security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
hakurei.app/static/index.html
Daniel Micay 9d0302d526 further edits to history section
2020-04-11 00:03:33 -04:00

164 lines
11 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en" prefix="og: http://ogp.me/ns#">
<head>
<meta charset="utf-8"/>
<title>GrapheneOS</title>
<meta name="description" content="GrapheneOS is a security and privacy focused mobile OS with Android app compatibility."/>
<meta name="theme-color" content="#212121"/>
<meta name="msapplication-TileColor" content="#ffffff"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<meta name="twitter:site" content="@GrapheneOS"/>
<meta name="twitter:creator" content="@GrapheneOS"/>
<meta property="og:title" content="GrapheneOS"/>
<meta property="og:description" content="GrapheneOS is a security and privacy focused mobile OS with Android app compatibility."/>
<meta property="og:type" content="website"/>
<meta property="og:image" content="https://grapheneos.org/opengraph.png"/>
<meta property="og:image:width" content="512"/>
<meta property="og:image:height" content="512"/>
<meta property="og:image:alt" content="GrapheneOS logo"/>
<meta property="og:url" content="https://grapheneos.org/"/>
<meta property="og:site_name" content="GrapheneOS"/>
<link rel="icon" type="image/vnd.microsoft.icon" href="/favicon.ico"/>
<link rel="mask-icon" href="/mask-icon.svg" color="#1a1a1a"/>
<link rel="stylesheet" href="/grapheneos.css?18"/>
<link rel="manifest" href="/manifest.webmanifest"/>
<link rel="canonical" href="https://grapheneos.org/"/>
<script type="module" src="/redirect.js?6"></script>
</head>
<body>
<nav>
<ul>
<li class="active"><a href="/">GrapheneOS</a></li>
<li><a href="/install">Install</a></li>
<li><a href="/build">Build</a></li>
<li><a href="/usage">Usage</a></li>
<li><a href="/faq">FAQ</a></li>
<li><a href="/releases">Releases</a></li>
<li><a href="/source">Source</a></li>
<li><a href="/donate">Donate</a></li>
<li><a href="/contact">Contact</a></li>
</ul>
</nav>
<div id="content">
<h1 id="grapheneos">
<a href="#grapheneos">GrapheneOS</a>
</h1>
<p>GrapheneOS is an open source privacy and security focused mobile OS with Android
app compatibility. It's focused on the research and development of privacy and
security technology including substantial improvements to sandboxing, exploit
mitigations and the permission model. GrapheneOS also develops various apps and
services with a focus on privacy and security.</p>
<p>GrapheneOS is a collaborative open source project, not a company. It's used and
supported by a variety of companies and other organizations. It won't be closely tied
to any company in particular. There will eventually be a non-profit GrapheneOS
foundation, but for now the developers represent the project.</p>
<p>GrapheneOS has made substantial contributions to the privacy and security of the
Android Open Source Project, along with contributions to the Linux kernel, LLVM,
OpenBSD and other projects.</p>
<p>Official releases are available on the <a href="/releases">releases page</a> and
installation instructions are on the <a href="/install">install page</a>.</p>
<p>See the <a href="https://github.com/GrapheneOS">GitHub organization</a> for sources
of the OS and various standalone sub-projects including the cutting edge
<a href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">new
hardened memory allocator</a> and other projects.</p>
<p>The official GrapheneOS releases are supported by the
<a href="https://github.com/GrapheneOS/Auditor/releases">Auditor app</a> and
<a href="https://attestation.app/">attestation service</a> for hardware-based
attestation. For more details, see the <a
href="https://attestation.app/about">about page</a> and <a
href="https://attestation.app/tutorial">tutorial</a>. These also support other
operating systems.</p>
<h2 id="history">
<a href="#history">History</a>
</h2>
<p>GrapheneOS was founded by Daniel Micay in late 2014. It started as a solo project
incorporating his previous open source privacy/security work.</p>
<p>In late 2015, a company was incorporated which became the primary sponsor of the
project. The intention was to use the company to build a business around GrapheneOS
selling support, contract work and customized proprietary variants of the OS. The
company was supposed to serve the needs of the open source project, rather than vice
versa. It was explicitly agreed that GrapheneOS would remain independently owned and
controlled by Daniel Micay. The company failed to live up the promises and is no
longer associated in any way with GrapheneOS.</p>
<p>The former sponsor attempted to take over the project through coercion, but they
were rebuked. Since then, they've taken to fraudulently claiming ownership and
authorship of our work which has no basis in fact. The former sponsor has engaged in a
campaign of misinformation and harassment of contributors to the project. Be aware
that they are actively trying to sabotage it through any means necessary while
continuing to profit from our work.</p>
<p>The copyright for GrapheneOS code is entirely owned by the GrapheneOS developers
and is made available under OSI-approved Open Source licenses. The tiny portion of the
code written by people under contract with the former sponsor was removed from the
project due to the code becoming obsolete, long before it was known as GrapheneOS. The
code that remains from the previous era is entirely owned by Daniel Micay, was never
written under any contracts or employment agreements, was never assigned to any
company or organization and was the continuation of the original independent open
source project. The code was originally published under the same permissive open
source licenses that are used by GrapheneOS today and the copyright ownership is largely
irrelevant due to it being an open source project. The upstream licensing is inherited
for modifications to those projects and MIT licensing is used for our own standalone
projects. There was an era from September 2016 until the project split from the former
sponsor in mid 2018 where non-commercial usage licensing was used for revisions to the
existing open source code. This was an attempt to prop up the project's sponsor which
was not succeeding in building a business. The licensing was not the real problem and
GrapheneOS has gone back to the original open source licensing predating the misguided
sponsorship agreement. Code from that era not owned by Daniel Micay was omitted from
the project when it was ported to Android Oreo and rebranded as the AndroidHardening
project and then GrapheneOS. There is no code in GrapheneOS tainted by non-commercial
usage licensing. It was largely rewritten from scratch for Oreo and later and all the
portions based on earlier work are unquestionably owned by the developers who are free
to choose new licenses for the code.</p>
<p>This section was included here in response to the ongoing attacks on the project by
the former sponsor. It will be substantially expanded in the near future.</p>
<h2 id="roadmap">
<a href="#roadmap">Roadmap</a>
</h2>
<p>Details on the roadmap of the project will be posted on the site in the near
future.</p>
<p>To get an idea of the near term roadmap, check out the
<a href="/contact#reporting-issues">issue trackers</a>. The vast majority of the
issues filed in the trackers are planned enhancements, with care taken to make sure
all of the issues open in the tracker are concrete and actionable.</p>
<p>In the long term, it aims to move beyond a hardened fork of the Android Open
Source Project. Achieving the goals requires moving away from relying the Linux kernel
as the core of the OS and foundation of the security model. It needs to move towards a
microkernel-based model with a Linux compatibility layer, with many stepping stones
leading towards that goal including adopting virtualization-based isolation.</p>
<p>The initial phase for the long-term roadmap of moving away from the current
foundation will be to deploy and integrate a hypervisor like Xen to leverage it for
reinforcing existing security boundaries. Linux would be running inside the virtual
machines at this point, inside and outside of the sandboxes being reinforced. In the
longer term, Linux inside the sandboxes can be replaced with a compatibility layer
like gVisor, which would need to be ported to arm64 and given a new backend alongside
the existing KVM backend. Over the longer term, i.e. many years from now, Linux can
fade away completely and so can the usage of virtualization. The anticipation is that
many other projects are going to be interested in this kind of migration, so it's not
going to be solely a GrapheneOS project, as demonstrated by the current existence of
the gVisor project and various other projects working on virtualization deployments
for mobile. Having a hypervisor with verified boot still intact will also provide a
way to achieve some of the goals based on extensions to Trusted Execution Environment
(TEE) functionality even without having GrapheneOS hardware.</p>
<p>Hardware and firmware security are core parts of the project, but it's currently
limited to research and submitting suggestions and bug reports upstream. In the long
term, the project will need to move into the hardware space.</p>
<h2 id="device-support">
<a href="/faq#device-support">Device support</a>
</h2>
<p>See <a href="/faq#device-support">the FAQ section on device support</a>.</p>
</div>
<footer>
<a href="/"><img src="/logo.png" width="512" height="512" alt=""/>GrapheneOS</a>
<ul id="social">
<li><a href="https://twitter.com/GrapheneOS">Twitter</a></li>
<li><a href="https://github.com/GrapheneOS">GitHub</a></li>
<li><a href="https://reddit.com/r/GrapheneOS">Reddit</a></li>
</ul>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink