←back to thread

GrapheneOS is the only Android OS providing full security patches

(grapheneos.social)
751 points akyuu | 2 comments | 06 Dec 25 13:58 UTC | HN request time: 0.002s | source
Show context
einpoklum ◴[06 Dec 25 18:48 UTC] No.46175614[source]
... maybe, but it also drops support pretty fast, and not supported on most phones :-(
replies(2): >>46176507 #>>46179604 #
1. CommanderData ◴[07 Dec 25 06:24 UTC] No.46179604[source]
Pixel's design makes a good candidate for GrapheneOS or a secure OS in general.

The baseband hardware is not integrated the same way like other phones are.

replies(1): >>46184911 #
2. ysnp ◴[07 Dec 25 20:37 UTC] No.46184911[source]
I don't think that is a consideration for the project. Their OEM partnership also includes supporting a current generation Snapdragon SoC which seems to feature an integrated modem.

>A component being on a separate chip is orthogonal to whether it's isolated. In order to be isolated, the drivers need to treat it as untrusted. If it has DMA access, that needs to be contained via IOMMU and the driver needs to treat the shared memory as untrusted, as it would do with data received another way.

from https://grapheneos.org/faq#baseband-isolation