Pine64-Arch VS GrapheneOS-Knowledge

Phone has Tow-boot and the open-source modem firmware already installed. eMMC & sdcard have just been formatted & flashed to the latest Arch Phosh image from danctnix.

I flashed my pinephone pro with an arch-sxmo image (here: https://github.com/dreemurrs-embedded/Pine64-Arch/releases), and it works great, but I can't seem to switch the autologin to a new user. In fact, I couldn't find a conf file, neither in /etc/conf.d/, neither in /etc/tinydm.d/env-wayland/. I added a "tinydm" file in both directories, containing the line "AUTOLOGIN_UID=1001" (1001 is the userid I want to log in at boot), but to no avail. Any suggestion?

The keyboard is an important detail! Given the state of the PinePhone Pro, and that you want to use keyboard, have a look at DanctNIX Sxmo https://github.com/dreemurrs-embedded/Pine64-Arch/releases .

I was using the danctnix arch build running Phosh - https://github.com/dreemurrs-embedded/Pine64-Arch/releases

At the time (about 10 months ago) it was the most solid I could find. I'm a little out of date at this point, but I'll probably check back in on it some time in the next few months.

And I agree - even at the time it was a usable phone. A tad slow for my tastes, but hard to argue with the performance given the low cost of the hardware.

For comparison: Here‘s the (IMHO sane) DanctNIX PKGBUILD: https://github.com/dreemurrs-embedded/Pine64-Arch/blob/master/PKGBUILDS/phosh/phosh/PKGBUILD

This is just one example (linked below) but I've seen a fair bit of this type of behaviour just specifixally from the project founder/leader. There does seem to be a lot of other more level-headed folk involved with the project too however so not sure how insurmountable the problem is.

https://github.com/Peter-Easton/GrapheneOS-Knowledge/issues/...

The Librem 5 is not as open or libre as its marketing has tried to insinuate, simply having its binary blob signed and validated firmware saved in write-protected read-only memory and loaded by a secondary coprocessor to exploit a loophole in the definiton of "libre" hardware to allow it to qualify for the FSF's definiton of "Free" hardware. This renders the firmware unupdateable without shorting a connection. In the event a vulnerability is discovered in the modems or radios, the firmware cannot be updated without physically dismantling the phone. Firmware initialization is also no longer under the control of the host operating system because the initialization is carried out from outside the OS: changing or updating software on the host will not address these design defects. Although the modems and radios are not attached to the host via DMA, they rely on USB for isolation, which simply shifts the trust from the kernel driver to the kernel USB stack, and USB was never designed with distrusting the device plugged into it in mind unlike SMMU/IOMMU, which is specifically designed to mitigate unconstrained DMA.

Current releases of the Librem 5 have been plagued by thermal throttling issues and poor battery life which in some cases has clocked in at less than 1 hour at idle.

The Librem 5 does not even support software encryption and no progress has been made toward adding even LUKS encryption. The Librem 5 lacks a secure element for any hardware binding on the encryption and so would be entirely dependent on software-only encryption.

The rebranded version of Debian that the Librem 5 uses as an operating system uses the same security model as the desktop stack, which is a perimeter or "all or nothing" security model. In the future, applications may be installed utilizing FlatPak. The threat model and measures FlatPak takes to meet it are as of yet unclear and uncertain.

From https://github.com/Peter-Easton/GrapheneOS-Knowledge/blob/ma...