Wasted VS pam-duress

Wasted - wipe your device when USB device (other than a charger) is plugged in when screen is off, notification is pressed, fake app is hit, screen has not been unlocked for x hours, or quick setting tile is pressed.

Maybe Wasted?

Github https://github.com/x13a/Wasted

You might want to lookup Wasted. You grant the app Device Admin, it can wipe on trigger, not specific to GrapheneOS. I haven't try it. Can't give you my take.

Take a look at this.

Wasted I have not personally tested it though

And Wasted by the same developer.

On Linux, there’s pam-duress: https://github.com/nuvious/pam-duress

Multi-step timeout would be a good alternative, especially for mobile. For desktop, I have this awesome PAM set up to remove everything associated with my regular user account.

It's actually quite simple and readily available with PAM duress [0] (at least on Linux, I'm not sure about PAM on Mac). It was also discussed here already [1]. Still, you should consider that doing so might not work in your favor.

[0] https://github.com/nuvious/pam-duress

[1] https://news.ycombinator.com/item?id=28267975

# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 inherit pam toolchain-funcs VER_COMMIT="04e607f9ab674c8dbbf27ea8bb59158178a72f69" DESCRIPTION="A PAM module enabling special 'duress' passwords that will execute arbitrary scripts" HOMEPAGE="https://github.com/nuvious/pam-duress" SRC_URI="https://github.com/nuvious/${PN}/archive/${VER_COMMIT}.tar.gz -> ${P}.tar.gz" LICENSE="LGPL-3" SLOT="0" KEYWORDS="~amd64" IUSE="debug" DEPENDS="dev-libs/openssl sys-libs/pam" RDEPENDS="${DEPENDS}" S="${WORKDIR}/pam-duress-${VER_COMMIT}" src_prepare() { default sed -e "/^CC :=/s|:= .*|:= $(tc-getCC)|" -e "/^CFLAGS :=/s|-O2|${CFLAGS}|" \ -i Makefile || die } src_compile() { emake $(use debug && echo "debug") } src_install() { dobin bin/duress_sign dobin bin/pam_test dopammod bin/pam_duress.so einstalldocs }

Using https://github.com/xmidt-org/dms & https://github.com/nuvious/pam-duress to shred LUKS headers: https://www.buskill.in/luks-self-destruct/

maybe https://github.com/nuvious/pam-duress

This repo gives you one such tool. It triggers a script when a specific password is used, and can then hand over control to the usual unlocking process or not (as you asked for). The script is whatever you want: taking a pic, maybe transmit it over the internet, possibly including live video, audio and location, distress message, etc. The script can also erase the app, itself and the log entries, then unlocking as if nothing had happend. A downside is that, at least from the repo description and instructions, the Duress action triggers on specific user and password, not on anything but the correct combination. Still, you asked for specific user and password.

So far, I've only come across one solution for Linux, called PAM Duress. It executes a script when you log in, so you'd probably need to add some actions that make the files unavailable. I haven't used it myself, as I'm a Windows user.