os-issue-tracker VS GrapheneOS-Knowledge

> Everything works including Google Pay.

Wait, what? What did I miss here -> https://github.com/GrapheneOS/os-issue-tracker/issues/1986 ?

Thanks, I should take a look. I've also been meaning to try DivestOS.

I'm certainly not holding my breath on more GrapheneOS support, as so few people care. I'm not entirely sure it'd be the right fit for me anyway. I'm currently using a microg setup with lsposed so I can patch out some junk in modern apps (like Outlook trying to be device admin), and this kind of hooking is not something GrapheneOS is interested in (a feature request I opened a while back: https://github.com/GrapheneOS/os-issue-tracker/issues/284).

There's an upstream bug from AOSP where the fingerprint sometimes isn't shown after switching profiles. It's existed since a while, but has become more prevalent since the Android 13 QPR3 release last month. You can track that issue here: https://github.com/GrapheneOS/os-issue-tracker/issues/1611

https://github.com/GrapheneOS/os-issue-tracker/issues/2221 Someone recently opened this issue. Was this you?

But indeed, it's annoying for apps which continually request it, so there is an open feature request to have the option to disable that: https://github.com/GrapheneOS/os-issue-tracker/issues/1886

Also, before I get attacked that GrapheneOS can do this, here is an issue where the lead developer says the feature is not wanted.

As of March they've confirmed that a suitably non-invasive spoof for Device Integrity will be implemented, more on the complexities here. It's not that it can't be done, it will just take some time for an elegant solution meeting GOS standards.

See the issue here: https://github.com/GrapheneOS/os-issue-tracker/issues/1938

This is just one example (linked below) but I've seen a fair bit of this type of behaviour just specifixally from the project founder/leader. There does seem to be a lot of other more level-headed folk involved with the project too however so not sure how insurmountable the problem is.

https://github.com/Peter-Easton/GrapheneOS-Knowledge/issues/...

The Librem 5 is not as open or libre as its marketing has tried to insinuate, simply having its binary blob signed and validated firmware saved in write-protected read-only memory and loaded by a secondary coprocessor to exploit a loophole in the definiton of "libre" hardware to allow it to qualify for the FSF's definiton of "Free" hardware. This renders the firmware unupdateable without shorting a connection. In the event a vulnerability is discovered in the modems or radios, the firmware cannot be updated without physically dismantling the phone. Firmware initialization is also no longer under the control of the host operating system because the initialization is carried out from outside the OS: changing or updating software on the host will not address these design defects. Although the modems and radios are not attached to the host via DMA, they rely on USB for isolation, which simply shifts the trust from the kernel driver to the kernel USB stack, and USB was never designed with distrusting the device plugged into it in mind unlike SMMU/IOMMU, which is specifically designed to mitigate unconstrained DMA.

Current releases of the Librem 5 have been plagued by thermal throttling issues and poor battery life which in some cases has clocked in at less than 1 hour at idle.

The Librem 5 does not even support software encryption and no progress has been made toward adding even LUKS encryption. The Librem 5 lacks a secure element for any hardware binding on the encryption and so would be entirely dependent on software-only encryption.

The rebranded version of Debian that the Librem 5 uses as an operating system uses the same security model as the desktop stack, which is a perimeter or "all or nothing" security model. In the future, applications may be installed utilizing FlatPak. The threat model and measures FlatPak takes to meet it are as of yet unclear and uncertain.

From https://github.com/Peter-Easton/GrapheneOS-Knowledge/blob/ma...