Reproducible builds and lack of telemetry, plus hardening against compromise (by any actors) is my personal use case. I only run free/libre infrastructure privately, and hope to move on to open/libre hardware in future.
But how is that significantly more secure than LineageOS? I have read through countless blog posts from GrapheneOS developers and have not yet encountered an explanation that is sufficiently convincing. Outside of additional security hardening, which is definitely a big pro, GrapheneOS doesn’t have many things that LineageOS doesn’t. LineageOS is fully FOSS and telemetry-free. They introduced the “Trust” control panel for managing all sorts of privacy and security matters. They have PIN scramble.
The only major, obvious security vulnerability lies in the proprietary driver blobs from the device vendors / OEMs. But AFAIK Google Pixels also have those, right? So outside of doubtlessly valuable measures like restricting malicious reprogramming / access through the USB port, in what ways is GrapheneOS actually more secure than LineageOS?
in what ways is GrapheneOS actually more secure than LineageOS?
In many ways. This document provides a detailed overview of Graphene’s unique features, and is worth a skim even if you’re unfamiliar with some of the jargon.
My very reductive summary is that Lineage is primarily focused on reviving and bringing modern features to old devices, whereas Graphene is focused on hardening the security of AOSP as much as possible.
Both are de-Googled. Lineage is good for e-waste prevention, but not security. You will never be able to secure a device that can’t receive kernel updates because the OEM abandoned it, and “state actors” are certainly not the only people who can exploit those vulnerabilities.
Reproducible builds and lack of telemetry, plus hardening against compromise (by any actors) is my personal use case. I only run free/libre infrastructure privately, and hope to move on to open/libre hardware in future.
But how is that significantly more secure than LineageOS? I have read through countless blog posts from GrapheneOS developers and have not yet encountered an explanation that is sufficiently convincing. Outside of additional security hardening, which is definitely a big pro, GrapheneOS doesn’t have many things that LineageOS doesn’t. LineageOS is fully FOSS and telemetry-free. They introduced the “Trust” control panel for managing all sorts of privacy and security matters. They have PIN scramble.
The only major, obvious security vulnerability lies in the proprietary driver blobs from the device vendors / OEMs. But AFAIK Google Pixels also have those, right? So outside of doubtlessly valuable measures like restricting malicious reprogramming / access through the USB port, in what ways is GrapheneOS actually more secure than LineageOS?
In many ways. This document provides a detailed overview of Graphene’s unique features, and is worth a skim even if you’re unfamiliar with some of the jargon.
My very reductive summary is that Lineage is primarily focused on reviving and bringing modern features to old devices, whereas Graphene is focused on hardening the security of AOSP as much as possible.
Both are de-Googled. Lineage is good for e-waste prevention, but not security. You will never be able to secure a device that can’t receive kernel updates because the OEM abandoned it, and “state actors” are certainly not the only people who can exploit those vulnerabilities.
Yes. Controlling telemetry data transmission is why I run GrapheneOS.