GrapheneOS has funding available for developing an open source WebUSB-based installer as an alternative to our installation guide. It's low-level programming work despite being in JavaScript.
Get in touch with us (contact@grapheneos.org) if you're interested in working on it.
This does not involve designing and implementing a fancy user interface. It only needs the bare minimum of a functional interface for driving the installation process.
There's the open source fastboot code and an existing proprietary WebUSB-based flasher to reverse engineer.
Need to be comfortable with straightforward, fairly modern C++ and with JavaScript.
UX design and CSS are not within the scope of the project. Don't need to be concerned with making usable instructions either.
Goal for the project is a working installer with a bare minimum UI.
github.com/webadb/webadb.… has the start of a fastboot protocol implementation. It can likely already be used to issue the lock and unlock commands without much work.
Project involves figuring out how to do the rest of the flashing commands and putting it together as an installer.
No real need for existing experience with Android development. It's quite standalone.
Don't need to already have a usable phone for working on this since we can buy one as part of the funding.
The result will be open source and usable with other devices and operating systems.
This will be turned into an easy to use graphical installer for GrapheneOS not requiring software beyond a browser and our site.
CLI instructions will still be recommended for technical users on an OS with proper fastboot and signify packages. Otherwise, WebUSB makes more sense.
We could also release an offline version of the WebUSB-based installer in a signed archive to run locally in Chromium.
It could do verification of the downloaded release with a signify implementation to support this. Not going to be part of the initial minimal implementation.
Depending on native fastboot is a lot less portable than WebUSB. A Chromium-based browser is available to more users and it's far more likely they can get it from a trusted app repository.
Most Linux distributions have horribly broken adb / fastboot packages which doesn't help.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
The grapheneos.ca and grapheneos.net domains which were registered by Copperhead to cause harm to GrapheneOS should be turned over to us.
The same thing applies to the project's historical Twitter account which was stolen by social engineering Twitter support.
GrapheneOS was using the account before Copperhead existed. It's a separate account from the one belonging to the company and is still rightfully ours.
Our project was called CopperheadOS before Copperhead even existed. This is the same project as you can confirm via GitHub.
Legacy branches and tags from before renaming to AndroidHardening are published separately from the GrapheneOS namespace. The repositories are still the originals as shown by the network graph.
Other than GrapheneOS allowing ending user sessions and raising the padding size, this also applies to AOSP on devices with a secure element offering Weaver like the Pixel 2 and later.
This covers the baseline disk encryption.
Apps can use the hardware keystore API to provide another layer of encryption with options like setting keys to be only available when unlocked. Can also be mixed with their own encryption.
Before the Titan M introduced with the Pixel 3, the Pixel 2 used an off-the-shelf NXP security chip to implement Weaver. The implementation is open source:
GrapheneOS is a non-profit open source project. It is not a company. It does not currently sell devices. It does not have an official device management app.
@DanielMicay There are companies and individuals selling devices with GrapheneOS. We aren't selling devices with GrapheneOS ourselves at this time. Some of these vendors install a bunch of additional apps and provide device management. We do not have our own official device management app.
For the most part, we're not receiving anything based on these companies selling devices. We're on good terms with @ncryptcellular and they're supporting the project. We're working towards being on good terms with a couple others. Others have been problematic and have harmed us.
This doesn't mean it won't be possible to use apps depending on Play services on GrapheneOS. It means it shouldn't be deeply integrated into the OS as a cross-user, privileged app.
We're going to support installing a Google compatibility layer within a user profile as a regular app. The OS will include minimal support for this in a way that does not compromise the security model. It won't have special privileges other than masquerading as Play services.
We plan to add support for using a GrapheneOS release of microG this way. In the longer term, we also plan to offer a more minimal compatibility layer implemented by pretending that Google services are offline. Both will be options you can choose to install in a specific profile.
@_copperj@grufwub@CopperheadOS No, this is the direct continuation of the original project by the original development team. The project was started before Copperhead was founded and long before it was incorporated. People can confirm this for themselves by looking at the code, dates and published documents.
@_copperj@grufwub@CopperheadOS You agreed to support this open source project by building a business around it while explicitly agreeing that it would remain as an independent entity from the business without Copperhead directly owning or controlling it. You went back on your word and betrayed the project.
@_copperj@grufwub@CopperheadOS You hijacked the infrastructure and prevented the previous incarnation of the project from ever being able to release a legitimate update again. You stole the donations sent to support the development team and siphoned off the revenue earned based on leeching off the project.