GrapheneOS attestation compatibility guide
grapheneos.org
Guide on using remote attestation in a way that's compatible with GrapheneOS.

cross-posted from: https://slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of ‘non-google’ approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.

Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that’s true or not…

  • @[email protected]English
    622 days ago

    It’s only officially supported on google phones because sadly those are the only ones that are not modified to fuck which makes installing and supporting other OS’es way too much work.

    Giving google money once for a device is not a problem from a privacy or security standpoint.

    • @[email protected]
      272 days ago

      That’s correct, but not the reason grapheneOS chooses only pixel phones. It’s the level of hardware security features.

      • @[email protected]
        102 days ago

        Also unlockable and presumably has well working builds. It’s not just graphene, but just about every Android project it there that’s best supported on pixels. Other manufacturers have a crazy variety of locking schemes and required tools. Each one is a nightmare to support.

        • @[email protected]
          142 days ago

          For GrapheneOS, it’s primarily that it’s re-lockable. That’s why other unlockable phones aren’t supported.

          The GrapheneOS install process sets new OS signing keys so you can lock the phone again and get full verified boot. However, most manufacturers haven’t implemented this feature.

          • @[email protected]English
            12 days ago

            What do you get, app/feature wise for verified boot vs. Play integrity app? Does it increase the amount of apps that work on it?

            • ladEnglish
              12 days ago

              I would guess that it allows to detect tampering if you have to give your phone to the security officers and they do or don’t do something with it without you present. I heard of such occurrences on the border, but this happens in other places and countries, too. Not sure if locked bootloader would help, though

    • @[email protected]English
      31 day ago

      Wish they’d at least support Fairphone.

      If Graphene reached out to them I bet Fairphone would even actively work with them to make it an official OS option.

    • @[email protected]
      32 days ago

      In the EU almost every phone has an unlockable bootloader, there just isn’t any roms or custom recoveries for a lot of them.

    • @MTK
      62 days ago

      Second hand, no money for them