We provide an official list of hardware requirements based on current generation devices:

https://grapheneos.org/faq#future-devices

These are the current hardware features we consider important enough to be listed as mandatory requirements. They’re all current features, not planned/future ones.

Other than proper updates, the most important feature on the list is the ARMv9 Memory Tagging Extension (MTE) launched with the Pixel 8 and Pixel 8 Pro. MTE is currently exclusive to GrapheneOS since the stock Pixel OS only provides it as a development option with major caveats.

There are a lot of misconceptions about smartphone security including the widespread misconception that cellular radios aren’t isolated. Cellular radio isolation is one of the features on this list which is near universally available rather than Pixel exclusive like MTE support.

Cellular radio isolation was implemented on the first two devices we supported (Nexus 5 and Galaxy S4). Since we started, nearly all of the weaknesses discovered with cellular radio isolation have been OS bugs where an attacker could exploit a driver/service to compromise the OS.

We’ve never supported a device without cellular radio isolation. On the other hand, before Pixels, the devices other than the Nexus 5X lacked Wi-Fi radio isolation and gave it access to all memory. That issue has been solved on most smartphones but remains on laptops/desktops.

There are several niche phones with a cellular radio connected via USB marketed based on falsely claiming mainstream devices lack cellular radio isolation. USB protocol has a massive amount of attack surface and also allows acting as a keyboard, mouse, display, speaker, etc.

In reality, connecting a poorly supported, less secure radio via USB is much worse than the status quo.

Also, Snapdragon having cellular, Wi-Fi, Bluetooth and GNSS integrated into the main SoC doesn’t make it less isolated than Pixels using 3 separate radio chips from the SoC.

The only issues we have with Snapdragon are the lack of MTE support and their tendency to use their own proprietary approach to everything such as not using pKVM for virtualization, not using AOSP PSDS, not implementing SUPL in the OS, etc. Only the lack of MTE is a real blocker.

  • piracysails@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    10 months ago

    Fair phone would be best for graphene… They should step up their game, although they just plan to use their open fair phone os which is inferior to graphene…

    • KindnessInfinityOPM
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      Fairphone would need to meet the requirements for running grapheneOS … Hopefully someday they step and do such.