Project

General

Profile

Replicant vs GrapheneOS security

Added by 9be42f24d3 cfcedda835 almost 2 years ago

So i'm pretty torn about this. I know the main focus of replicant is freedom. It will not include any proprietary blobs. You can change any aspect of the code, and remain in control of the device. Uses modems that have known good hardware isolation etc. But the fact is, updates are lacking (i know there will be updates released soon). There are wide open security vulnerabilities in the current releases. If a security vulnerability is exploited there will be a big chance the attacker can get in the entire phone, which could also exist in currently used (free) firmware and drivers.

Now i'm looking at GrapheneOS and it has a whole different approach. It has proprietary blobs (firmware and drivers), but it isolates all these with IOMMU groups. This way if the wifi or baseband gets compromised, the attacker has little chance to get into the main OS. It get regular updates. Has support for newer devices that support these isolating capabilities. It hardens the kernel and other aspects of the OS. And the biggest argument for GrapheneOS is that Edward Snowden supports it. If someone knows how powerful backdoors and spying can be, it is him. Why would he support an OS and phone that has backdoors, security and/or privacy issues, when these are very important issues for him?

So, yes, you lose freedom with GrapheneOS. But what about practical security? Is the current release of GrapheneOS on a supported phone more secure than the current replicant release that's running on a supported phone? I'm having a hard time answering this question.

Some sources for this information about GrapheneOS:
https://old.reddit.com/r/GrapheneOS/comments/cjjyd4/graphene_os/evdv0h8/
https://old.reddit.com/r/GrapheneOS/comments/cnk7uf/security_on_pixel_devices_are_great_arguably/ewbanij/
https://mobile.twitter.com/DanielMicay/status/1158869170429333504
https://mobile.twitter.com/Snowden/status/1175419013402374145


Replies (7)

RE: Replicant vs GrapheneOS security - Added by Lianb Lianb almost 2 years ago

I hope someone answers this as well

RE: Replicant vs GrapheneOS security - Added by Daniel Kulesz over 1 year ago

Of course it all depends on your threat model. But at least with the standard s-boot and heimdall widely open Replicant does not protect you from local attackers at the moment. In addition, it also lacks behind in terms of Android security updates. However, it tries to only run code you can (theoretically) audit and trust, while with GrapheneOS you have to trust more than 200 MB of hardly (if at all) auditable binary blobs.

The issues in Replicant are fixable (just require some work) while I don't think you will be able to fix the issues on the devices currently supported by GrapheneOS anytime soon.

I published a small article that touches a bit on this topic a while ago here:

https://www.kulesz.me/post/110-smartphones/

RE: Replicant vs GrapheneOS security - Added by John Newtral 8 months ago

Fantastic article, Daniel.

Thanks for sharing it.

RE: Replicant vs GrapheneOS security - Added by Kurtis Hanna 8 months ago

Replicant believes that software freedom is the first step towards having security on your mobile device. GrapheneOS thinks you can skip that step and still end up with at a secure handheld device somehow. We plan on providing the ability to optionally run Replicant 11 without the proprietary s-boot bootloader and the TrustZone operating system that runs behind the scenes and instead run free software u-boot. Additionally, Replicant 11 will have up to date security updates, which is unfortunately currently lacking in Replicant 6 due to a lack of update upstream. Oh, and we will finally have GPU acceleration too!

RE: Replicant vs GrapheneOS security - Added by 9be42f24d3 cfcedda835 8 months ago

Thank you Kurtis. Looking forward to the new release! Also it's great that s-boot can be replaced with (a functional) u-boot, another step to fully liberate our devices. Any news about device support? I think many people are patiently waiting for support for the 4G models of the S3 and Note2 since 3G and 2G towers are being phased out or are already phased out in many parts of the world. Also support for newer phones like the pinephone or librem 5 would be greatly appreciated, but i understand that there is probably a lot of code missing upstream (no lineageos, only android distribution that works with limited functionality right now on the pinephone is glodroid).

RE: Replicant vs GrapheneOS security - Added by John Newtral 8 months ago

Kurtis Hanna wrote in RE: Replicant vs GrapheneOS security:

Replicant believes that software freedom is the first step towards having security on your mobile device. GrapheneOS thinks you can skip that step and still end up with at a secure handheld device somehow. We plan on providing the ability to optionally run Replicant 11 without the proprietary s-boot bootloader and the TrustZone operating system that runs behind the scenes and instead run free software u-boot. Additionally, Replicant 11 will have up to date security updates, which is unfortunately currently lacking in Replicant 6 due to a lack of update upstream. Oh, and we will finally have GPU acceleration too!

How wonderful! Thanks for the information!

RE: Replicant vs GrapheneOS security - Added by John Newtral 5 months ago

I would like to remember that GrapheneOS advocates boast about hardened security features that rely on Titan M chip and bootloader running nonfree stuff provided by evil Google.

    (1-7/7)