GrapheneOS (@GrapheneOS@grapheneos.social)
grapheneos.social
Our upcoming 2-factor fingerprint unlock will make using a strong passphrase as primary unlock method practical via fingerprint+PIN secondary unlock instead of fingerprint-only. Great for people who want to avoid relying on secure element throttling but don't want fp-only unlock.

Latest release of GrapheneOS finally shipped the long awaited duress PIN/password implementation. If you have a spare device, we recommend trying it out.

We’ve added initial documentation to the features page:

https://grapheneos.org/features#duress

It near instantly wipes and shuts down.

We’ve also finally added documentation on our USB-C port control to our features page:

https://grapheneos.org/features#usb-c-port-control

Most users can set this to “Charging-only when locked” without a loss of functionality or even “Charging-only” if you don’t use USB accessories, DisplayPort or MTP.

Default is “Charging-only when locked, except before first unlock” to avoid locking users out of devices with a broken touchscreen. The main threat model for this is defending the device until the auto-reboot timer started when the screen is locked gets user data back at rest.

Our upcoming 2-factor fingerprint unlock will make using a strong passphrase as primary unlock method practical via fingerprint+PIN secondary unlock instead of fingerprint-only. Great for people who want to avoid relying on secure element throttling but don’t want fp-only unlock.

  • MajorHavoc@programming.devEnglish
    1·
    5 months ago

    Also, could you have a duress pin+fingerprint in addition to a duress password?

    If I read the release notes correctly, I think that’s the case. The Duress mode requires setting both a Duress pin and a Duress password, (I think it’s) so that no matter the current sign in options, Duress mode is still available.