Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
close04 5 days ago

GrapheneOS doesn't support Pixels with locked bootloader. It's where the game stops for all locked phones, a common practice now. You can already see how this is the single biggest thing.

The second big thing is that the "non-exhaustive list of requirements" is basically "whatever new Pixels do". Your conclusion that Pixel phones are "the only ones with secure enough hardware" is overstretching what's happening here.

The developers took the Pixel as a template because it's a well selling line, with good security, and generally with unlocked bootloader, and modelled the requirements based on it. It's a reasonable approach to the development of a niche security oriented OS because: "In order to support a device, the appropriate resources also need to be available and dedicated towards it". It has the downside that it makes it sound like no other phone has comparable security features.

Are the fully supported Pixel 6/6a more secure than any other non-Pixel phone sold on the market today?

pferde 5 days ago | parent [-]

What do you mean, "doesn't support Pixels with locked bootloader"? Yes, you need the bootloader unlocked to install GOS, but the last step during installation is locking the bootloader again. Having an unlocked bootloader is officially considered unfinished GOS installation. See https://grapheneos.org/install/cli#locking-the-bootloader

As for Pixels being more secure than non-Pixel phones, I would say they are more secure, due to existing hardware security features that most non-Pixel phones do not have, and just as importantly, due to still getting regular security updates from the vendor. Pixel 6 in particular is supported until late 2026, if I recall correctly.

This is the problem for most Android phones on the market - most of them stop getting security updates after a year or two, so your only option is hoping that one of the alternate Android OSes pick up the slack, e.g. Lineage or Calyx.

EDIT: That they modeled their security requirements based on the best device available at the time is simply how this works if the priority is security. They picked best of what was available, built features around that, and refuse to compromise for new device models if at all possible. And yes, no other Android phone has comparable security features for what they are doing. That's not how "it makes it sound", that's just reality.

close04 5 days ago | parent [-]

> What do you mean, "doesn't support Pixels with locked bootloader"?

You cannot install GrapheneOS on a Pixel that was locked by the carrier, it's literally the first prerequisite they mention [0]. From here came my initial comment saying that the biggest thing that excludes most phones from supporting GrapheneOS is the lack of unlockable bootloader.

This is what should give you pause when you declare one phone to be "best HW for security" because it supports GrapheneOS. Some Pixels are unsupported even with the same HW/FW/SW.

[0] https://grapheneos.org/faq#supported-devices

akimbostrawman 5 days ago | parent [-]

You acting purposefully obtuse. unlocked bootloader is the prerequisite for any android rom, that does not mean other hardware feature are less important than there other security requirements set by the project. Why other phones aren't comparable with details is literally explain two bullets point below your own link.

https://grapheneos.org/faq#future-devices

close04 5 days ago | parent [-]

> purposefully

Mighty all-knowing of you.

Just read my first comment, see what I objected to, see what arguments I used, and then think 2-3 times if you really added to the conversation. There must be better way to pad your comment count.

pessimizer 5 days ago | parent [-]

I did, and it makes this comment unintelligible unless there are no other Android phones with unlocked bootloaders. You've moved the goalposts, then got snotty about it.

edit: exactly who on this planet is motivated by "comment count" other than spammers?

edit2: the only way I can make your comments comprehensible is if I assume that you thought somebody was angry that they couldn't install Graphene on a phone with a locked bootloader. Before you assume the person you're talking to is insane, you should consider the alternatives.