GrapheneOS [Unofficial]

Tags:

• 2024030800 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, emulator, generic, other targets)

Changes since the 2024030700 release:

• add back unlocking requirement for the new Internet quick tile in QPR2
• ThemePicker: restore themed icon and grid settings for QPR2 port
• DocumentsUI (Files): work around crashes caused by QPR2 R8 changes resulting in code used via reflection being removed

Google has awarded bounties of $5000, $3000 and $250 for our 3 vulnerability reports related to physical data extraction attack vectors. Both $5000 and $3000 issues are being exploited in the wild. $250 bounty is for a minor issue we found while doing general USB hardening work.

Most serious issue is the one with a $3000 bounty. We provided proof of in the wild exploitation and a proposal for preventing exploiting the class of vulnerabilities which is being implemented. For the one they're awarding $5000, we weren't sure they'd even consider it a bug.

The most serious issue is likely only getting $3000 because we do not know the specific bug being exploited. It was classified a low quality report, not because we did a bad job but because we don't have that info. We did provide a way to prevent getting data by exploiting it.

Our proposal for preventing getting data by exploiting the main issue should ship as a Pixel firmware update next month and the feature will become one of our baseline hardware requirements. It's already harder to use it with GrapheneOS and we've made major recent improvements.

Our recent improvements:

1. New USB-C port control setting integrated into the USB-C controller driver to disable USB at a hardware level. It will become "Charging-only when locked, except before first unlock" by default soon. Shipped in 2024022600: https://grapheneos.org/releases#2024022600

2. We reimplemented our auto-reboot feature with a more hardened implemention which can't be bypassed by crashing system processes. This starts a timer when the device is locked which reboots unless it's successfully unlocked first. Shipped in 2024011300: https://grapheneos.org/releases#2024011300

3. We reduced the default auto-reboot timer from 72 hours to 18 hours. This also shipped in 2024011300. 18 hours is enough that users don't encounter it in practice as long as they unlock their phone a couple times per day. Users who need max security can use 10 minutes.

4. We run a full compacting garbage collection in SystemUI and system_server when the device is locked. Android already does this after unlock to clear credentials. Goes well with our kernel zero-on-free since it zeroes the data. Shipped in 2024020500: https://grapheneos.org/releases#2024020500

Our main proposal should ship for the Pixel firmware in April, resulting in the firmware's fastboot mode fully clearing all of the device's regular memory before enabling USB. We could implement the same thing for the OS to make sure there's no data left from an unclean reboot.

Forensic companies keep misrepresenting adding support for extracting data from GrapheneOS via ADB based on a user providing lock method as being something more in their marketing. This is start of our response. We'll be pushing for much bigger changes for Android and Pixels.

We fully intend to make the same proposals to other Android OEMs like Samsung. We're starting with Pixels because they're the devices we use due to their high level of security. We're also going to begin advocating for big changes like encrypted memory and funding PoC attacks.

We've been working on a duress PIN/password feature for a while that's nearly ready to ship. It's taking so long because we had to prevent bypasses impacting existing panic / duress wipe apps and OS features. We also decided to do the USB-C control and auto-reboot features first.

Since 2016, we've planned to support adding a PIN as a 2nd factor for fingerprint unlock. A new contributor has started working on this feature. We'll get it done after duress PIN/password. This will allow using passphrase primary unlock with fingerprint+PIN secondary unlock.

Tags:

• 2024030700 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, emulator, generic, other targets)

Changes since the 2024030600 release:

• Pixel 6, Pixel 6 Pro, Pixel 6a: fix USB-C mode control issue introduced by QPR2 port which prevented pushing out the last release
• Gallery: work around crashes caused by QPR2 R8 changes resulting in code used via reflection being removed
• Settings: enable Battery information screen in Settings > About device for QPR2 including Manufacture date, Date of first use and Cycle count
• Settings: make the style for settings consistent between Compose and non-Compose settings
• fixes for certain GrapheneOS notifications in QPR2

We're working on a revised release based on Android QPR2 with fixes for various regressions found by the early Alpha channel testers. We didn't keep the initial release in Alpha for long due to an issue impacting USB functionality on 6th gen Pixels.

https://grapheneos.social/@GrapheneOS/112051798319273743

New 2024030700 is currently building across our 3 official build machines and will be available soon. The new release should be able to make it through Alpha channel testing to the Beta channel. If there are no serious issues after 24h of Beta testing, we'll move it to Stable.

USB HAL was significantly changed in QPR2. A major part of of the port was porting our recently added USB-C control feature providing the ability to truly disable USB at a hardware level. Android 12+ USB HAL toggle being used elsewhere only disables high level USB features in OS.

We've disabled USB peripherals while locked since June 2016. Android itself has USB gadget functionality (MTP, PTP, MIDI, Webcam, ADB, etc.) disabled by default. Standard Android USB toggle disables these, not USB data itself. There's also now DisplayPort alternate mode too.

Our USB-C port control feature is not possible through generic Linux kernel code. It requires device specific integration into the USB-C controller driver and USB HAL. It's an extremely valuable feature and supporting a small set of very secure hardware allows us to work on this.

This is the first release of GrapheneOS based on Android 14 QPR2. Android 14 QPR2 is the first Android release following the new development model where quarterly releases follow the development branch. This release is a massive overhaul of the OS almost as large as the migration from Android 13 QPR3 to Android 14 despite fewer user facing changes. This release includes a large part of the migration to Android 15. The new development model will be very beneficial for GrapheneOS by spreading out the porting process throughout the year between major releases as part of the 3 quarterly releases between the yearly major releases.

Since this is a major release, the Pixel 4a (5G) and Pixel 5 have not been ported to Android 14 QPR2 as part our initial release. We need to determine whether it makes sense to move these end-of-life devices to Android 14 QPR2 or keep them on a legacy extended support release branch based on the last Android 14 QPR1 release.

Tags:

• 2024030600 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, emulator, generic, other targets)

Changes since the 2024030300 release:

• full 2024-03-05 security patch level
• rebased onto AP1A.240305.019.A1 Android Open Source Project release, which is the 2nd quarterly maintenance/feature release for Android 14 (QPR2)
• continue to allow disabling cell broadcast extreme alerts with all carriers contrary to QPR2 change
• Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a: add back launcher app pinning to potentially work around launcher bugs
• Vanadium: update to version 122.0.6261.105.0
• Pixel 6 Pro: remove unnecessary product name, model and brand overrides for attestation since we use the official ones
• System Updater: fix typo in error message
• System Updater: fix typo in error message System Updater: update summary for check for updates button now that it always checks immediately

Changes in version 122.0.6261.105.0:

• update to Chromium 122.0.6261.105

A full list of changes from the previous release (version 122.0.6261.90.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

This month's Android release is the first one based on the new development model heavily centered around quarterly releases. It's essentially an early variant of Android 15 with many of the features disabled via feature flags. We're essentially doing a major yearly release port.

We were aware this was going to be the case, but it's still going to take a bit longer than usual. This port should be the hardest one since it's the first one. Future quarterly and yearly releases should be much smaller than this one. It should make the yearly ports much easier.

There's going to be a temporary disruption for us from moving to the first quarterly release under the new model. We didn't treat it as a yearly release with lots of preparation but we'll try to get it as done as quickly as the Android 14 release where we prepared for months.

Despite causing a lot of pain for us for this first migration, the new release model should be a substantial benefit to us. It will mean the changes are spread out throughout the year in quarterly releases and many will get shipped disabled via feature flags so we can port early.

In the very short term, this is a massive pain and disruption for us where we need to put in similar work this month as we did for the yearly Android 14 and Android 13 ports. Going forward, things should be easier. It may also help mitigate the issues caused by mainline modules.

Nearly all our changes are ported and we have builds running in the emulator. There's a lot of work remaining to fix regressions and get device support working. If we aren't done by the end of the day, we can do a security backport release. We'd prefer avoiding an extra release.

We're likely going to need to move the end-of-life Pixel 4a (5G) and Pixel 5 from extended support to legacy extended support. This is a major release with a similar level of changes as Android 13 QPR3 to Android 14, and we don't want to waste our resources on insecure devices.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024030300-redfin (Pixel 4a (5G), Pixel 5)
• 2024030300 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, emulator, generic, other targets)

Changes since the 2024022800 release:

• System Updater: ignore configured constraints for user-initiated update checks
• System Updater: avoid automatic retry for user-initiated update checks
• Settings: migrate to new Compose-based Settings infrastructure in preparation for Android 14 QPR2
• improve GrapheneOS infrastructure for per-app notifications
• Setup Wizard: improve wording for secondary user setup word
• adevtool: fix overlay parsing issues
• adevtool: include missing "Learn more" fingerprint setup text
• GmsCompatConfig: update to version 97

Changes in version 97:

• update max supported version of Play services to 24.08
• update max supported version of Play Store to 39.9
• update Android Gradle plugin to 8.3.0

A full list of changes from the previous release (version 96) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024022800-redfin (Pixel 4a (5G), Pixel 5)
• 2024022800 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, emulator, generic, other targets)

Changes since the 2024022600 release:

• Tensor Pixels: fix issue with the USB changes breaking recovery sideloading and the fastbootd flashing mode used by the web installer which blocked us being able to release the previous release to all users
• Settings: change "Charging only" to "Charging-only" for the USB-C port mode options to make the meaning clearer
• Vanadium: update to version 122.0.6261.90.0

Changes in version 122.0.6261.90.0:

• update to Chromium 122.0.6261.90

A full list of changes from the previous release (version 122.0.6261.64.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024022600-redfin (Pixel 4a (5G), Pixel 5)
• 2024022600 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, emulator, generic, other targets)

Changes since the 2024022300 release:

• Tensor Pixels: add new USB-C port mode setting to Settings > Security providing a high level of control over USB functionality with hardware-specific integration for disabling USB controller functionality including fully disabling the data lines. There are 5 modes: On (current default during testing), Charging-only when locked except before first unlock (likely near future default), Charging-only when locked, Charging-only and Off (which even disables charging while booted into the normal OS mode). The modes tied to lock state permit already connected devices to continue working after locking and disable the data lines at a USB controller level after disconnecting. This is much different from the existing USB features including the Android 12 USB HAL toggle which only disable high-level kernel functionality and leave all the low-level kernel driver, USB protocol and USB controller attack surface enabled.
• kernel (5.10, 5.15): add support for ignoring USB alt modes
• kernel (Tensor Pixels): extend max77759 USB-C controller driver used by Tensor Pixels with support for a sysfs node providing fine-grained control over the USB-C data path at the USB controller level
• Setup Wizard: fix crash for SIM locales not recognized by com.android.internal.app.LocalePicker

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024022300-redfin (Pixel 4a (5G), Pixel 5)
• 2024022300 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, emulator, generic, other targets

Changes since the 2024020500 release:

• completely new GrapheneOS Setup Wizard implementation for the initial setup of the device and secondary user profiles
• Theme Picker: update color schemes including adding the monochromatic colorscheme option
• Sandboxed Google Play compatibility layer: always apply PhenotypeFlag overrides to avoid regressions for some users
• Sandboxed Google Play compatibility layer: catch SecurityException from setApplicationEnabledSetting() instead of relying on PhenotypeFlag override
• Sandboxed Google Play compatibility layer: add support for Android Auto 11.3 by extending the wireless Android Auto and phone call handling toggles to also allow BluetoothAdapter#getActiveDevices
• Sandboxed Google Play compatibility layer: add developer functionality for updating Android Auto via the Play Store for testing
• Storage Scopes: avoid legacy apps using legacy storage crashing when trying to access the wallpaper
• remove legacy AOSP Search app now that Vanadium provides the global search intent in addition to the more common web search intent also implemented by other browsers including Brave
• fix upstream bug breaking package manager support for uninstalling apps only installed in other profiles from the Owner user
• Settings: improve strings for network connection toggles
• kernel (5.10, 5.15, 6.1): temporarily ignore sysrq_always_enabled to avoid sysrq being enabled on devices passing it on the kernel line unconditionally
• kernel (5.10): update to latest GKI LTS branch revision
• kernel (5.15): update to latest GKI LTS branch revision
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.75
• Pixel 4a (5G), Pixel 5: update to UP1A.231105.001.B2 vendor files
• Vanadium: update to version 121.0.6167.164.0
• Vanadium: update to version 121.0.6167.178.0
• Vanadium: update to version 122.0.6261.43.0
• Vanadium: update to version 122.0.6261.43.1
• Vanadium: update to version 122.0.6261.64.0
• GmsCompatConfig: update to version 94
• GmsCompatConfig: update to version 95
• GmsCompatConfig: update to version 96

We provide an official list of hardware requirements based on current generation devices:

https://grapheneos.org/faq#future-devices

These are the current hardware features we consider important enough to be listed as mandatory requirements. They're all current features, not planned/future ones.

Other than proper updates, the most important feature on the list is the ARMv9 Memory Tagging Extension (MTE) launched with the Pixel 8 and Pixel 8 Pro. MTE is currently exclusive to GrapheneOS since the stock Pixel OS only provides it as a development option with major caveats.

There are a lot of misconceptions about smartphone security including the widespread misconception that cellular radios aren't isolated. Cellular radio isolation is one of the features on this list which is near universally available rather than Pixel exclusive like MTE support.

Cellular radio isolation was implemented on the first two devices we supported (Nexus 5 and Galaxy S4). Since we started, nearly all of the weaknesses discovered with cellular radio isolation have been OS bugs where an attacker could exploit a driver/service to compromise the OS.

We've never supported a device without cellular radio isolation. On the other hand, before Pixels, the devices other than the Nexus 5X lacked Wi-Fi radio isolation and gave it access to all memory. That issue has been solved on most smartphones but remains on laptops/desktops.

There are several niche phones with a cellular radio connected via USB marketed based on falsely claiming mainstream devices lack cellular radio isolation. USB protocol has a massive amount of attack surface and also allows acting as a keyboard, mouse, display, speaker, etc.

In reality, connecting a poorly supported, less secure radio via USB is much worse than the status quo.

Also, Snapdragon having cellular, Wi-Fi, Bluetooth and GNSS integrated into the main SoC doesn't make it less isolated than Pixels using 3 separate radio chips from the SoC.

The only issues we have with Snapdragon are the lack of MTE support and their tendency to use their own proprietary approach to everything such as not using pKVM for virtualization, not using AOSP PSDS, not implementing SUPL in the OS, etc. Only the lack of MTE is a real blocker.

Changes in version 122.0.6261.64.0:

• update to Chromium 122.0.6261.64
• add support for using Vanadium Config on the current oldest minimum OS version (Android 10) which we intend to increment to Android 13 in the near future

A full list of changes from the previous release (version 122.0.6261.43.1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Our features page now has a section listing the features added by our Vanadium browser and WebView:

https://grapheneos.org/features#vanadium

It explains the approach to content filtering, anti-fingerprinting and state partitioning including current limitations. Major improvements are coming.

The only other browser we can currently recommend is Brave. It preserves most of the security of mobile Chromium while adding more state partitioning, anti-fingerprinting and the most advanced content filtering engine. Vanadium is more secure but needs to catch up in those areas.

Changes in version 122.0.6261.43.1:

• add initial basic support for filtering ads based on a subresource filter APK updated separately from Vanadium

A full list of changes from the previous release (version 122.0.6261.43.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Changes in version 96:

• update max supported version of Play services to 24.07
• update max supported version of Play Store to 39.7
• update Android Gradle plugin to 8.2.2

A full list of changes from the previous release (version 95) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Changes in version 122.0.6261.43.0:

• update to Chromium 122.0.6261.43
• checkout PGO profiles by default now that PGO is enabled by default for Android production builds

A full list of changes from the previous release (version 122.0.6261.43.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

SSH public key for signing GrapheneOS releases:

contact@grapheneos.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUg/m5CoP83b0rfSCzYSVA4cw4ir49io5GPoxbgxdJE

This key has been used for signing our Git tags since January 2023 and will also replace signify for factory images releases.

Official builds of GrapheneOS are signed with per-device signing keys for updates and verified boot. Those signatures are automatically verified.

The signatures for source releases (Git tags) and factory images are a separate thing and we're standardizing on using SSH for those.

We replaced GPG with signify for signing factory images in 2019 prior to SSH having file signing support. Signify is perfectly modern, unlike GPG which is a poorly designed legacy technology. However, SSH signing is a lot more broadly available than signify and is a bit nicer.

Our SSH public key is signed with our previous GPG and SSH keys:

Key: https://grapheneos.org/allowed_signers Signify signature: https://grapheneos.org/allowed_signers.sig GPG signature: https://grapheneos.org/allowed_signers.asc

GPG key has been fully retired for a while and the signify key will also be retired going forward.

We've completed replacing the factory images signify signatures with OpenSSH signatures. It only impacts users following the traditional CLI install guide. It's a nice improvement since Windows and macOS have it in the base install and nearly all Linux distributions package it.

Each supported OS for installation either has a Chromium-based browser in the base install (Android, ChromeOS, Windows) or a first party repository with one available, so the web install avoids this problem and relies on verified boot for verifying the flashed firmware and OS.

Changes in version 121.0.6167.178.0:

• update to Chromium 121.0.6167.178
• disable selecting initial search query text for the web and global search intents added by GrapheneOS

A full list of changes from the previous release (version 121.0.6167.164.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Changes in version 95:

• add stub for Vibrator.addVibratorStateListener() since it requires the privileged ACCESS_VIBRATOR_STATE
• update max supported version of Play Store to 39.6

A full list of changes from the previous release (version 94) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Changes in version 121.0.6167.164.0:

• update to Chromium 121.0.6167.164
• mark origin trials for opting out of third party storage partitioning as unsupported on Android
• add support for global search intent in addition to our existing web search intent handling to have Vanadium fully replace the AOSP Search app
• extend toggle for opening links in incognito to custom tabs and search intents

A full list of changes from the previous release (version 121.0.6167.143.1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Changes in version 94:

• update max supported version of Play services to 24.05
• update max supported version of Play Store to 39.5
• update Gradle to 8.6

A full list of changes from the previous release (version 93) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024020500-redfin (Pixel 4a (5G), Pixel 5)
• 2024020500 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, emulator, generic, other targets)

Changes since the 2024012600 release:

• full 2024-02-01 security patch level
• full 2024-02-05 security patch level
• rebased onto UQ1A.240205.004 Android Open Source Project release
• run full compacting garbage collection purging all regular Java heaps of dead objects in SystemUI and system_server after locking (this is already done after unlocking to purge data tied to the lock method and derived data, but it makes sense to do it after locking too)
• kernel (Pixel 4a (5G), Pixel 5, Pixel 5a): update to latest Android 14 QPR2 Beta release including additional security fixes
• kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.209
• kernel (Pixel 8, Pixel 8 Pro, Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.148
• kernel (Pixel 8, Pixel 8 Pro, Generic 5.15, Generic 6.1): enable both software Shadow Call Stack (SCS) and Pointer Authentication Code (PAC) protection for kernel return addresses instead of only using SCS when PAC is unavailable
• kernel (Pixel 8, Pixel 8 Pro, Generic 5.15, Generic 6.1): enable Branch Target Identification (BTI) protection for the kernel in addition to Clang type-based CFI to provide coarse-grained CFI coverage for indirect calls excluded from type-based CFI
• kernel (Generic 6.1): apply sysrq hardening changes
• kernel (Generic 6.1): update to latest GKI LTS branch revision including update to 6.1.74
• Settings: enable SIM deletion confirmation by default
• System Updater: clarify name of the notification channel for already being up to date
• Messaging: update MMS configuration database based on Google Messages 20240123_01_RC02
• Dialer: update visual voicemail (VVM) configuration database based on Google Phone 121.0.603393336
• Vanadium: update to version 121.0.6167.101.2
• Vanadium: update to version 121.0.6167.101.3
• Vanadium: update to version 121.0.6167.143.0
• Vanadium: update to version 121.0.6167.143.1
• Camera: update to version 65
• Camera: update to version 66