You can either obtain repo as a distribution package or the self-updating standalone version from the Android Open Source Project. 100GiB+ of additional free storage space for a typical build of the entire OS for a multiarch device.Linking Vanadium (Chromium) and the Linux kernel with LTO + CFI are the most memory demanding tasks. Link-Time Optimization (LTO) creates huge peaks during linking and is mandatory for Control Flow Integrity (CFI). 136GiB+ storage for a standard sync with history, 90GiB+ storage for a lightweight sync.openssh (for verifying GrapheneOS releases).gnupg (for verifying AOSP releases and also used internally by repo for self-update verification).Build dependenciesĪrch Linux, Debian bookworm, Ubuntu 23.04 and Ubuntu 22.04 LTS are the officially supported operating systems for building GrapheneOS.ĭependencies for fetching and verifying the sources: For example, various security features in the kernel including type-based Control Flow Integrity (CFI) and the shadow call stack are currently specific to the kernels for these devices. Pixel targets have a lot of device-specific hardening in the AOSP base along with some in GrapheneOS which needs to be ported over too. Shipping all of this is necessary for full security updates and is tied to enabling verified boot / attestation. Other than some special cases like the emulator, the generic targets rely on the device support code present on the device. Providing proper support for a device or generic device family requires providing an up-to-date kernel and device support code including driver libraries, firmware and device SELinux policy extensions. We recommend using the sdk_phone_x86_64 target in either the userdebug or eng variant for most development work. These emulator targets don't receive full monthly security updates, don't provide all of the baseline security features and are intended for development usage. The best development devices are the Pixel 6 and 7 series. It's not possible to work on everything via past generation devices. Newer generation devices have stronger hardware / firmware security and hardware-based OS security features and are better development devices for that reason. A fully signed user build for these devices is a proper GrapheneOS release. These are all fully supported production-ready targets supporting all the baseline security features and receiving full monthly security updates covering all firmware, kernel drivers, driver libraries / services and other device-specific code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |