this post was submitted on 14 Mar 2024
38 points (97.5% liked)

GrapheneOS [Unofficial]

1696 readers
2 users here now

Welcome to the GrapheneOS (Unofficial) community

This feed is currently only used for announcements and news.

Official support available on our forum and matrix chat rooms

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.

Links

More Site links

Social Media

This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

founded 4 years ago
MODERATORS
KindnessInfinity@lemmy.ml
maade@lemmy.ml
akc3n@lemmy.ml
treequell@lemmy.world
38
GrapheneOS New Low-Level USB-C Port Control Enabled By Default And Future Hardening Plans (grapheneos.social)
submitted 1 year ago by KindnessInfinity@lemmy.ml to c/grapheneos@lemmy.ml
1 comments fedilink hide all child comments
 

https://grapheneos.social/deck/@GrapheneOS/112081050753600852

Our recently added low-level USB-C port control feature is now enabled by default. Default mode disables new data connections once the device is locked after the initial unlock. It fully disables the data lines once any existing connections finish.

This is far superior to the standard USB toggle added in Android 12 to the USB HAL and device admin API. That only allows disabling USB at a high level and leaves all the low-level kernel USB driver/protocol and firmware attack surface enabled. It's also simply either on or off.

We also improved the usability of the feature by resetting the USB port when unlocking the device for modes that are charging-only while locked. This causes devices first connected while locked to be detected on unlock. We wanted to address this before enabling it by default.

Our previous USB peripheral control option will likely be removed on devices supporting the new feature, so it will only need to be kept on 5th generation devices. In theory, we could probably implement the new feature for those, but it requires complex device-specific work.

The other major new feature is fully enabling PAC/BTI for userspace on the Pixel 8 and Pixel 8 Pro. Stock OS currently only enables PAC for the kernel where we already enabled BTI to cover functions excluded from type-based CFI. MTE was our priority since it's far more impactful.

We want to enable stack allocation MTE but we need to make sure it works with all of the OS including Chromium's garbage collector stack scanning in Vanadium. Other Chromium-based browsers disable MTE at runtime and Firefox doesn't currently use it, so they don't really matter.

SSP is fully obsoleted by properly implemented stack allocation MTE but the issue is that not everything is compatible with MTE so SSP still needs to be enabled for everything they might use. We have a similar issue with canaries in hardened_malloc which we can't disable yet.

Our features page (https://grapheneos.org/features) needs massive updates to cover everything we've added and changed recently. We'll try to document most of the new major features there in the next few days. It also needs a lot of expansion for the existing features it already covers.

you are viewing a single comment's thread
view the rest of the comments
[–] MajorHavoc@programming.dev 1 points 1 year ago

This is very cool. Thank you!