So what should be done about it? EU Commission issue a decree that it should never be spoken or debated again in public? Never proposed? Any other tyrannical idea?

Do you have a list of other things that shouldn't be brought in front of the elected parliament?

Can you show an example of defeating hardware attestation? It would be useful for many 3rd party ROM users.

Gaming consoles typically have hardware attestation (as in verified software on verified hardware, sealed), and it has been broken many times in the past.

most times it's done by (reliably re-)rooting a attested phone in a way which bypasses detection of the attestation system

so not really useful for 3rd party ROMs

Quite useful for scammers, though, which is why this is so irritating with regards to digital IDs.

Since you're so much more informed - which integrity guaranteeing product would you use for mobile devices that European citizens use? Covering more than 90% of population?

You mean Universal Attestation, which is from a vendor cartel, of which most of the individual vendors are typically waaaaay behind security updates, etc.

No, it wasn't those. It was another EU org.

This is rarely actually true but it's a common falsehood told by people who have financial interest of keeping everyone on AWS.

And that includes engkneers that only know how to use AWS and are terrified at having to learn something else.

10a will get longer support, so why not (unless 9a is significantly cheaper)?

No, GrapheneOS adheres to the same support period that the OEM provides. End of life devices are insecure and should not be used. Only the OEM can provide the firmware updates necessary for proper support, because the firmware images are signed by the OEM/component manufacturers. All GrapheneOS can do is push the updated firmware.

GrapheneOS has a requirement of a 5-7 year support window from an OEM.

Graphene OS only supports devices for as long as the manufacturer is providing security updates for the phone's firmware. Firmware is binary blob, so there'd be no practical way for anyone else to provide/develop security updates once the manufacturer is no longer providing official updates.

Their partnership with Motorola, I think, involves some ability of Graphene OS devs to access/harden/update the firmware, but I'm not 100% sure. Firmware on phones, especially for the baseband processor, often involves a nasty confluence of copyright, trade secrets, patents, and government rules/demands.

It can be done, fairphone rather famously did it once.

But it is vastly uneconomical, and I doubt anyone is going to start doing it regularly.

We really need some kind of regulation demanding firmware support for longer. The EU seems the most likely entity to achieve something like that. Phone vendors can't even control how long they support their own hardware, because the SoC is almost always Qualcomm, and once they drop support, there aren't any good options left.

> It can be done, fairphone rather famously did it once.

No, they ported a new major Android release beyond what the SoC officially supported. They had already stopped providing firmware, kernel or driver security patches long before that point. They did what LineageOS regularly does by porting a new major Android release to hardware not officially supporting it. Unlike LineageOS, they had to convince a company to certify it as meeting the CDD/CTS requirements. Most OEMs including Fairphone have major CDD/CTS violations but yet still get certified in practice so that doesn't really mean as much as you'd think. It's common for Android OEMs to break functionality tested by the CTS and yet somehow they have certification. This is part of why the Play Integrity API's flimsy justification for the highly anti-competitive approach it uses is such nonsense.

Even the Fairphone 5 already lacks standard Linux kernel security patches due to having an end-of-life kernel branch. Fairphone doesn't provide anything close to proper updates.

Qualcomm offers up to 8 years of major Android version updates and basic security patches for their firmware and drivers. They charge money for each year of support. It's there if OEMs are willing to pay for an up-to-date SoC and pay for many years of support.

Ah righteo. Thanks for updating my understanding.

GrapheneOS will stop releasing updates when Google stops supporting a device. They put an emphasis on security and unpatched drivers or firmware (which they can't/won't/don't have the resources to patch) are a major security risk.

Luckily, Google's support periods are actually quite long, and very clear (stated on the website on launch date, unlike iOS or even Windows these days).

I doubt Motorola will give him a phone cheaper than 449$ though.

Powerline in practice does not come anywhere near performance of a good WiFI7 setup - even through walls WiFi tends to be more stable and faster outside special conditions (e.g. multiple floors or thick walls).

What does this rant have to do with the linked report in this article?

> What does this rant have to do with the linked report in this article?

This is not a rant. I responded to OPs message point by point and simply expressed my opinion on these matters just like he did.

I also responded to OPs thinly veiled accusations that are completely unfounded and downright accusatory.