bonerdose: it would be more accurate to say filesystem-based encryption vs. block-based encryption

and filesystem-based encryption can have different keys for different files / directories

so for example it was per-profile encryption keys for user data

and it has support for device-encrypted data which for example the Updater app explicitly opts into using so that it can perform updates without being logged into a profile

what about criticism re: fbe leaking metadata?

I think the metadata itself I think is padded to disguise its length, and then is itself encrypted. I think something to the effect that Hash-Encrypt-Hash addresses the issue of some of the directory names turning out the same the way.

Which I think might have been a problem with Counter.

But I'm not sure.

isn't it also encrypted? source.android.com/security/encryption/metadata

Yes, AES-256-HEH on the newer handsets if I recall right.

I saw some news

It is only for ROMs that include google apps anyway?

greenmoon: not relevant

hardware-based attestation works perfectly for alternate OSes

obviously the verified boot key fingerprint it reports does not match the one for the stock OS

why would you expect it to be any different?

Right

> This is pretty much death penalty for root and custom ROM users who still uses Google Play Services and expect things to work like it used to be.

and... 0 impact for GrapheneOS users

hardware-based attestation is a feature on GrapheneOS (Auditor)

we don't have Play Services, there's no SafetyNet attestation to fail

if apps have a hard dependency on Play Services they don't work

if people want apps to work the app devs need to care about them working without Play Services

I wonder if more and more apps require safetynet? All my apps work fine whiteout it. I hope they don't force it at some point.

baseline Android doesn't have Play Services

greenmoon: if the app doesn't have a hard dependency on Play Services

this isn't relevant

this is not at all relevant to GrapheneOS

<greenmoon[m] "I wonder if more and more apps r"> In my personal experience only really shitty (subjective) games and banking apps verify with SafetyNet. Not even my bank requires it and I can use their app just fine on GrapheneOS. Sad to say but if you must bank on your phone, just use the webapp.

Mario Go would like a word with you

I mean I play Ingress, but I just repurposed my old phone to keep playing it.

Ingress refuses to load even if CTS profile fails on SafetyNet, so I said screw it and just reverted my old OnePlus 3T to stock and relocked the bootloader to play it.

Isn't Ingress Google's spy platform?

<cn3m[m] "Isn't Ingress Google's spy platf"> Yes and no, by technicality. Niantic Labs *was* a subdivision of Google before they became their own startup in 2017(?).

Im more worried that they turn it on for all gplay apps and so they all become impossible to use without safetynet but I'm off topic I guess.

it's not relevant because SafetyNet is a Play Services API

greenmoon: doesn't make any sense

Good to know!

this is only relevant to people trying to bypass SafetyNet attestation and SafetyNet is a Play Services component

it is not relevant to GrapheneOS

and SafetyNet attestation should have been using hardware-based attestation when available years ago

it took them a really long time to get it deployed

it wasn't particularly useful before

still in the process of it being deployed

it is not a bad thing that they improved it to use the hardware support

people who were thinking they could keep trivially bypassing it are just uninformed and unimaginative, couldn't connect the dots that hardware-based attestation added in Android 7 would be used for SafetyNet attestation

not sure why that's such a surprise

we were talking about it years ago and adopted it to implement Auditor although with a pairing-based approach that offers a lot more security than using the root of trust

interesting

they don't want to get hit with anti-trust suits

it was hard for them to adopt it because they need full compatibility with all the screwed up hardware and devices that predated it

and all they're doing with it is verifying based on the root of trust

not very interesting from an actual security perspective

just for basic anti-fraud etc

SafetyNet is useful for anti-cheat / anti-fraud and DRM for media, etc.

* SafetyNet attestation is useful for anti-cheat / anti-fraud and DRM for media, etc.

the lower-level hardware-based attestation API it uses has much broader uses since it can provide much stronger security properties

depending on how it's used

SafetyNet attestation is only the lowest common denominator of that + the userspace checks it does (which weren't really ever very useful and are even less useful now that it has a real attestation implementation to use)

if an app cares about working without Play Services and wants attestation they can get STRONGER attestation than what is provided via Play Services without using Play Services

and they can support any aftermarket OSes that they choose to support

so really, as I said before, this has no relevance to GrapheneOS

apps with a hard dependency on Play Services have never worked on GrapheneOS

there is no change

and if apps want attestation they do not have to use Play Services to get it

in fact they do better by using the lower-level API

so why does google implement a safetynet api when its already exposed via android?

is this one of those preferential design pattern that's deliberately meant to improve coupling of android and play services?

SafetyNet attestation predates support for hardware-based attestation

ok ^ seals the deal for me

hardware-based attestation is guaranteed to be supported for devices launched with Android 8+

SafetyNet attestation is much older

and has only recently learned to use the hardware support to be a more meaningful feature

renlord: basically if apps care about working without Play Services they have a SUPERIOR AOSP API available

renlord: and the AOSP API fully supports alternate OSes

although apps would have to explicitly choose to support the yellow boot state with specific whitelisted verified boot keys (like ours)

renlord: I don't really see this as any kind of problem for us

real problems are things like U2F / FIDO2 support being implemented in Play Services instead of AOSP

and maybe we can get those things fixed

if apps WANT to use Google services with a hard dependency on them then not much we can do about that

i think its mostly just a convenience factor for app developers

if devices without Play Services become more widely used

app developers will care more

My company asked me to suggest a secure phone + OS and I recommended Pixel + Graphene after doing a bit of auditing. Thanks strcat for all your work.

Needless to say, we are testing it out right now and they will make a donation when they decide to confirm the usage.

hello

thank you developers :)

Woah. Neat. I love when Graphene is used for enterprise usage.

Hey I just want to give you an update. I fixed the display bug. All I had to do was close developer options after I was done tweaking a few settings in there. Just an update I wanted to put out there.

jknsec: haha yes

I have been using it since the C word days

And obviously continued using Daniel's work later

defconanon010102: what bug was this?

If it's 3A or 4, never mind

alicebobandeve: I am running Graphene on 3a XL. So you are good.

Ah

I should switch but I don't like the 3A

I'll buy the 5

I'm waiting whatever the pixel released on May 2022

Well, just a heads up that google store discontinued 3a(XL) recently, so their support ends on May 2022

* I'm waiting whatever pixel is released on May 2022 (assuming the project is still alive by then)

Nice. I'll wait for a used Pixel 5.

* Well, just a heads up that google store discontinued 3a(XL) recently, so their support ends on May 2022 (since +18 months from now will end before May 2022)

sheruleeya: I already know and still preparing for that day. Most likely going to get the Pixel 5. Thanks for the info though.

* Well, just a heads up that google store discontinued 3a(XL) recently, so their support ends on May 2022 (since +18 months from now will end before May 2022, and the support is either 3 years or +18 months after the last phone sold on the google store)

If lucky enough, maybe 3 would have a longer support than 3a

* If lucky enough, maybe 3 would have a longer support than 3a, if and only if the last 3 on google store will be sold later than Oct of this month

"Pixel phones get security updates for at least 3 years from when the device first became available on the Google Store in the US.

If the duration is longer, Pixel 3, Pixel 2, and Pixel (2016) phones get security updates for at least 18 months from when the Google Store last sold the device."

* If lucky enough, maybe 3 would have a longer support than 3a, if and only if the last 3 on google store will be sold later than Oct of this year

sheruleeya: End of support life usually varies so who knows that would be great though.

tap tap Is this thing on?

Okay, read indicators. Nice.

Ahoy pacobell[m]. What can I do for you?

Hate read indicators

You can switch them off if you like, after which your client won't honour them.

<alicebobandeve[m "Hate read indicators"> Eh, it's relatively unobtrusive for me.

TheJollyRoger: you still up?

I can understand the privacy aspect, tho.

pacobell: I did, they still suck

Shouldn't have been in, in the first place

That's certainly an opinion.

anupritaisno1[m]: yes, I'm still up.

True, like paco instead of taco

So I've read Micay doesn't believe that holding battery charge at 100% for prolonged periods of time negatively affects battery longevity. Is that opinion because he doesn't plan on supporting GOS longer than a couple years, anyway? Because Apple certainly believes that about their mobile products enough to bake advanced battery management into their OS.

<pacobell[m] "So I've read Micay doesn't belie"> Supporting on a specific device, that is.

Namely this bit: "if you store it fully charged for an extended period of time, the battery may lose some capacity, leading to shorter battery life."

<pacobell[m] "So I've read Micay doesn't belie"> Actually I share similar opinions

The reason is simple

I ask because before flashing GOS I was using a root script to automatically cut charging to the phone after about 80% and run directly from external power until unplugged.

Your battery really never charges to 100%

Obviously, he doesn't believe in root on GOS.

pacobell[m]: If I recall right the device's firmware will automatically manage battery levels for optimal life.

Probably much better than manual intervention can; it's not 2003 anymore.

Mine clearly doesn't on my Pixel 2 XL. I've empirically tested my battery capacity and it's less than 80% of nominal.

Well there's a so-called cut off voltage

When you reach 100% you're not actually reaching 100%

Yes, but it's my opinion that the cutoff voltage is still too high.

As always your mileage can vary. High temperature and repeated deep discharging can damage the battery's ability to hold a charge.

You're reaching the cut off voltage

From there the battery manager does this thing called trickle charging

I would gladly trade off less battery life for more battery longevity (assuming the underlying OS support is still there).

Now how it is done is OEM defined

Yeah, I know all that.

That's why I forced charging to cut off at a predefined level of my choosing with root.

Typically it lowers voltage from charger, waits for voltage to drop to a threshold below the cut off and then charges again until the cut off is reached

It does so an OEM specified number of times and then disconnects the charger for good

But since it is tracking voltage by the time the charger is cut off you're nowhere close to 100%

Oh? I didn't know about the backoff counter. That's interesting.

You're closer to 90%

Meh, even 90% is too high for my liking.

I just never disconnect

people need to update the studies

So, that device isn't your "daily driver", I'm assuming?

<cn3m[m] "people need to update the studie"> I'm all ears if you've got better data.

anupritaisno1: interesting, same time as my clock

Even journals as current as this year seems back the historical longevity claims.

Also, this is good info, wasn't aware about the battery manager's bit, thanks.

Unless there was some breakthrough in lithium cell technology I'm not aware of that's been implemented in phones in the past couple years.

<pacobell[m] "So, that device isn't your "dail"> It is

The disconnect 11 hours ago was for a system update

there's a reasonable assumption that by the time the battery life is expired, vendor support for your device expires too and you should be due to buy a new phone

<renlord "there's a reasonable assumption "> I soundly reject that assumption. We need less e-waste, not more.

I just wish it were easier to battery-swap my battery without running the AMOLED display.

<pacobell[m] "I soundly reject that assumption"> Just keep your battery always connected then

So much strong adhesive in my model.

You can't have battery wear if it doesn't discharge

pacobell[m]: if everyone had your mindset, then there'd have been zero incentive to develop anything beyond 2g

BTW if you're curious

renlord: Apples and oranges. 3G was actually usable. :)

I thought dendritic growth still happens above a certain voltage level?

Oneplus does battery replacements for 6 year old phones if you're in the EU

Outside the EU they'll do it but the import costs are high and it might take months to get a battery but you'll get it

<renlord "pacobell: if everyone had your m"> I'm happy to upgrade to newer radio tech, if it makes sense. Just like I don't believe jumping to 5G makes much sense right now.

If only they did 6 years of security updates

This is very interesting about the battery but what if you can't always keep it connected and need to take it work? Is the inevitable just going to happen where you need to replace it? anupritaisno1

That's the rub, isn't it?

<cn3m[m] "If only they did 6 years of secu"> Still waiting for an Android with >5 years of updates

Yaaaaas!

* Still waiting for an Android (phone) with >5 years of updates

<sheruleeya[m] "Still waiting for an Android wit"> Project Sandcastle

<cn3m[m] "If only they did 6 years of secu"> They just mooch security off Qualcomm

(kidding)

Oneplus doesn't do any security itself

Do PC vendors support their Secure Enclaves that long?

When Qualcomm goes they go

<pacobell[m] "Do PC vendors support their Secu"> yes look at Apple

T1 and OG SEP

Every month they'll do select cherry-picks from AOSP and Qualcomm and that's it

Then it's the SoC vendors' fault.

<anupritaisno1[m] "When Qualcomm goes they go"> I'd hate to see a MediaTek OP

Okay why is riotx lagging

ok i think we should stop, its going off-topic

But riot is fine

anupritaisno1[m]: I get the riotx lagging too, if I type more than 5 lines into buffer. If that happens I have to force stop RiotX and restart it.

Google really should be in charge of their own silicon. But then again, they've been historically horrible at long-term support, at least with software projects.

<cn3m[m] "I'd hate to see a MediaTek OP"> It exists and there's no kernel source

Yeah, just a last one to sneak in. Who's that anime (?) character on anupritaisno1's avatar?

Huh

anupritaisno1: Did you see my message?

<pacobell[m] "Google really should be in charg"> no please no

Google doesn't care about custom verified boot keys

Qualcomm does

Google just keeps it stock

<cn3m[m] "Qualcomm does"> Oh.

<cn3m[m] "Google doesn't care about custom"> And yet, they allow it on Pixels?

<madaidan[m] "> <@madaidan.:matrix.org> The sy"> thanks!

* Yeah, just a last one to sneak in. Who's that anime (?) character on anupritaisno1's avatar?

It does seem to be from Touhou at first sight

Qualcomm makes the bootloader for everything and it's open source people fork it and remove it

Welp I will take my phone to a repair place or open it up myself and replace the battery.

Google doesn't forbid custom verified boot keys since they don't go out of their way

if they care Pixelbooks would support it

What makes you think their bespoke ARM implementation wouldn't be any different?

they don't

Well it seems every other OEM fucks it up if not intending to break it

<cn3m[m] "if they care Pixelbooks would su"> Yeah, which is why we don't have a desktop equivalent of GrapheneOS yet

<JTL "Well it seems every other OEM fu"> Google wants Pixels to be the stock Android experience. The stock bootloader is important to that vision

Fair

I was hoping Android One would be better in this department but alas it isn't

Eh, I've modded the bootloader on my Taimen loads of times. It just shows a scary warning every time I boot.

Google I wouldn't be shocked at all if Pixels with Google chips were the end of Pixels running GrapheneOS

> <@sheruleeya:matrix.org> * Yeah, just a last one to sneak in. Who's that anime (?) character on anupritaisno1's avatar?

> It does seem to be from Touhou at first sight

Yuki nagato, from the disappearance of haruhi suzumiya. Taken exactly at the end of the movie when she looks up to kyon's open threat to the data integration thought entity

Perhaps.

Hopefully someday we have our own "reference" hardware at some point

<anupritaisno1[m] "> <@sheruleeya:matrix.org> * Yea"> Or well due to it

I'm really hoping for a RISC-V phone 😁

Compete with the ARM hegemony.

<anupritaisno1[m] "> <@sheruleeya:matrix.org> * Yea"> It's surprisingly relevant

<sheruleeya[m] "It's surprisingly relevant "> 👍

Oh, I do have another concern. When I was transitioning from stock Google to GOS, I was really hoping there would be an easy way to migrate my app data. I still have a nandroid backup in case I need to flash back to stock, but GOS has that Seedvault-based system. Is there an app or root framework available for Stock to make it compatible with GOS?

I also backed up all apps with Titanium, but that relies on root to restore.

pacobell: use adb backup

You know that's going away soon, as per Google mandate?

It's not gone yet.

I'd rather commit to a backup regime that's got longer-term legs.

If Seedvault is it, let's do that.

Yes, GrapheneOS has Seedvault.

But how do I do a Seedvault backup on Stock?

I've got crypto seeds I need to maintain.

anupritaisno1: I am going to assume your RiotX is lagging pretty bad but it is fine.

use adb to transition over

use seedvault to move between Graphene/Calyx

* It's surprisingly relevant, and thanks.

So enjoy it while it lasts, huh?

I was really hoping there would be a roadmap of some sort when adb officially sunsets that feature.

<pacobell[m] "I've got crypto seeds I need to "> Syncthing

Yeah, there's always that.

Still, it's tied to the app storage, which GOS won't let me touch without Seedvault.

PC?

When I say "crypto", I don't mean "crypto currency" 😏

pacobell: yes

Did you read my username lol?

Keep copies

I'm glad you get it 😂

The bugaboo is how to restore it to GOS using "proper channels".

I don't think there's another way apart from the ones mentioned

The whole "no root" thing is a huge usability hassle.

App-accessible Root is an antifeature. On Android, only init and a few other system processes required to get the kernel into memory should have root-equivalent access.

Normally, Titanium would be a one and done. This adds a new wrinkle.

Otherwise, say hello to a single clickjacking exploit being able to take control of the entire phone, and goodbye to verified boot.

Yes, I get free security argument. Doesn't lessen the backup pain point, tho.

adb backup is fine

Oh well, if this is the momentary state of the industry, I guess I had no choice.

if you restored it by hand you'd just end up with a screwed up state

are you going to manually set proper SELinux labels etc? no

you'll just leave an insecure / broken mess where stuff isn't migrated properly

so it's good you can't do it since you don't actually know how

I don't know it's even a good idea to do a full adb backup / adb restore

less of a problem with stock -> GrapheneOS than other cases since most things are pretty close

dunno why you're saying that adb backup is going away, I think you misunderstand what deprecated means

Historically, that has meant software dropping the feature in a couple generations.

That was hinted at last year. I give it another year before it officially breaks with Android 12.

seedvault covers the same data

That's good. Now is there a way to get Seedvault to backup on Stock?

no and backups are not necessarily compatible across stock and GrapheneOS

they are different OSes

we don't have Play Services

apps do different things without Play

their data isn't necessarily compatible

I'm okay with apps breaking due to GOS.

if you restore an app's data from where it had Play Services

*GPS.

the data will already have state from using Play

pacobell: it would be from restoring incompatible data

the stock OS doesn't have seedvault so it can't restore seedvault backups

I just uninstall those that have that dependency. Already had to do that for a few of them.

I'm not talking about apps with a dependency on Play Services

* I'm not talking about apps with a hard dependency on Play Services

I'm talking about apps that use it when available and do things differently when it's not

I see. That's a valid concern.

I would just not use that app, then.

backups are fairly compatible between devices with the same OS because apps are supposed to disable backing up files

that are device-specific

Yeah, some camera apps rely on certain Pixel hardware features.

you definitely couldn't just restore stuff based on raw files

we use different SELinux policy etc. than stock

Although, Google hasn't really been using their PVC for much other than HDR+ lately. It could've been so much more.

<strcat[m] "we use different SELinux policy "> Gotcha. That's definitely a showstopper.

we won't have that on custom hw anyway

Eh, I've just resigned myself to installing stuff from F-Droid/Aurora that don't have the Play Services dependency. It's been difficult, tho. Waze barely works, for instance.

I was surprised Google Maps even functions as well as it does.

Oh yeah, I did the Bad Thing ™️ and ran microG. Spank me.

<pacobell[m] "Eh, I've just resigned myself to"> There are a lot of apps that works on GOS, even with the play services dependency

<dorrimi23[m] "There are a lot of apps that wor"> Yup, to varying degrees of "working".

I was relieved that GBoard was among those. Gotta have my reliable glide typing 😁

Yes, you dont really know until you try them

Hmm, I'll have to check the Anova app to see it it'll still connect to my sous vide machine.

I'm okay without the Wi-Fi functionally, but it's nice to be able to send recipe instructions wirelessly.

Dunno if the device takes commands over he Internet. That's fraught with danger 😂

At least it's got auto-shutoff when the water level gets too low (I hope).

*pls let there not be an exploitable firmware vuln! 😣

Cue obligatory @internetofshit

Gotta say, Cloudflare has become much more tolerable on Tor after they made the switch to hCaptcha from reCaptcha.

Dunno what that means for their earlier blinded token project, tho.

pacobell: was some recent discussion about using seedvault when its not signed with the platform keys stevesoltys/seedvault #20

Ah, someone asked "how does Google do it" and then they said it's possible to make Seedvault platform key agnostic.

But I doubt GOS would approve of that.

pacobell: GrapheneOS has seedvault.

Yes, but not platform key agnostic.

It would upend the security model.

I was thinking about working out a way to slip seedvault onto stock

So you could get seedvault backups out

That'd be greatly appreciated.

Would be nice if someone figured that out. Would make seedvault much more popular

Oops. Look at the time. Gotta wake myself at the ass crack of dawn if I'm to beat the traffic this morning.

Night

Cya all.

Hi here, I search a Google translate replacement where I can Highlight a word then send to a translate thing

> Oh yeah, I did the Bad Thing ™️ and ran microG. Spank me.

Running grapheneOS with unlocked bootloader and/or root? I think that you missed the whole point.

* > Oh yeah, I did the Bad Thing ™️ and ran microG. Spank me.

Running grapheneOS with unlocked bootloader and/or root? I think that you missed the whole point. Go for calyxOS/rattlesnakeOS if you want microG or just use a standard custom rom if you want unlocked bootloader

more BS from this guy

lol.

strcat (@strcat:matrix.org): I need status on that PR

I need to start merging LTS stuff soon

these ppl have all day to spend spreading misinformation and wasting people's time

causing harm to people who actually wanted help

anupritaisno1: did you remove the x86 stuff

Yes

Removed the cr4 commit

strcat: sorry you have to deal with this stuff :/

anupritaisno1: remove the audit one too, not relevant

since we use audit

anupritaisno1: and drop GrapheneOS/kernel_google_coral #2/commits/2bbdd6314f4cc71c36daf97fc4284f40829eafc8 it's x86

anupritaisno1: and can drop the userns stuff because CONFIG_USER_NS is disabled

<strcat[m] "reddit.com/r/privacy"> Sim jacking, sim cloning, he tried to use all possible buzzwords. It's not like you can use a tool, enter a phone number and you have successfully completed sim jacking lol.

just want to get it down to a minimal amount

alicebobandeve: I'm also not sure what that has to do with mobile phone security

alicebobandeve: you can use cellular with other devices

the security of your CELLULAR CARRIER ACCOUNT is a separate thing

^^

<strcat[m] "anupritaisno1: and drop https://"> It's dropped

and yeah you should not use SMS or traditional phone calls for security relevant stuff

especially securing accounts with SMS, etc. like people often do

strcat: yep, doesn't make sense at all. That guy needs to visit HN to get thrashed left right and center.

but I am not sure what that has to do with phone security

alicebobandeve: these people just churn out nonsense / bullshit

that sounds appealing to clueless people

strcat: dropped it anything else?

strcat[m]: Unfortunatly some services are that incompetent offering that as an only option, but that's a different topic

they are good at writing in a way that sounds authoritative despite knowing very little and just repeating stuff they don't really understand

anupritaisno1: did you drop the CLONE_NEWUSER one?

github makes it really hard to review PRs

strcat: they basically try and sound so confident that any naive person feels like omg this guy is so smart

anupritaisno1: GrapheneOS/kernel_google_coral #2/commits/a327281722e8b0d7126f04574dd76776397db38c drop this

since we have !USER_NS

alicebobandeve: yeah and since they do nothing of value they can spend all their time spreading misinformation

shrug

Makes my head hurt, fuck it. I'm not ruining my day. strcat

I want to research with my time I am not working or even get into coding

anupritaisno1: I could cherry-pick over the commits that are definitely wanted

to start working through it

fighting misinfo takes all that free time

It is absurd

I blame youtubers

cn3m: yep, no point

anupritaisno1: btw at some point there was a script

to create a source tree of only the code that's used

so then you can see which stuff is definitely not relevant really trivially

strcat: dropped clone newuser

Riot is lagging

anupritaisno1: can drop GrapheneOS/kernel_google_coral #2/commits/c914a2bd2f26dadb98cb8ff234268ffa89768478 too since we always use audit and it really only exists because Arch Linux wanted to disable it by default and have people enable it

via kernel cmdline

anupritaisno1: it's kinda a bug fix

it should really go upstream

<strcat[m] "so then you can see which stuff "> sysctl.c will alsats be recompiled so that script not very useful

strcat: dropped that one

* sysctl.c will always be recompiled so that script not very useful

Actually, unemployment does this. People have way too much time on their hands to talk about shit they have no idea about, there's also a term in psychiatry for this. Also the whole covid situation is bringing all the depressed people to the yard and they basically just want to impress people on the internet.

Going to try clearing my riotx caches

Nope still terrible lag

I can't type more than 2-3 sentences on riotx before it crashes or slows down

strcat (@strcat:matrix.org): anyway anything else?

some of the stuff is set in init so need to think about which is really needed

the mmap entropy changes are useful because they impact init before it sets that up

but for example init already sets kptr_restrict to max value (it sets it to 2 then 3 then 4 to use max supported)

<strcat[m] "some of the stuff is set in init"> You've incorrectly set this one to 1 in init GrapheneOS/kernel_google_coral #2/commits/4d6923e893f28b955b3164c0499d91e3ab7f3b82

what do you mean

Protected fifos, regular should be 2

it's set to 2

it was set to 1 a while ago but it's set to 2 now

can see in the changelog

just had to do it incrementally to make it easier to narrow down problems that occurred

Sorry referred to an older source version

Just saw this claim that Samsung Note9 supports verified boot with alternative OS nitter.net/gaabrielvelloso/status/1278854047299182592

no Knox bit shenanigans?

> I've relocked bootloader on my Note9 and cts goes ok... Knox is tripped but OEM unlock unticked...

if true that's :|

cn3m looked thru a big part of that XDA thread but didnt find anything, did you?

they're saying they relocked with the stock OS

and by "CTS" they mean SafetyNet passes

Ah

it's one hint people have no fucking clue what they're talking about

so

yeah I was skeptical too

Rightly so

<dazinism "cn3m looked thru a big part of t"> oh that s10e?

I found 2 references, but they weren't clear

SafetyNet matches devices to the profile for when they were approved (their Compatibility Test Suite certification)

so SafetyNet will say it matches a CTS profile

if it passes

so people have totally misinterpreted this and think SafetyNet runs the Compatibility Test Suite

I have a feeling Samsung phones generally support custom keys, but it is a hunch

as TheJollyRoger will tell you

it's actually

cn3m: I'd be interested to see

pretty funny they think so

TheJollyRoger: can you imagine if SafetyNet attestation ran the CTS to see if it passes? lol

anyways

it's xdaspeak

so you have to translate it

<dazinism "cn3m: I'd be interested to see"> I will check again

as far as I can tell all they're saying is they unlocked, then locked again (with the unmodified stock OS still) and SafetyNet passes - as expected, that's what it's supposed to do

"xdaspeak" love that term

the knox tamper bit is an unrelated thing

knox tamper bit is burned when the device is ever unlocked, etc.

it doesn't really make a lot of sense

samsung doing samsung things

^^

the docs are pretty clear

<strcat[m] "TheJollyRoger: can you imagine i"> Not possible tbh

<strcat[m] "it's xdaspeak"> OwO what's this

anupritaisno1: I'm saying that because it's laughable to think that it runs the CTS

Given the time it took Jolly to run CTS on the Pixel4 and all the noise and stuff, the idea of safetynet running CTS is a bit of a jump

because of the terminology of it matching a device to a CTS profile being misunderstood

safety net and CTS have completely different objectives don't they?

Is there an easier way to enable lockdown mode?

I explained above

<cyredanthem[m]1 "Is there an easier way to enable"> Enable it

> > <@cyredanthem:spitetech.com> Is there an easier way to enable lockdown mode?

> Enable it

Use it*

SafetyNet is a blanket term for assorted Google Play Services security-related stuff

Turn lockdown mode on

SafetyNet attestation is the Google Play Services attestation API

it's documented at developer.android.com/training/safetynet/attestation

SafetyNet includes other things than that

<strcat[m] "SafetyNet attestation is the Goo"> What about auditor?

doesn't use SafetyNet attestation

I think I need to stop using riotx, app is a mess, not even getting messages now

alicebobandeve: I mainly use minivector

RiotX is beta

strcat: yeah, just read it

dazinism: will check, thanks

I find it lags and locks pretty bad after a bit

Auditor uses hardware-based attestation

alicebobandeve: its Riot Android with some stuff stripped out

via the AOSP hardware-based attestation system

SafetyNet was originally just software-based attestation - largely just security theater

* SafetyNet attestation was originally just software-based attestation - largely just security theater

it now uses hardware-based attestation on many but not all devices, but in a weak way

imo SafetyNet attestation is essentially obsolete and app developers should just use the AOSP hardware-based attestation API

<cn3m[m] "I have a feeling Samsung phones "> Would be nice if that were true

Considering how popular Samsung devices are

Also would open up a different SoC manufacturer

their devices tend to have bare minimum AOSP support

they try to roll their own warez

samsung everything

I know they arent great, but I'd hope that more devices supporting verified boot with alternative OS would make more folks care and snowball to more devices

<strcat[m] "their devices tend to have bare "> What about the essential phones

From a quick glance all you see is a proper AOSP device tree and an upstream kernel

They're dead though arent they?

anupritaisno1: they stopped making more

company is dead

Ah they died

Hadn't heard about them in a while

<strcat[m] "imo SafetyNet attestation is ess"> Thanks for the info

<dazinism "alicebobandeve: its Riot Android"> Gotcha

people came forward about sexual assault and harassment by the main founder

which is probably part of why it died

because it was largely his company

doesn't exist without him

Makes sense

strcat: you're using a Pixel 4?

Yes alicebobandeve

Worth the upgrade? I have to charge my Pixel 3 4 times a day now.

Can't really blame riotx, this phone has been through a lot since more than a year now.

Pixel 4 is notorious for low battery life, no?

Pixel 4 too? Fuck, let me do my research never mind

alicebobandeve: can see whats eating the battery

Well it's a good phone

hopefully Pixel 4a uses the same kernel from the start

Can get RiotX or Riot Android to behave better. But notifications are delayed

dazinism: I've done all that lol

Too many cycles

strcat: I hope the 4a is easy for GOS dev, I hate my iPhone 11, have to keep coming back to my Pixel 3 running GOS.

I don't have a battery issue

You use a Pixel 3?

Pixel 4

Ok

You leave it plugged in :p

No

I can't sadly

The pixel 4 charger doesn't go in my wall

So I can only charge it slowly over USB

What?

Woag

Woah*

Adapt with an adaptor anu

<anupritaisno1[m] "So I can only charge it slowly o"> FFFFFF

Indian and USA plugs are very different

dazinism: Hey, minivector seems really nice fork for now but have you ever had a problem where it won't accept your recovery key?

The one in the box seems to be flat pin one

<dazinism "Adapt with an adaptor anu"> OwO adapting adapter

Indian sockets need the round stuff

<anupritaisno1[m] "Indian and USA plugs are very di"> Yes, I feel you, same country :)

And you can't just use any adapter

defconanon010102: I've never set up the recovery stuff

<dazinism "You leave it plugged in :p"> Oh god no lol

Need to match the specification on the charger

Makes sense.

anupritaisno1: it can fast charge from a computer if it has a proper USB-C port

Leaving it plugged in destroys the battery, I actually get mine down to like 5/10% every night, then take it back to 100%

it's not quite as fast as the wall charger

but it's faster than the slow charge

strcat (@strcat:matrix.org): sadly I don't

anupritaisno1: also a standard USB quick charge charger

works

just not quite as fast I think

I spent a lot on CPU and ram but otherwise use a really cheap motherboard

my workstation is 4 years old now

Lol

needs to be replaced really badly

<MysteriousWizard "Lol"> Works for me

still have a proper USB-C port though

> Daniel Micay: Firefox is bad

> Resynth: *uses Firefox Beta*

Just throw in a 9th gen no GPU i5 and top out with 64G ram

Found the cheapest motherboard on the market

My total expenditure is like 500 CAD with this strcat (@strcat:matrix.org)

And decent enough to build

I think the SSD alone was like 1300 CAD

2TB PCIe NVMe SSD, really high end one at the time

that's probably only ~3 years old

The i5 9x00f CPUs are a good deal

Wow

I need to build a new workstation

strcat: woah, intense

Man just HDD here

but I probably want to use threadripper this time around

<anupritaisno1[m] "Man just HDD here"> LOL

and that means I can't use EVGA motherboard which sucks

F your speeds

<strcat[m] "I need to build a new workstatio"> BTW I have some good stuff if you want remote servers

Fully encrypted too ^

is the SSD I have in it

My 3900X should last me a while but I need a new monitor setup

dunno if I want to just move this stuff over to a new computer

probably just reuse the SSD

just get a new motherboard + CPU and reuse PSU, SSD

reuse RAM too perhaps

<MysteriousWizard "F your speeds"> Just initial Soong takes a while

I think it's still DDR4

so I just need a motherboard + CPU

<strcat[m] "just get a new motherboard + CPU"> Ah so similar to what I did

maybe I can reuse my heatsink even

noctua sends free heatsink mounts

for new cpu sockets

<anupritaisno1[m] "Just initial Soong takes a while"> TBH there's not much difference when you load up a game, but damn those boot times

My last workstation was like 10, maybe 12 years old

<strcat[m] "noctua sends free heatsink mount"> Damn that's cool

Damn...

I think I just need to show noctua the newegg / amazon receipt for it and the new motherboard

and they'll send a mount

You use a build server?

if one is needed - I somewhat doubt the old one will work

although I'm unsure if my heatsink will work with a threadripper layout motherboard

<strcat[m] "although I'm unsure if my heatsi"> Why threadripper?

Won't too many threads expose races in AOSP?

ahhh no I can't use my heatsink

anupritaisno1: no it won't expose races

I need a new heatsink

NH-D15 base is not big enough apparently

there's no updated D15 yet :(

<strcat[m] "anupritaisno1: no it won't expos"> Pretty sure there are a few

no

it will work fine with more cores

threadripper works great here

super fast builds

What's your current setup like?

Alright

LTO is still slow, but that's it - everything else is fast.

noctua.at/en/nh-u14s-tr4-sp3 yeah that's sad they don't have a D15 version for the socket yet

because the die is so big

the existing D15 won't work

could always stick that on the gpu xD

noctua.at/en/products/cpu-cooler-retail/nh-d15 is what I have for my current workstation

Just curious what kind of setups you guys use

me too, on a 3900x

x370 board though since I updated from 1700, gotta love AMD cpu compatibility

their newer generation ones have the new generation fans and more heatpipes

cdesai: yeah that's AM4

cdesai: the high end new CPUs are sTRX4

it's a much bigger die

so NH-D15 base isn't big enough

strcat[m]: I know, we have a 3970x in the office

on an AIO though

Ryzen 9 3900X, Crosshair 8

NH-D15 beats most AIOs for prolonged load

they just look good in crappy tests because it takes a while for the water to heat up

but I guess I might have to do that

there are some good AIOs though

280mm or even 360mm

I got the 3900x from my firm though. What's your setup anupritaisno1

cdesai: I need to choose a motherboard too

maybe I'll just get some enormous AIO and case

lol.

strcat[m]: I might have something for you re AIO, give me a bit

<alicebobandeve[m "I got the 3900x from my firm tho"> i5 9400f

3990X is pretty expensive

strcat[m]: aquatuning.us/water-cooling/radiato…er-1260mm-supernova-radiator?c=6566 here you go

strcat: very

3970X is the sweet spot

3990X is double the cores though

and also with proper power / cooling you can probably get a huge overclock

since it's downclocked so much from the overall package heat / power

Tbh wish I could max out the ram

Like 64 gb

double the cores but still 280W

strcat (@strcat:matrix.org): what are your build times like?

Assume clean

a bit under an hour

That's pretty nice

anupritaisno1: ark.intel.com/content/www/us/en/ark…ition-25m-cache-up-to-3-50-ghz.html

I have one of these @ 4.5GHz

was really good back in 2016

I have 2 computers that I actually use

workstation and then a desktop

2x 27" 4k monitors, separate one for each

and a little USB switch thing for my keyboard + mouse which switches it back and forth

could put them in one case if you haven't already with something like youtube.com/watch?v=pB-zBSExMS4

so the workstation is separate from everything else

cdesai: prefer it separate

Interesting

either both computers need an upgrade

or I need to retire the desktop and make a new workstation

and then this workstation becomes my new desktop

that probably makes sense

in which case I need to just do a build from scratch

this CPU is more than good enough for anything I'd do on the desktop

my other machine is still on a 2600k

I think I'll just do a new workstation from scratch

I don't even know what I'm doing tbh

Builds take 4h here

well I have a 10 core / 20 thread CPU @ 4.5GHz base clock

anupritaisno1[m]: what do you have?

which is not bad

and 64GB DDR4 (quad channel)

quad channel is really important for this use

That explains it

I'll do 128GB+ next time

So strcat you suggest I do more cores next time?

also the 2TB PCIe x4 NVMe SSD

anupritaisno1: yeah

Will see

anupritaisno1: for clean builds 2x as many cores is almost half the build time (especially since we build kernel separately so 'clean build' doesn't include kernel build)

for incremental builds it's much more bottlenecked by single thread performance

also memory bandwidth matters a lot

quad channel is really important

storage performance doesn't matter that much but it helps keep CPUs saturated without needing a ton of extra build jobs

Well 4h isn't that bad

Previous one needed 2 days for a build

so yeah plan is workstation becomes regular use desktop and gets replaced with a new workstation

sounds good to me

It was a core2 q8300 btw

Didn't bother upgrading

I dont have a working usb storage for backing up my phone, can I just do a local backup and copy the SeedVault folder over to my pc?

yes

This may also be interesting on the topic of workstations

"Torvalds is a build your own box type of guy". Yeah, no shit.

Sorry for off-topic but I found this an entertaining read about scam secure phones: vice.com/en_us/article/3aza95/how-police-took-over-encrochat-hacked

> "Torvalds is a build your own box type of guy". Yeah, no shit.

Also build your own OS type of guy :D

anupritaisno1: I'll start merging your port of the patches tomorrow

will start with the obvious yes changes

anupritaisno1: you can probably drop the TIOCSTI commits too since that's handled by SELinux

Are the old Intel Xeon good enough for the task? 6core/ 12 thread and loads of cache memory. 4 ram channels for around 200€. They could also heat your house in winter

* Are the old Intel Xeon good enough for the task? 6core/ 12 thread and loads of cache memory. 4 ram channels for around 200€ on aliexpress. They could also heat your house in winter

they also give you a very nice electricity bill

<TheJollyRoger "privacy_based_lifeform: As strca"> Yeah but desktop Tor Browser was able to protect against it

<privacy_based_li "Yeah but desktop Tor Browser was"> It was not

Yes, by disabling JS. :)

Hi, is there a way to turn off wifi automatically when I lose contact with my home AP?

So can I run Graphene on a VM on a Gentoo PC?

<anupritaisno1[m] "Just curious what kind of setups"> i7-10750H, 32 gig ram , rtx 2070 S

<mxnorvak[m] "zdnet.com/article/lo"> haha, LTT also released a video recreating it yesterday

<madaidan[m] "It was not"> what? mine was

privacy_based_li: hahaa yeah that video was a nice watch, the build looked so clean

much better than the typical rgb cable fest

<privacy_based_li "what? mine was"> There's many ways to fingerprint the Tor Browser with js

Yeah, must be, I was just saying its safe against fingerprintjs.com/demo

<thedefiant8[m] "Hi, is there a way to turn off w"> Check out task runner apps. I use Easer for this sort of thing, although there could be better ones.

What do I need to do/have to be able to scan restaurant menu QR codes on GrapheneOS? Is there an option without an additional app?

Hello :)

Greetings aldous_leekie

<brenneke[m] "What do I need to do/have to be "> f-droid.org/packages/de.t_dankworth.secscanqr

Thanks

I browsed reddit today after months (anonymously of course) after strcat posted some links here. I must say it's a bigger shit hole than it was earlier. Most of the recent posts had strcat and madaidan. trying to explain to absolute numb nuts how Android and iOS work, only to be met half way in the discussion with a comment "I'm by no means an expert, researcher or programmer but I did my research for 2 weeks"

lol. Hats off to you guys.

Yo, what do you guys think is safer, TAILS, or Whonix on QubesOS?

What's your threat model?

Whonix and tails

Government agencies, I live in a country where people are killed for criticizing it. Tor usage is technically illegal here but bridges seem to work for people I know

I'd be using Whonix/Tails, + VPN out of the country, if that's the case.

BTW exfat kernel coming for pixel 4

I won't be upstreaming the driver

So yeah don't expect exfat in grapheneos

Well unless strcat approves

Chances are pretty low BTW

bonerdose: if VPNs are legal there, use one based outside your country.

Otherwise Tor bridges are your only option, and still risky.

Technically there's Loki net as well, but it's still experimental and I wouldn't suggest betting your life on it.

If it were me, I'd use tails and have a way to quickly destroy the flash drive in case I got caught.

What you're doing is very risky.

DNS question : my pixel 3a is not well configured and uses openvpn to connect to NordVPN server, I also change the config to force the phone to use cloudflare DNS. I tested my config with dnsleaktest.com MY QUESTION : how do site as dnsleaktest.com are doing to know which DNS I am using ? it's not clear in my head how they get that info....

Best way to get rid of it would probably be flushing the flash drive down the toilet, possibly after damaging it with a hammer or butane lighter. You wouldn't want the thing on you or your property, and it would be best if it were destroyed before being discarded.

(That was also for bonerdose )

Ideally you want to avoid your home or cell internet as well in case Tor is detected by deep packet sniffing.

cyborgninjaneer: dd if=/dev/zero of=/dev/whatever

It's hard to say what the best practice would be.

Or GNU shred which uses 3 iterations

If you have a really good USB drive this might work

blkdiscard -s /dev/whatever

I'd go with shred

This basically tells the drive to do a hardware secure erase

There you go.

Well idk how many drives have a controller that understands trim commands

You might need the non secure blkdiscard /dev/whatever

Hmm

bonerdose: Just don't trust your tools too much. Assume that nothing guarantees safety.

The logic is simple

TRIM everything on the disk

Any file manager recommendations?

<q22[m] "Any file manager recommendations"> Why not using the default one from GOS?

<jfbourdeau1 "DNS question : my pixel 3a is n"> Here

sixBit: Sorry, I was looking for one that could handle network shares. Or am I missing something?

Android Samba Client (Access files shared through a SAMBA share) - f-droid.org/app/com.google.android.sambadocumentsprovider

This adds samba to the built in file manager

Nextcloud also integrates with the built in file manager

For FTP you'll probably need another app

Cool, thanks guys

Grapehene should be able to open VCF attachments, right? or nah

DannyWorkOrderP4: yes. Import them into Contacts.

TheJollyRoger: GrapeheneOS itself appears unable to handle the files I am receiving (may be one Google-Android sender's specific format, unsure)

I get a white screen when trying to view from Messages (text), and when I download it and try to open it that way, same deal.

Hmm. Very strange!

* TheJollyRoger: GrapheneOS itself appears unable to handle the files I am receiving (may be one Google-Android sender's specific format, unsure)

Thought so, too. So not a known issue. Okeydoke.

Google or carrier probably fuckin with the filestandard

"Import Contacts" from F-Droid handled importing the VCF properly, so it can't be corrupted/too non-standard.

(^for posterity, if anyone's runs into this in future and is looking for a workaround)

Will note that I wasn't able to choose where to store the contact on import, and don't seem to be able to change the Contact after the fact from On Device to Sync to an Account - but that's an "Import Contacts" complaint, obviously.

TheJollyRoger: If you're still around - have you found any Android browsers that are FIDO2 enabled? Know you've done some work in this space, and went through Vanadium, Bromite, and even Chromium last night, to no avail trying to register on two or three different services, so assuming it's not the services.

Hey, maybe I'm just missing something but I can't find how to use the calendar on graphene

I can scroll around, but its just blank and I can't find how to make new events

DannyWorkOrderP4: sorry, no, I haven't.

Are external apps required to make calendar events?

neonfuz2: I think right now the calendar app's been disabled, but the Calendar API in Android does need to have it there for some reason, but I'm not quiiiite sure.

hmm, alright

odd

why removed instead of just degoogled?

there's a calendar on f-droid that's like the vanilla calendar

is it a security thing?

I actually don't know that myself, sorry. It's something from upstream AOSP. Upstream AOSP isn't "degoogled" - it just never had google in there to begin with.

yeah I know lol

and alright

I think this is a fork of the aosp calendar?

Not sure, but likely if it's on F-Droid I don't think it'll pass the project's standards to be included.

so I installed etar, and it's asking me to add a calendar account

I tried using the built in calendar app as the account or whatever, and it doesn't work

I think the built in calendar app is completely broken, even as a backend for other calendar apps

I guess maybe things would go wrong with NO calendar app when an app requests calendar permission, but the built in app is pretty much a stub

only really useful to give apps calendar permission that you don't trust I guess

It worked for me as readonly with davx5

so you use davx5 and then use the default app as a viewer?

<TheJollyRoger "Danny (WorkOrderPro): sorry, no,"> My mistake! I was misremembering our smartcard discussion/assuming you may have done some FIDO2.

Used to, yes

when I select the default calendar and then try to make an event in etar, it just brings me back to the empty calendar in etar, and upon trying to make another event it says I need to add a calendar account and gets stuck in a loop

it seems I couldn't even write events to the default calendar with etar that is

anyways, etar has support for offline calendars built in anyways, I'll just use that I guess

oh wow, so I made a local calendar in etar and it showed up in the calendar app

I guess it just can't be a backend, you need another app to act as the backend ("calendar account")

Probably

Is Android swap always used with zRAM?

Will have a 3a available in southern california if anyone is insterested. probably mid august

Does anyone know what the System App "Presence" is? I was trying to learn more about the apps and couldn't find any info on it. Only thing I could find was the security camera app in the PlayStore and I'm pretty sure it isn't that. Thank you.

Nikos: etar was originally a fork of the AOSP calendar but it's a lot different now

and the AOSP calendar was stripped down into a sample app

strcat[m]: we're shipping it now, lineage got it building in aosp

I won't bundle GPLv3 code

rather just have it installed as an app by users

<strcat[m] "I won't bundle GPLv3 code"> Why tho

because it's incompatible with making a GrapheneOS device with an immutable root of trust

which is incompatible with the goals of the project

Would supporting a custom verified boot key similar to how Pixels currently do it still be incompatible?

and I want to work towards not having any restrictively licensed code eventually

I agree it's kinda silly

What's sad is the original Calendar was Apache2, and they changed it for one contributor and then kept it.

JTL: what Pixels do is compatible, if we make our own device we don't necessarily have the resources to make a comparable implementation and hard-wiring it is a simpler way to make it secure

Fair

Pixels have the Titan M paired with the TEE for this

and store the custom key in the Titan M

which also enforces bootloader lock state etc.

JTL: I want GrapheneOS to be usable on a device with an *immutable* root of trust

I do agree it's some amount of complexity and takes extra resources

rather than just on devices like Pixels with a security chip for enforcing it based on protected state

Fair

not every company / organization / individual that will want GrapheneOS will want it to be possible to boot another OS

so bundling GPLv3 code is not compatible with the project being permissively licensed

and having it usable for everything people should be able to use it for

GPLv2 isn't a problem but I would rather avoid code that can't be mixed and matched with other code

I'm personally in the camp of "want verifeid boot with custom keys as an optional feature" but I agree with your reasons

because that's problematic and then I have to be careful about working on it

Makes sense.

for example if I make something in the kernel first and then want to use it in userspace

I have to be careful it's not tainted by the kernel GPLv2 code

so it's better to write it for userspace first

hardened_malloc as an example of something where code sharing would be useful

with a hardened slab allocator

Wow.

Does Valladium support PWA installation?

yes

it's Vanadium

Does it install actual Android packages or just shortcuts?

shortcuts it's no different than how regular Android and Chrome do it

It's just a stateful website "container" linked to an icon on your homescreen, mate

No magic