upvote

points

by revolvingthrow16 hours ago |
comments
upvoteby strcat5 hours ago|
next
[-]
Dual booting would sacrifice a lot of the hardware-based security feature integration and would be much further from passing attestation checks. GrapheneOS fully supports hardware-based attestation but Google doesn't permit it in the Play Integrity API. Directly booting the fully unmodified stock OS is required to pass the hardware attestation checks for the stock OS. GrapheneOS appears as GrapheneOS in the attestation metadata and a dual boot setup would appear as that specific dual boot setup. Since it would have a bunch of security sacrificed for it, it would be far harder to convince services to permit that. It would be counterproductive.

GrapheneOS has near perfect app compatibility other than the Play Integrity API banning it from the overall tiny number of apps using it. It has per-app compatibility toggles for privacy and security features which trip other anti-tampering checks, find memory corruption bugs in apps, etc. There are a couple known compatibility issues from anti-tampering checks from the secure spawning feature but it has a toggle.

The stock OS isn't what's needed but rather directly booting it from the firmware with 0 modifications. Dual booting would require booting something else and major modifications to deal with hardware APIs not designed for multiple operating systems using them at the same time. Secure element / TEE APIs including the hardware keystore and attestation, etc. are not designed for dual boot. A/B updates, verified boot, firmware updates, etc. would need to be dealt with by the bootloader system. It would be complex and messy. The end result would not be a hardened device or one compatible with standard attestation checks.

reply
upvoteby 6 hours ago|
prev|
next
[-]
deleted
reply
upvoteby nout7 hours ago|
prev|
next
[-]
Some retrogaming devices have multi-boot options where you can pick between android and linux (e.g. Anbernic RG353V).
reply
upvoteby vegenaise7 hours ago|
prev|
next
[-]
i cannot speak to the current situation, but years and years ago, it was a thing. i had a crappy motorola razr smartphone in like 2012 that i set up dualboot on, and i think i also had dualboot on my google nexus 5, though i could be mistaken about that. it was a thing though.
reply
upvoteby palata14 hours ago|
prev|
next
[-]
Well, authoritarian governments don't like to be at the mercy of another country. So even for authoritarian governments it would make a lot of sense to allow open source alternatives like GrapheneOS instead of depending entirely on US monopolies.
reply
upvoteby zb310 hours ago|
prev|
[-]
GrapheneOS said that's not possible, but I'd actually want to see some expanded explanation.

TEE attests that the OS is booted with a given AVB key, OS version and the bootloader unlock state..

But I know that vbmeta is per-slot, so I guess the whole chain is.. I also read that if you flash "custom_avb_key", the original AVB key is also permitted..

Could this mean we could theoretically dual-boot while being able to flash the OS manually using fastbootd?

Credential Encrypted userdata would be unaccessible though, I'm not sure if the second OS could mount that partition at all.

But I'd like someone more competent to address all this.

reply
upvoteby strcat5 hours ago|
parent|
[-]
Dual booting would be much further from passing attestation checks and would be incompatible with a bunch of the hardware-based security features. The boot slots are needed for A/B updates and include the firmware partitions. They're not useful for this and don't provide useful functionality for it. It would be entirely possible to build a bootloader for loading multiple different operating systems but it would be a hacked together mess without proper firmware updates or security. It would require heavily modifying both GrapheneOS and the stock OS to fit them into it. It would require losing a lot of the hardware-based security integration. What would be the point? The end result would be much further from passing attestation checks than GrapheneOS. GrapheneOS has near perfect app compatibility with the exception of the Play Integrity API. Other anti-tampering checks are largely compatible with GrapheneOS with the exception of tripping from certain hardening features which is increasingly being resolved with workarounds and there are toggles to avoid it already.
reply