This page is a placeholder for this newly created site and will soon be replaced with a proper explanation of the OS and the roadmap for it including evolving beyond beyond being a hardened fork of the Android Open Source Project into an OS without the Linux kernel at the core. There will also be proper documentation on using the OS and coverage of relevant hardware, firmware and software security topics.
Please bear in mind that this is only a preview of the project. It will become drastically different and will support a broader range of devices beyond Pixels chosen for their privacy and security properties including the availability of full security updates (including for firmware), competitive hardware / firmware security and all of the hardware-based security features (verified boot, attestation, exploit mitigations and a lot more) being made available to alternative operating systems like Pixels.
GrapheneOS
GrapheneOS is an open source privacy and security focused mobile OS with Android app compatibility. Many past features of the project still need to be ported to the current releases. The project is in the 5th year of development and has been reborn as a non-profit open source project not strongly associated with any specific company or organization. It will take some time for the pieces to come into place turning it into a much broader and more sustainable project with a strong development team. There are multiple organizations and companies in the process of backing this new incarnation of the hardened mobile OS project. Official Releases are available on the releases page and installation instructions are on the install page.
See the GitHub organization for sources of the OS sub-projects including the cutting edge new hardened memory allocator.
The official GrapheneOS releases are supported by the Auditor app and attestation service for hardware-based attestation. For more details, see the about page and tutorial. You can also extend these with support for your own builds.
The sources are available via the manifest on GitHub.
Device support
In the current early stage of the project, GrapheneOS provides production releases for the Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3 and Pixel 3 XL. It will support other devices in the future, but devices are carefully chosen based on their merits rather than the project aiming to have broad device support. Broad device support is counter to the aims of the project, and the project will eventually be engaging in hardware and firmware level improvements rather than only offering suggestions and bug reports upstream for those areas. Much of the work on the project involves changes that are specific to different devices, and officially supported devices are the ones targeted by most of this ongoing work. GrapheneOS also has source level support without device-specific hardening for the Android emulator, HiKey, HiKey 960 and also generic targets providing basic support for many other devices.
Devices need to be meet the standards of the project in order to be considered as potential targets. In addition to support for installing other operating systems, standard hardware-based security features like the hardware-backed keystores, verified boot, attestation and various hardware-based exploit mitigations need to be available. Devices with support for alternative operating systems as an afterthought will not be considered. Devices need to have proper ongoing support for their firmware and software specific to the hardware like drivers in order to provide proper full security updates too. Devices that are end-of-life and no longer receiving these updates will not be supported.
In order to support a device, the appropriate resources also need to be available and dedicated towards it. Releases for each supported device need to be robust and stable, with all standard functionality working properly and testing for each of the releases.
Hardware, firmware and software specific to devices like drivers play a huge role in the overall security of a device. The goal of the project is not to slightly improve some aspects of insecure devices and supporting a broad set of devices would be directly counter to the values of the project. A lot of the low-level work also ends up being fairly tied to the hardware.