Again. I just need something maintainable I can run in my pocket today at least as secure as my laptop.
Pixels are a dead end.
Long term I want exactly what you describe but until thaf project actually breaks ground I have to hack ogether the least bad of terrible options.
Conversation
What you're talking about is already dead on arrival: remotely exploitable over the air via known vulnerabilities without being able to provide over-the-air patches for the issues.
What's not terrible about rolling back security so much + not having updates?
2
Explain how a Librem5 or Pinephone running Debian with just a browser with the GSM disabled except for emergencies is any worse security than my laptop running Linux.
It is just a Linux laptop with a smaller screen to me until I can someday get something I can trust to do more.
1
2
If your laptop was purchased recently from a decent company, it will at least have firmware updates for all of the major components including Wi-Fi and Bluetooth, and you can apply those by keeping the OS up-to-date as long as it's decent. Of course, you did say *Debian* so...
2
They are pci slots. I can drop in the same wireless modules I use on my laptop. As for the SoC itself I am stuck with a lot of terrible options. You are not wrong there.
1
I don't know what specific remotely exploitable vulns you are talking about o. The Librem5 that don't apply to most laptops but by all means educate me.
Might change how I am thinking about this.
1
What I know for sure is I don't have time to maintain support for Pixels. No one is able to keep up there so that security story is bad for very different reasons.
Google has false marketing too, like how they claim to maintain working AOSP :-P
1
It's not AOSP that's screwed up but rather the (lack of) support for Pixels. They just aren't really the fully supported reference devices that they're made out to be. I don't think Google portrays them that way.
1
If you don't care about app compatibility and are fine with ports of a few important things like Chromium and Matrix, then I fully agree that it makes more sense to use something far more minimal and even do away with the Linux kernel itself.
2
1
But I don't see how that makes it a good idea to use a hardware platform where security is an afterthought and it's worse in so many ways than a mainstream device. GrapheneOS could not offer the security or functionality it does today on that device, so why bother? How I see it.
2
Perhaps you just want to make a device that's an appliance with a web browser and end-to-end encrypted chat / voice client. That sounds interesting. Linux doesn't seem important to that. It could be a single verified image with no dynamic code, and the Linux kernel is overkill.
A highly minimal and secure 'feature phone' is a more interesting concept to me than just 'more open' smartphone hardware (which is still ultimately closed source hardware with closed source firmware anyway). Just make something different and don't compete on functionality.
1
1
Honestly and an MVP to me would be hardened buildroot Linux with a squashfs statically compiled into the kernel that has a basic UI and the 4 apps I need would be easy to maintain and reason about and save me 250gb of android hell to deal with.
1
Show replies
Linux is important for that in that it is what gets me to a useful iteration of that in a weekend while I have limited time.
I would 100% want to iterate on that and hardening with better hardware and a microkernel etc layer by later.
1
Talking about custom hardware here so there aren't those kinds of extreme resource constraints.