You can't make a device with decent security based on it and it's far from being able to run a fully functional AOSP particularly with the security features supported (but far beyond that) so not sure what you plan on doing with it.
Conversation
At least Pine64 doesn't have deliberate anti-security measures and anti-security policies / ideology. It's just not technically advanced in that regard so it's far behind the status quo / industry standards (applies to both) but the reasons are better (lack of resources).
2
Anyway, if you want to support charlatans it doesn't just mean definitely not having my support, but I'll actively oppose it.
Really not interested in building something offering trash tier security and robustness along with even worse usability.
Not a long-term path either.
2
Again. I just need something maintainable I can run in my pocket today at least as secure as my laptop.
Pixels are a dead end.
Long term I want exactly what you describe but until thaf project actually breaks ground I have to hack ogether the least bad of terrible options.
1
What you're talking about is already dead on arrival: remotely exploitable over the air via known vulnerabilities without being able to provide over-the-air patches for the issues.
What's not terrible about rolling back security so much + not having updates?
2
Explain how a Librem5 or Pinephone running Debian with just a browser with the GSM disabled except for emergencies is any worse security than my laptop running Linux.
It is just a Linux laptop with a smaller screen to me until I can someday get something I can trust to do more.
1
2
If your laptop was purchased recently from a decent company, it will at least have firmware updates for all of the major components including Wi-Fi and Bluetooth, and you can apply those by keeping the OS up-to-date as long as it's decent. Of course, you did say *Debian* so...
2
They are pci slots. I can drop in the same wireless modules I use on my laptop. As for the SoC itself I am stuck with a lot of terrible options. You are not wrong there.
1
I don't know what specific remotely exploitable vulns you are talking about o. The Librem5 that don't apply to most laptops but by all means educate me.
Might change how I am thinking about this.
1
What I know for sure is I don't have time to maintain support for Pixels. No one is able to keep up there so that security story is bad for very different reasons.
Google has false marketing too, like how they claim to maintain working AOSP :-P
1
It's not AOSP that's screwed up but rather the (lack of) support for Pixels. They just aren't really the fully supported reference devices that they're made out to be. I don't think Google portrays them that way.
If you don't care about app compatibility and are fine with ports of a few important things like Chromium and Matrix, then I fully agree that it makes more sense to use something far more minimal and even do away with the Linux kernel itself.
2
1
But I don't see how that makes it a good idea to use a hardware platform where security is an afterthought and it's worse in so many ways than a mainstream device. GrapheneOS could not offer the security or functionality it does today on that device, so why bother? How I see it.
2
Show replies