Conversation

Months ago my phone died and now I need 1+ man-week to de-backdoor my new Pixel 4. Being mostly phoneless warms me up to a simple device that respects my rights out of the box. Continuing phone detox until I get a Pinephone or Librem 5. I'm done funding #SurveillanceCapitalism twitter.com/ashk4n/status/

This Tweet is unavailable.

This Tweet is from a suspended account. Learn more

Replying to

and

Neither of the devices is open hardware and neither has open firmware, despite misconceptions created by misleading marketing. The Librem 5 is deliberately locked down to prevent updating the firmware. Neither is close to the security requirements for official GrapheneOS support.

Replying to

See grapheneos.org/faq#device-sup for an overview of device support including the requirements for official support. We can't provide official support for insecure devices with vulnerabilities that can't be patched. Similarly, the hardware needs to provide the standard hardware-based

Replying to

security features including the hardware-backed keystores used by the OS and apps, support for real verified boot and attestation, modern mitigations, proper IOMMU integration / setup for the components, hardware key derivation support, Wi-Fi anonymity beyond just MAC rand, etc.

6:09 AM · Apr 15, 2020Twitter Web App

Replying to

Not going to list all of the requirements/expectations here but it's a given that we are not going to give it up in exchange for insecure hardware from untrustworthy companies pushing proprietary hardware and firmware as open and more private/secure while being objectively worse.

Replying to

Don't see any reason that open source userspace driver components would require hardware that takes so many steps backwards and throws away so much progress. We'll be very excited to support actual open hardware/firmware RISC-V phones built to meet existing security standards.

Show replies

Lance R. Vick ( @lrvick@mastodon.social )

Replying to

and

But to get all those you also have to trust yet another closed stack of components and piles of privileged binary blobs you have to sort through tediously on every single new device. All current options suck in very different ways.

Replying to

and

The Librem 5 and Pinephone are closed hardware with closed firmware. The complexity in the entirely closed source SoC and other hardware components / firmware completely dwarfs the complexity in userspace libraries. You're also grouping things that are open source in with blobs.

Show replies

Lance R. Vick ( @lrvick@mastodon.social )

Replying to

and

These are super hard features to give up. I totally hear you here. I am also super frustrated that the Pixel 4 (and likely devices beyond it) are going to take such a massive amount of time to deblob. There is no escaping the need for a better target.

Replying to

and

We'll take a more secure closed source driver over a less secure open source one any day of the week. It really doesn't matter to us. The project is about privacy and security, not ideology. Open source is good because it lowers barrier to entry for research and hardening.

Show replies