GrapheneOS is an open source privacy and security focused mobile OS with Android
app compatibility.
Official Releases are available on the releases page and
installation instructions are on the install page.
See the GitHub organization for sources
of the OS and various standalone sub-projects including the cutting edge
new
hardened memory allocator and other projects.
The official GrapheneOS releases are supported by the
Auditor app and
attestation service for hardware-based
attestation. For more details, see the about page and tutorial. You can also extend these with
support for your own builds.
The sources are available via the
manifest on GitHub.
Early stage of development
GrapheneOS is a privacy / security research and engineering project that has been
under way for over 5 years. It recently became rebranded as GrapheneOS and is taking a
different direction based on obtaining funding for the research and development work
as a non-profit open source project rather than being a company. The reborn project is
still in a very early stage and lots of the past work on privacy and security has not
yet been restored for the new incarnation of the OS.
The grapheneos.org site is very new and is currently being put together. It will
have lots of additional documentation and tutorials in the future along with coverage
of various software, firmware and hardware privacy/security topics.
GrapheneOS is being supported with funding and developers from various companies
and other organizations interested in contributing to this shared base for a feature
rich private and secure mobile operating system able to run many existing
applications. It will take more time to organize and deploy these resources in order
for the project to have a strong development team with proper infrastructure behind
it.
Roadmap
Details on the roadmap of the project will be posted on the site in the near
future. In the long term, it aims to move beyond a hardened fork of the Android Open
Source Project. Achieving the goals requires moving away from relying the Linux kernel
as the core of the OS and foundation of the security model. It needs to move towards a
microkernel-based model with a Linux compatibility layer, with many stepping stones
leading towards that goal including adopting virtualization-based isolation.
Hardware and firmware security are core parts of the project, but it’s currently
limited to research and submitting suggestions and bug reports upstream. In the long
term, the project will need to move into the hardware space.
Device support
In the current early stage of the project, GrapheneOS provides production releases
for the Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3 and Pixel 3 XL. It will support
other devices in the future, but devices are carefully chosen based on their merits
rather than the project aiming to have broad device support. Broad device support is
counter to the aims of the project, and the project will eventually be engaging in
hardware and firmware level improvements rather than only offering suggestions and bug
reports upstream for those areas. Much of the work on the project involves changes
that are specific to different devices, and officially supported devices are the ones
targeted by most of this ongoing work. GrapheneOS also has source level support
without device-specific hardening for the Android emulator, HiKey, HiKey 960 and also
generic targets providing basic support for many other devices.
Devices need to be meet the standards of the project in order to be considered as
potential targets. In addition to support for installing other operating systems,
standard hardware-based security features like the hardware-backed keystores, verified
boot, attestation and various hardware-based exploit mitigations need to be available.
Devices with support for alternative operating systems as an afterthought will not be
considered. Devices need to have proper ongoing support for their firmware and
software specific to the hardware like drivers in order to provide proper full
security updates too. Devices that are end-of-life and no longer receiving these
updates will not be supported.
In order to support a device, the appropriate resources also need to be available
and dedicated towards it. Releases for each supported device need to be robust and
stable, with all standard functionality working properly and testing for each of the
releases.
Hardware, firmware and software specific to devices like drivers play a huge role
in the overall security of a device. The goal of the project is not to slightly
improve some aspects of insecure devices and supporting a broad set of devices would
be directly counter to the values of the project. A lot of the low-level work also
ends up being fairly tied to the hardware.
Some of the GrapheneOS sub-projects support other operating systems on a broader
range of devices. Device support for Auditor and AttestationServer is documented in
the overview of those projects. The
hardened_malloc project supports nearly
any Linux-based environment due to official support for musl, glibc and Bionic along
with easily added support for other environments. It can easily run on non-Linux-based
operating systems too, and supporting some like HardenedBSD is planned but depends on
contributors from those communities.
