Latest release of GrapheneOS finally shipped the long awaited duress PIN/password implementation. If you have a spare device, we recommend trying it out.

We’ve added initial documentation to the features page:

https://grapheneos.org/features#duress

It near instantly wipes and shuts down.

We’ve also finally added documentation on our USB-C port control to our features page:

https://grapheneos.org/features#usb-c-port-control

Most users can set this to “Charging-only when locked” without a loss of functionality or even “Charging-only” if you don’t use USB accessories, DisplayPort or MTP.

Default is “Charging-only when locked, except before first unlock” to avoid locking users out of devices with a broken touchscreen. The main threat model for this is defending the device until the auto-reboot timer started when the screen is locked gets user data back at rest.

Our upcoming 2-factor fingerprint unlock will make using a strong passphrase as primary unlock method practical via fingerprint+PIN secondary unlock instead of fingerprint-only. Great for people who want to avoid relying on secure element throttling but don’t want fp-only unlock.

  • @[email protected]
    link
    fedilink
    English
    16 months ago

    Use the duress pin feature along with Phone Lock app, which disables biometric login for next unlock on sudden gyro movement shock. Thus, enteing into pin/password only mode, where duress feature can be used easily.

    • @[email protected]OPM
      link
      fedilink
      English
      26 months ago

      Last time I checked, that app uses accessibility services, which are not recommended by the GOS project. As accessibility services greatly increases attack surface if any app using these services are compromised.