TLDR: Drug dealers in Catalonia have started to adopt GrapheneOS en masse leading to Catalan police suspecting anyone with a Google Pixel is a drug dealer
TLDR: Drug dealers in Catalonia have started to adopt GrapheneOS en masse leading to Catalan police suspecting anyone with a Google Pixel is a drug dealer
The have their reasons: https://grapheneos.org/faq#future-devices
I know you’re only trolling here and I’m feeding into it, but you nerd sniped me just right to explain why your question is stupid on multiple fronts.
First of all, “Ring -1” is the hypervisor, at least on virtualization-capable devices (which modern Pixels are), and the hypervisor will be Linux’s KVM in this case, which is open source and compiled by the Graphene team as part of the kernel from source.
Secondly, Arm (which is the architecture basically all phone chips use, including Pixels) has a slightly different model of security, where apps are Exception Level 0, the OS is EL1, the hypervisor is EL2, and the “secure monitor” (or management firmware) is EL3 (and is probably what you were trying to refer to).
So yeah, I don’t think you know what “Ring -1” is. At least not enough to warrant a snarky comment.
“-1” is not just hypervisors, things like Intel Management and AMD Platform Security Processor can peer into system memory. I have no doubt similar system exist on ARM, I suspect the radio transceiver can also read system memory and read secrets out of the security devices.
I don’t think modern phones are trustable devices. They are opaque blackboxes, pretending to have high security but this security only really protects the spyware operators from being notices.
I don’t think it’s coincidence that the most “secure” and “private” operating system only operates on a very narrow model selection of phones from just one manufacturer. Probably because they have the best technology to keep the inherent backdoor invisible and implausible. A backdoor to a system nobody trusts wouldn’t be very useful.