513That is quite far fetched, but I agree it's doable. I guess this can be reasonably cirumvented with some simple form of two-step drive decryption. First decryption level, after unlocking, shows some passphrase or an image which confirms that you are in fact booting into your real OS. Once that is done, you can safely unlock the OS itself, once again dropping the need for locking bootloader
>>107031739>inventing an entirely new "solution" for a problem that's more cumbersome and complicated (so nobody will ever use it) than the regular solution that already exists and works.
>>107031753What I propose is a simple, small component of the encryption mechanism, solving the "replacing your OS with a fake one" problem. That "regular solution that already exists" that you describe "works" so "well" that it limits the use of GrapheneOS to only few Google gayphones. You seem to be in denial.
>>107031440The locker boot loader is a critical part of the verified boot process. Verified boot ensures that your system files and processes have not been tampered with on every reboot. This means you can install a malicious app, uninstall it, reboot the phone, and your phone is perfectly fine. I have no idea why you're talking about encryption, but if you’ve convinced yourself you know everything, then do whatever you want. It’s not my problem.
>>107031547>It will probably be OneplusWhy so negative?They said a major OEMSony is basically the only major OEM which allows bootloader unlock/relock
So, who exactly is preventing you from porting grapheneos to your chink phone?
>>107031807>moves the goalpost, ignores previous discussion>"locking down bootloader = OS files integrity"You are consneeding and I accept
>>107031839>hey guys, why do I need 2 thumbs? I hate vanilla ice cream!>actually your thumbs serve a useful purpose, it has nothing to do with vanilla ice cream. >ha! Gotcha!Well you “won”. Now what?
>>107031513>If someone takes my phone for 2h they can install shit.Never give your phone to random people for 2h and problem solved lol
>>107026830Nigga walking around with an unlocked bootloader on your phone is risky as fuck. You lose your phone and anyone with a little jeet knowledge of Android custom roms can have access to literally everything on it.
>>107031547Last time people were saying Motorola.What I conclude from that is that nobody has a fucking clue of which OEM it is>>107031542Good morning sir and thank you for linking such an insightful genAI'd blogspam
>>107028382It's almost as if you're standing on their soapbox...
>>107031942no. you still need the passphrase to decrypt the phone. and a bootloader locked phone can still be factory reset.a locked bootloader has nothing to do with theft protection.
>>107030878Ah yes its FOSS, but if you compile it yourself no proprietary service will work because they only whitelists GrapheneOS official signing keys. This is just centralizing power again, which is the opposite of what FOSS is about.
>>107032023It is Motorola. They practically already confirmed it by telling they were interested in working with a couple of OEMS and then confirming the ones they aren't working with and leaving only Motorola.They are targeting the Motorola Razr 70 ultra 2026 specifically which will come with a snapdragon 8 elite gen 5.They aren't 100 percent sure yet if that snapdragon chip will provide all the features they need, so worse case it will be the Motorola Razr 80 ultra 2027 which will come with a gen6 chip that expands on the needed security features like MTE.
>>107032296the world is not black and white but a gradient
>>107032123>and a bootloader locked phone can still be factory reset.How?
>>107032460Via fastboot
>>107026830Every Linux distro supports secure boot if you sign the kernel and modules yourself
>>107031015Schizoid worries, alot of the connections made here are on a phone google has no control over or know any reasonable data form, to me the problematic part is gone which is gms and that allows google to have lot's of data and control so while it sucks it isn't perfect, it's better then having nothing especial when you won't be able to sideload whatever you want soon on phones with gms. So there is still another value to lineage.
>>107033118Firebase literally assigns you a unique identifier upon login kek>schizoid worriesglowie
>>107026830GrapheneOS should be the only consideration for anyone that needs an Android phone, but the GOS devs themselves consider iPhones to have superior hardware security, and iOS to be on par with GOS.If you take into consideration features like Lockdown Mode on iOS it comes out ahead of GOS.That's just security, though - privacy is a different story. GOS has way less bullshit in that regard (at least by default) than iOS.
>>107033207>and iOS to be on par with GOS.Lol no they never said this.They said iPhones are more secure than a random cheap chink shit android device. Which is probably true.They never said that iPhones are on par with GrapheneOS lol. Far from it. They said the exact opposite.
>>107032609>Every Linux distro supports secure boot if you sign the kernel and modules yourselfThe same thing can be said about some android phones.It's harder but not impossible.requirements:- unlockable- The phone has to have a avb custom key slot.- The chain of trust headers and footers of all partitions/images need to be correct in vbmeta with the flag set to 0 and the avb custom key needs to be flashed.Note:The reason why lineageOS doesn't do this is because they want to support things like rooting and GMS, if you try to flash a version of GMS or use something like magisk you completely destroy the chain of trust and your phone becomes unbootable, that's why their vbmeta (while everything is correct) still has flag 3 that means skip any verification so you cannot relock if you do, it will try to enforce the android security model anyways and once you try to boot, it will say the phone is corrupt.
>>107026830I was actually considering GrapheneOS but I'm a poorfag so I'll have to save for a while to afford newest Pixel (don't want an older one because short support), so I was wondering if I should try Lineage or maybe CalyxOS first on one of the shitty smartphones I have (Huawei P Smart or Huawei POCO M5). Neither is supported by either system, I think, but it doesn't necessarily mean I won't be able to run them at all. Those phones are old anyway so I don't care if I brick them,I just want to try something different and fuck around a little to see if I can do something fun with it. Ultimate goal is to find a suitable custom ROM, install only the shit I need and modify GUI to keep it minimalist and sleek, so that I don't have any shit I don't use on my phone at all.
>>107033752>newest Pixelwont get graphene
>>107033752pixel 9a
>drops Google trash and moves OEM>/g/ still mettlmao LineageOS and Pale Moon forever laaadddies
>>107033752>while to afford newest Pixel (don't want an older one because short support),Even a fucking Pixel 8 Pro gets support until AT LEAST end of 2030 you fucking retard.
If you don't use Secure Boot on Linux you're a retarded schizo and a tech illiterate. This is why we need competent leadership to filter out mental rejects like you and tard wrangle the rest of the idiot village in the FOSS community.
>>107034474They literally said it would so
>>10703594910 will get it. They never said anything about 11.
>>10703617610 is the newest I have no idea what you're talking about
>>107036182Then just wait until they are done with their build for Pixel 10.They were A LOT faster in the past. Literally took them a few days. But Google stopped open sourcing the device trees, so good luck figuring everything out on your own.
>>107036227None of your posts have been coherent or related to anything I've said.
>>107036240I'm just a cheap AI and not even the Anon you started this argument with.
>>107026830I like graphene but their tranny discord mods pop a gasket if you every imply that you'll disable auto updates cause you don't want your phone randomly taking a dump for 30 minutes every 4 daysYeah im not going to get hacked cause im not on the bleedingedge of dilated updates pushed to my phone the moment they come out...I just won't install weird shit which will save you from getting infected on 99% of systems and manually get updates once per month
>>107032296You're not wrong, but it's the lesser of two evils. App developers need this sort of attestation because Uber doesn't want drivers spoofing their location or whatever.It would be nice if someone produced a GrapheneOS_Uncucked fork or something that didn't try to do all that and instead let you actually have root, with the caveat that a lot of apps won't work. I think Calyxos is essentially this but GrapheneOS seems more well supported these days.
>>107036486Man, what is it with updooters? They let you disable auto-updates at least, right? There's no nag screen? That's a plus.
>>107036623Calyx is dead and made by incompetent morons
>>107030985idgaf google my dude it's a question of security and i think graphene not updating on older devices is a massive flaw and telling people to throw away their perfectly working old hardware is mental retardation and autism at best
>>107036640>They let you disable auto-updates at least, right?You can kill the update process and it won't restart itself. Only on reboot.
>>107036623You can literally just leave the bootloader unlocked with GrapheneOS and root it with magisk, without any different builds. If you want GrapheneOS with root, a locked bootloader and OTA updates, you are also in luck. It already exists: https://github.com/schnatterer/rooted-grapheneI do not recommend using root with GrapheneOS though. It makes it much less secure and this implementation will be detected by all apps. Things like zygisk do not seem to play well with GrapheneOS.
>>107026830>>107027000>>107027017>>107030695>>107030862>>107036486>>107037188Retard glowniggers are all over /g/ like flies on shit shilling against Graphene OS now that the new Pixel is out.Now you may think it odd, but IDGAF about the NSA. I use Graphene because you can shut off internet access per app and the battery lasts 4 times as long. But Graphene did not cuck on security. In fact, it cannot cuck on security, because jews use it to watch CP, deal drugs, and transfer their ill gotten gains via crypto coins. Check it with wireshark if you think it's spying on you.
