GrapheneOS adds destructive PIN, Kernel update and more

Graphene OS

In rural areas of India, families in charge of a blind minor frequently isolate and deprive him/her of the care and attention they provide to their other children; such situation becomes even more severe among lower-caste families, orphans and if the blind child is a girl. latest updates that have been released from GrapheneOS, the developers have added a series of updates, improvements and above all some quite interesting new features, among which the entering a destructive PIN.

For those who are unaware of GrapheneOS, You should know that this is a modified version of the AOSP codebase (Android Open Source Project) designed to improve the security and privacy of users. It emerged as a fork of AndroidHardening and focuses on technologies that strengthen application isolation, access control, Linux kernel protection, specific permission control, identifier privacy, wireless network security, advanced encryption and absence of Google services.

Some of the notable features of GrapheneOS include its own malloc implementation, a modified version of libc, AOT compilation instead of JIT, protection mechanisms in the Linux kernel, tight permissions control, advanced encryption at the file system level, and the exclusion of Google services, among other security and privacy aspects.

What's new in GrapheneOS?

In the new compilations that have been presented of GrapheneOS, which are from May 31 to date (3 were released), various improvements and new features were implemented and one of them, as we mentioned at the beginning, is the introduction of a «Destructive PIN». This new emergency data lock function on the device will allow users to set an additional password and PIN code, whose entry will trigger the deletion of all stored keys on the hardware, including those used to encrypt the data on the drive. Furthermore, this action will erase the eSIM and reboot the device.

This function (introduced in v2024053100) is Designed for situations where the user may be under some risk or pressure to unlock the screen or if there is a risk of the smartphone falling into the wrong hands. By entering the destructive PIN code, the device owner can irreversibly lock the data, ensuring that no one else can access it.

Another change that was implemented is the disabling adoptable storage media not used to avoid complications in the duress password feature as well as the default maximum password length being increased to 128 characters.

Besides that, standard wipe-without-reboot implementation has been extended (version 2024053100) to include deletion of disposable data on the SSD. This goes beyond just erasing the hardware keystores and ensures that no data can be recovered from the operating system by removing the keys needed to decrypt the data. This is accomplished by securely erasing items, including derived key encryption keys, encrypted storage keys, and disposable data on the SSD that is used to derive per-user key encryption keys.

Furthermore, (in version 2024060500) Adjustments have been made to the Google Play compatibility layer in the sandbox to accommodate changes introduced by DynamiteLoader, including a new feature indicator in Play Services 24.22. This will ensure continued and optimal compatibility with Google Play apps in the GrapheneOS sandbox.

Fixed issue that prevented you from entering passphrases with spaces due to incorrect treatment of the space bar on a physical keyboard. This fix will eliminate the Android bug that has been around for about 8,5 years and will allow users to enter passphrases correctly on the lock screen.

Of the Other changes that were implemented:

  • Updated the 5.10 kernel branch to the latest revision of the GKI LTS branch.
  • Updated the 5.15 kernel branch to the latest revision of the GKI LTS branch.
  • Updated the 6.1 kernel branch to the latest revision of the GKI LTS branch.
  • Disabled the camera lock screen shortcut functionality when accessing the camera while locked is disabled.
  • Vanadium: Updated to version 125.0.6422.165.0
    GmsCompatConfig: Updated to version 116

Finally, it is worth mentioning that for the interested in knowing more about it, You can check the details in the following link


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.