security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
hakurei.app/static/index.html
Daniel Micay c6830bc624 explain device support
2019-05-02 10:29:08 -04:00

94 lines
6.5 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8"/>
<meta name="theme-color" content="#212121"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<meta name="description" content="GrapheneOS is a security and privacy focused mobile OS with Android app compatibility."/>
<title>GrapheneOS</title>
<link rel="stylesheet" href="/grapheneos.css?0"/>
<link rel="manifest" href="/manifest.webmanifest"/>
<link rel="canonical" href="https://grapheneos.org/"/>
</head>
<body>
<nav>
<ul>
<li class="active"><a href="/">GrapheneOS</a></li>
<li><a href="/install">Install</a></li>
<li><a href="/build">Build</a></li>
<li><a href="/releases">Releases</a></li>
<li><a href="/source">Source</a></li>
<li><a href="/donate">Donate</a></li>
<li><a href="/contact">Contact</a></li>
</ul>
</nav>
<div id="content">
<p><em>This page is a placeholder for this newly created site and will soon be
replaced with a proper explanation of the OS and the roadmap for it including evolving
beyond beyond being a hardened fork of the Android Open Source Project into an OS
without the Linux kernel at the core. There will also be proper documentation on using
the OS and coverage of relevant hardware, firmware and software security
topics.</em></p>
<p><em>Please bear in mind that this is only a preview of the project. It will become
drastically different and will support a broader range of devices beyond Pixels chosen
for their privacy and security properties including the availability of full security
updates (including for firmware), competitive hardware / firmware security and all of
the hardware-based security features (verified boot, attestation, exploit mitigations
and a lot more) being made available to alternative operating systems like Pixels.</em></p>
<h1>GrapheneOS</h1>
<p>GrapheneOS is an open source privacy and security focused mobile OS with Android
app compatibility. Many past features of the project still need to be ported to the
current releases. The project is in the 5th year of development and has been reborn as
a non-profit open source project not strongly associated with any specific company or
organization. It will take some time for the pieces to come into place turning it into
a much broader and more sustainable project with a strong development team. There are
multiple organizations and companies in the process of backing this new incarnation of
the hardened mobile OS project. Official Releases are available on the
<a href="/releases">releases page</a> and installation instructions are on the
<a href="/install">install page</a>.</p>
<p>See the <a href="https://github.com/GrapheneOS">GitHub organization</a> for sources
of the OS sub-projects including the cutting edge
<a href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">new
hardened memory allocator</a>.</p>
<p>The official GrapheneOS releases are supported by the
<a href="https://github.com/GrapheneOS/Auditor/releases">Auditor app</a> and
<a href="https://attestation.app/">attestation service</a> for hardware-based
attestation. For more details, see the <a
href="https://attestation.app/about">about page</a> and <a
href="https://attestation.app/tutorial">tutorial</a>. You can also extend these with
support for your own builds.</p>
<p>The sources are available via the
<a href="https://github.com/GrapheneOS/platform_manifest">manifest on GitHub</a>.</p>
<h2>Device support</h2>
<p>In the current early stage of the project, GrapheneOS provides production releases
for the Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3 and Pixel 3 XL. It will support
other devices in the future, but devices are carefully chosen based on their merits
rather than the project aiming to have broad device support. Broad device support is
counter to the aims of the project, and the project will eventually be engaging in
hardware and firmware level improvements rather than only offering suggestions and bug
reports upstream for those areas. Much of the work on the project involves changes
that are specific to different devices, and officially supported devices are the ones
targeted by most of this ongoing work. GrapheneOS also has source level support
without device-specific hardening for the Android emulator, HiKey, HiKey 960 and also
generic targets providing basic support for many other devices.</p>
<p>Devices need to be meet the standards of the project in order to be considered as
potential targets. In addition to support for installing other operating systems,
standard hardware-based security features like the hardware-backed keystores, verified
boot and attestation need to be available. Devices with support for alternative
operating systems as an afterthought will not be considered. Devices need to have
proper ongoing support for their firmware and software specific to the hardware like
drivers in order to provide proper full security updates too. Devices that are
end-of-life and no longer receiving these updates will not be supported.</p>
<p>In order to support a device, the appropriate resources also need to be available
and dedicated towards it. Releases for each supported device need to be robust and
stable, with all standard functionality working properly and testing for each of the
releases.</p>
<p>Hardware, firmware and software specific to devices like drivers play a huge role
in the overall security of a device. The goal of the project is not to slightly
improve some aspects of insecure devices and supporting a broad set of devices would
be directly counter to the values of the project. A lot of the low-level work also
ends up being fairly tied to the hardware.</p>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink