From baffdc4ec8fb6a8aed495ea93692dcb73955dcd4 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Wed, 30 Dec 2020 23:53:55 -0500 Subject: [PATCH] move related topics together in the FAQ --- static/faq.html | 136 ++++++++++++++++++++++++------------------------ 1 file changed, 68 insertions(+), 68 deletions(-) diff --git a/static/faq.html b/static/faq.html index caf07794..9ec72ec1 100644 --- a/static/faq.html +++ b/static/faq.html @@ -113,12 +113,12 @@
  • What features does GrapheneOS implement?
  • Does GrapheneOS provide Factory Reset Protection?
  • Why aren't my favorite apps bundled with GrapheneOS?
    • -
  • Who owns the GrapheneOS code and how is it licensed?
    • -
  • What about the GrapheneOS name and logo?
  • What is the roadmap for GrapheneOS?
    • -
  • Will GrapheneOS create a company?
  • How do I install GrapheneOS?
  • How do I build GrapheneOS?
    • +
  • Will GrapheneOS create a company?
    • +
  • Who owns the GrapheneOS code and how is it licensed?
    • +
  • What about the GrapheneOS name and logo?
    • @@ -1037,6 +1037,71 @@ down devices.

    +
    +

    What is the roadmap for GrapheneOS?

    + +

    To get an idea of the near term roadmap, check out the + issue trackers. The vast majority of the + issues filed in the trackers are planned enhancements, with care taken to make sure + all of the issues open in the tracker are concrete and actionable.

    + +

    In the long term, GrapheneOS aims to move beyond a hardened fork of the Android + Open Source Project. Achieving the goals requires moving away from relying on the Linux + kernel as the core of the OS and foundation of the security model. It needs to move + towards a microkernel-based model with a Linux compatibility layer, with many stepping + stones leading towards that goal including adopting virtualization-based + isolation.

    + +

    The initial phase for the long-term roadmap of moving away from the current + foundation will be to deploy and integrate a hypervisor like Xen to leverage it for + reinforcing existing security boundaries. Linux would be running inside the virtual + machines at this point, inside and outside of the sandboxes being reinforced. In the + longer term, Linux inside the sandboxes can be replaced with a compatibility layer + like gVisor, which would need to be ported to arm64 and given a new backend alongside + the existing KVM backend. Over the longer term, i.e. many years from now, Linux can + fade away completely and so can the usage of virtualization. The anticipation is that + many other projects are going to be interested in this kind of migration, so it's not + going to be solely a GrapheneOS project, as demonstrated by the current existence of + the gVisor project and various other projects working on virtualization deployments + for mobile. Having a hypervisor with verified boot still intact will also provide a + way to achieve some of the goals based on extensions to Trusted Execution Environment + (TEE) functionality even without having GrapheneOS hardware.

    + +

    Hardware and firmware security are core parts of the project, but it's currently + limited to research and submitting suggestions and bug reports upstream. In the long + term, the project will need to move into the hardware space.

    +
    + +
    +

    How do I install GrapheneOS?

    + +

    Follow the official GrapheneOS installation guide. Third + party installation guides tend to be out-of-date and often contain misguided + advice and errors. If you have trouble with the installation process, ask for help + from the #grapheneos Matrix / IRC channel.

    +
    + +
    +

    How do I build GrapheneOS?

    + +

    Follow the official GrapheneOS building guide. Third party + build guides tend to be out-of-date and often contain misguided advice and errors. + If you have trouble with the build process, ask for help from the + #grapheneos Matrix / IRC channel.

    +
    + +
    +

    Will GrapheneOS create a company?

    + +

    No, GrapheneOS will remain a non-profit open source project / organization. It + will remain an independent organization not strongly associated with any specific + company. We partner with a variety of companies and other organizations, and we're + interested in more partnerships in the future. Keeping it as an non-profit avoids + the conflicts of interest created by a profit-based model. It allows us to focus + on improving privacy/security without struggling to build a viable business model + that's not in conflict with the success of the open source project.

    +
    + - -
    -

    What is the roadmap for GrapheneOS?

    - -

    To get an idea of the near term roadmap, check out the - issue trackers. The vast majority of the - issues filed in the trackers are planned enhancements, with care taken to make sure - all of the issues open in the tracker are concrete and actionable.

    - -

    In the long term, GrapheneOS aims to move beyond a hardened fork of the Android - Open Source Project. Achieving the goals requires moving away from relying on the Linux - kernel as the core of the OS and foundation of the security model. It needs to move - towards a microkernel-based model with a Linux compatibility layer, with many stepping - stones leading towards that goal including adopting virtualization-based - isolation.

    - -

    The initial phase for the long-term roadmap of moving away from the current - foundation will be to deploy and integrate a hypervisor like Xen to leverage it for - reinforcing existing security boundaries. Linux would be running inside the virtual - machines at this point, inside and outside of the sandboxes being reinforced. In the - longer term, Linux inside the sandboxes can be replaced with a compatibility layer - like gVisor, which would need to be ported to arm64 and given a new backend alongside - the existing KVM backend. Over the longer term, i.e. many years from now, Linux can - fade away completely and so can the usage of virtualization. The anticipation is that - many other projects are going to be interested in this kind of migration, so it's not - going to be solely a GrapheneOS project, as demonstrated by the current existence of - the gVisor project and various other projects working on virtualization deployments - for mobile. Having a hypervisor with verified boot still intact will also provide a - way to achieve some of the goals based on extensions to Trusted Execution Environment - (TEE) functionality even without having GrapheneOS hardware.

    - -

    Hardware and firmware security are core parts of the project, but it's currently - limited to research and submitting suggestions and bug reports upstream. In the long - term, the project will need to move into the hardware space.

    -
    - -
    -

    Will GrapheneOS create a company?

    - -

    No, GrapheneOS will remain a non-profit open source project / organization. It - will remain an independent organization not strongly associated with any specific - company. We partner with a variety of companies and other organizations, and we're - interested in more partnerships in the future. Keeping it as an non-profit avoids - the conflicts of interest created by a profit-based model. It allows us to focus - on improving privacy/security without struggling to build a viable business model - that's not in conflict with the success of the open source project.

    -
    - -
    -

    How do I install GrapheneOS?

    - -

    Follow the official GrapheneOS installation guide. Third - party installation guides tend to be out-of-date and often contain misguided - advice and errors. If you have trouble with the installation process, ask for help - from the #grapheneos Matrix / IRC channel.

    -
    - -
    -

    How do I build GrapheneOS?

    - -

    Follow the official GrapheneOS building guide. Third party - build guides tend to be out-of-date and often contain misguided advice and errors. - If you have trouble with the build process, ask for help from the - #grapheneos Matrix / IRC channel.

    -