move device support section to FAQ
This commit is contained in:
parent
311bcef197
commit
30055d4128
@ -47,9 +47,21 @@
|
||||
<a href="#table-of-contents">Table of contents</a>
|
||||
</h2>
|
||||
<ul>
|
||||
<li><a href="#supported-devices">Which devices are supported?</a></li>
|
||||
<li>
|
||||
<a href="#device-support">Device support</a>
|
||||
<ul>
|
||||
<li><a href="#supported-devices">Which devices are supported?</a></li>
|
||||
<li><a href="#recommended-devices">Which devices are recommended?</a></li>
|
||||
<li><a href="#future-devices">Which devices will be supported in the future?</a></li>
|
||||
<li><a href="#when-devices">When will more devices be supported?</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h2 id="device-support">
|
||||
<a href="#device-support">Device support</a>
|
||||
</h2>
|
||||
|
||||
<h2 id="supported-devices">
|
||||
<a href="#supported-devices">Which devices are supported?</a>
|
||||
</h2>
|
||||
@ -80,6 +92,81 @@
|
||||
GrapheneOS is the only party involved in providing the updates. For the same reason,
|
||||
it has little use for the ability to provide out-of-band updates to system image
|
||||
components including all the apps and many other components.</p>
|
||||
|
||||
<p>Some of the GrapheneOS sub-projects support other operating systems on a broader
|
||||
range of devices. Device support for Auditor and AttestationServer is documented in
|
||||
the <a href="https://attestation.app/about">overview of those projects</a>. The
|
||||
<a href="https://github.com/GrapheneOS">hardened_malloc</a> project supports nearly
|
||||
any Linux-based environment due to official support for musl, glibc and Bionic along
|
||||
with easily added support for other environments. It can easily run on non-Linux-based
|
||||
operating systems too, and supporting some like HardenedBSD is planned but depends on
|
||||
contributors from those communities.</p>
|
||||
|
||||
<h2 id="recommended-devices">
|
||||
<a href="#recommended-devices">Which devices are recommended?</a>
|
||||
</h2>
|
||||
|
||||
<p>The recommended devices with the best hardware, firmware and software security
|
||||
along with the longest future support time are the Pixel 3a, Pixel 3a XL, Pixel 3 and
|
||||
Pixel 3 XL. The Pixel 3a and 3a XL are budget devices meeting the same security
|
||||
standards as the more expensive flagship devices.</p>
|
||||
|
||||
<h2 id="future-devices">
|
||||
<a href="#future-devices">Which devices will be supported in the future?</a>
|
||||
</h2>
|
||||
|
||||
<p>Devices are carefully chosen based on their merits rather than the project aiming
|
||||
to have broad device support. Broad device support is counter to the aims of the
|
||||
project, and the project will eventually be engaging in hardware and firmware level
|
||||
improvements rather than only offering suggestions and bug reports upstream for those
|
||||
areas. Much of the work on the project involves changes that are specific to different
|
||||
devices, and officially supported devices are the ones targeted by most of this
|
||||
ongoing work.</p>
|
||||
|
||||
<p>Devices need to be meet the standards of the project in order to be considered as
|
||||
potential targets. In addition to support for installing other operating systems,
|
||||
standard hardware-based security features like the hardware-backed keystores, verified
|
||||
boot, attestation and various hardware-based exploit mitigations need to be available.
|
||||
Devices also need to have decent integration of IOMMUs for isolating components such
|
||||
as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image
|
||||
processor, etc. as if the hardware / firmware support is missing or broken, there's
|
||||
not much that the OS can do to provide an alternative. Devices with support for
|
||||
alternative operating systems as an afterthought will not be considered. Devices need
|
||||
to have proper ongoing support for their firmware and software specific to the
|
||||
hardware like drivers in order to provide proper full security updates too. Devices
|
||||
that are end-of-life and no longer receiving these updates will not be supported.</p>
|
||||
|
||||
<p>In order to support a device, the appropriate resources also need to be available
|
||||
and dedicated towards it. Releases for each supported device need to be robust and
|
||||
stable, with all standard functionality working properly and testing for each of the
|
||||
releases.</p>
|
||||
|
||||
<p>Hardware, firmware and software specific to devices like drivers play a huge role
|
||||
in the overall security of a device. The goal of the project is not to slightly
|
||||
improve some aspects of insecure devices and supporting a broad set of devices would
|
||||
be directly counter to the values of the project. A lot of the low-level work also
|
||||
ends up being fairly tied to the hardware.</p>
|
||||
|
||||
<h2 id="when-devices">
|
||||
<a href="#when-devices">When will more devices be supported?</a>
|
||||
</h2>
|
||||
|
||||
<p>Broader device support can only happen after the community (companies,
|
||||
organizations and individuals) steps up to make substantial, ongoing contributions to
|
||||
making the existing device support sustainable. Once the existing device support is
|
||||
more sustainable, early research and development work for other devices can begin.
|
||||
Once a device is deemed to be a worthwhile target, the project needs maintainers to
|
||||
develop and maintain support for it including addressing device-specific issues that
|
||||
are uncovered, which will include issues uncovered in the device support code by
|
||||
GrapheneOS hardening features.</p>
|
||||
|
||||
<p>It's not really a matter of time but rather depends on community support for the
|
||||
project increasing. As an open source project, the way the get something to happen in
|
||||
GrapheneOS is to contribute to it, and this is particularly true for device support
|
||||
since it's very self-contained and can be delegated to separate teams for each
|
||||
device. If you want to see more devices supported sooner, you should get to work on
|
||||
identifying good devices with full support for alternative operating systems with
|
||||
verified boot, etc. and then start working on integrating and testing support.</p>
|
||||
</div>
|
||||
<footer>
|
||||
<a href="/"><img src="https://grapheneos.org/logo.png" width="512" height="512" alt=""/>GrapheneOS</a>
|
||||
|
@ -104,49 +104,7 @@
|
||||
<h2 id="device-support">
|
||||
<a href="#device-support">Device support</a>
|
||||
</h2>
|
||||
<p>In the current early stage of the project, GrapheneOS provides production releases
|
||||
for the Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a and Pixel
|
||||
3a XL. <strong>The recommended devices with the best hardware, firmware and software
|
||||
security along with the longest future support time are the Pixel 3a, Pixel 3a XL,
|
||||
Pixel 3 and Pixel 3 XL.</strong> It will support other devices in the future, but
|
||||
devices are carefully chosen based on their merits rather than the project aiming to
|
||||
have broad device support. Broad device support is counter to the aims of the
|
||||
project, and the project will eventually be engaging in hardware and firmware level
|
||||
improvements rather than only offering suggestions and bug reports upstream for those
|
||||
areas. Much of the work on the project involves changes that are specific to different
|
||||
devices, and officially supported devices are the ones targeted by most of this
|
||||
ongoing work. GrapheneOS also has source level support without device-specific
|
||||
hardening for the Android emulator, HiKey, HiKey 960 and also generic targets
|
||||
providing basic support for many other devices.</p>
|
||||
<p>Devices need to be meet the standards of the project in order to be considered as
|
||||
potential targets. In addition to support for installing other operating systems,
|
||||
standard hardware-based security features like the hardware-backed keystores, verified
|
||||
boot, attestation and various hardware-based exploit mitigations need to be available.
|
||||
Devices also need to have decent integration of IOMMUs for isolating components such
|
||||
as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image
|
||||
processor, etc. as if the hardware / firmware support is missing or broken, there's
|
||||
not much that the OS can do to provide an alternative. Devices with support for
|
||||
alternative operating systems as an afterthought will not be considered. Devices need
|
||||
to have proper ongoing support for their firmware and software specific to the
|
||||
hardware like drivers in order to provide proper full security updates too. Devices
|
||||
that are end-of-life and no longer receiving these updates will not be supported.</p>
|
||||
<p>In order to support a device, the appropriate resources also need to be available
|
||||
and dedicated towards it. Releases for each supported device need to be robust and
|
||||
stable, with all standard functionality working properly and testing for each of the
|
||||
releases.</p>
|
||||
<p>Hardware, firmware and software specific to devices like drivers play a huge role
|
||||
in the overall security of a device. The goal of the project is not to slightly
|
||||
improve some aspects of insecure devices and supporting a broad set of devices would
|
||||
be directly counter to the values of the project. A lot of the low-level work also
|
||||
ends up being fairly tied to the hardware.</p>
|
||||
<p>Some of the GrapheneOS sub-projects support other operating systems on a broader
|
||||
range of devices. Device support for Auditor and AttestationServer is documented in
|
||||
the <a href="https://attestation.app/about">overview of those projects</a>. The
|
||||
<a href="https://github.com/GrapheneOS">hardened_malloc</a> project supports nearly
|
||||
any Linux-based environment due to official support for musl, glibc and Bionic along
|
||||
with easily added support for other environments. It can easily run on non-Linux-based
|
||||
operating systems too, and supporting some like HardenedBSD is planned but depends on
|
||||
contributors from those communities.</p>
|
||||
<p>See <a href="/faq#device-support">the FAQ section on device support</a>.</p>
|
||||
</div>
|
||||
<footer>
|
||||
<a href="/"><img src="https://grapheneos.org/logo.png" width="512" height="512" alt=""/>GrapheneOS</a>
|
||||
|
Loading…
x
Reference in New Issue
Block a user