GrapheneOS v2024053100: Duress Password and PIN

GrapheneOS is an open-source, privacy and security-focused mobile operating system based on the Android Open Source Project (AOSP).

GrapheneOS v2024053100: Duress Password and PIN
  • "GrapheneOS version 2024053100 released. Duress Password is finally here," announced @final on Nostr.
  • Duress password is a special type of password used in situations where a user is forced to provide access under threat or coercion. In the GrapheneOS implementation, it triggers the wiping of hardware keystore keys to make all OS data unrecoverable, wipes eSIMs, and shuts down the device.

What's new

  • Add support for setting a duress password and PIN for quickly wiping all hardware keystore keys including keys used as part of deriving the key encryption keys for disk encryption to make all OS data unrecoverable followed by wiping eSIMs and then shutting down.
  • Disable unused adoptable storage support since it would complicate duress password feature (can be added if we ever support a device able to use it).
  • Increase default max password length to 128 to improve support for strong diceware passphrases, which will become more practical for people who don't want biometric-only secondary unlock with our upcoming 2-factor fingerprint unlock feature.
  • Disable camera lockscreen shortcut functionality when camera access while locked is disabled to avoid the possibility of misconfiguration by adding the camera lockscreen shortcut and then forgetting to remove it when disabling camera access.
  • kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.153.
  • kernel (6.1): update to latest GKI LTS branch revision.
  • Vanadium: update to version 125.0.6422.147.0
  • GmsCompatConfig: update to version 115
  • make SystemUI tests compatible with GrapheneOS changes

Announcement / Archive
Full Changelog