Copperhead OS shutdown, time for a new choice?

[BearChavez]

I know work on this hasn't happened for a long time, but with Copperhead OS no longer being trusted, I figured that maybe the work on this will need to be updated or changed. I would suggest Lineage OS as the original did follow Cyanogen. Obviously the security isn't as high as COS, but this would provide a larger device base to work with. This would also make OTA updates possible, as well as just forking this all into it's own ROM and essentially baking the wanted security features and apps needed into the package so a simple flash of a zip file would set this all up I'm not very deep into Android development, and this would take some time and dedication to set up, but in the end the project could be a lot easier to maintain if others decide to join in and help. I would help if I could, but I don't have the needed resources to be able to even get a test build up or start working on a test build, otherwise I would start working on this ASAP

[ypid]

Hey guys, things are progressing a lot. We now have GrapheneOS and Hashbang OS on which mission-improbable could build on. It is my understanding that GrapheneOS and Hashbang OS combined can provide a solid foundation. Hashbang OS starts to integrate more work of GrapheneOS. As of now, Hashbang OS (including some open PR), can automatically build AOSP (Android 10) from source for Pixel 2, 3 and 3a (including the XL variants), sign it with your own keys, generate the required files to run your own OTA update server and has a framework to include custom patches. Hashbang OS has a focus on reproducible builds and cryptographically hash locking all downloaded files.

Now, looking back at mission-improbable after the work on Hashbang OS I am involved in, I am even wondering why mission-improbable did not go into the direction of build from source directly?

Refer to https://www.reddit.com/r/RattlesnakeOS/comments/8y88yt/suggestions_from_an_opinionated_security/ which I see as the Hashbang OS manifesto.

[burdges]

I presume Graphene OS still uses the grsec kernel build? Hashbang OS too?

Isn't relocking the boot loader available by default in Graphene OS? I think much of the complexity here comes from relocking the boot loader.

[ypid]

I presume Graphene OS still uses the grsec kernel build? Hashbang OS too?

This part of past hardening has not been restored/ported (yet) on Android 10 in GrapheneOS (and thereby also not by Hashbang OS which has a more narrow focus and sees GrapheneOS as its "upstream" project, I would say).

Hashbang OS is basically AOSP. What Hashbang OS does really well is the automated build system and it’s plans to create a distributed AOSP build system and verification by the updater on Android phones.

Isn't relocking the boot loader available by default in Graphene OS?

Both GrapheneOS and Hashbang OS support and recommend relocking.