According to the linked article it prevents the use of Samsung Pay and access to the Secure Folder (an extra layer of security you can enable that requires a second PIN to be input before you can access certain apps and files). This seems pretty reasonable, the goal is clearly to prevent access to especially sensitive data if someone has stolen the phone.
I can maybe understand not wanting other operating systems in their attestation chain that is protecting a payment system from the standpoint of liability.
All of the other things are entirely hardware features that any OS should be able to use. They’re using the ARM Trusted Execution Environment (ARM TrustZone) and a embedded Secure Element to enable the ability to store cryptographiclly secured files without the system ever having access to the keys.
Both TEEs and eSEs are not a Samsung invention or IP and are enabled by hardware on the device, the TEE is part of the ARM standard and is used in a huge number of other OSs (https://en.wikipedia.org/wiki/ARM_architecture_family). Secure Elements are also widely used pieces of hardware supported by innumerable OSs and also a feature of the hardware that you paid for.
GrapheneOS also claims it’s not defending against anything real. Which makes sense as Pixels can clearly maintain security while allowing alternate OSes. So this is just hostile vendor lock-in. Disappointing as there was some speculation that OP would be the GOS OEM, but there’s no way they would do this is that was true.
Sad. Having used the OPX, OP6T, OP9, and briefly the OP10, I can honestly say their hardware is usually pretty good. I went to Graphene on a Pixel for the software. Software was always Oneplus’ weak point so it’s extra silly that they’re doing this. So many hobbyists have bought OP hardware and used it with software of their choice. They started co-developing their Oxygen OS with Oppo a while back and that’s when it really went to hell.
That makes sense. I figured they were worried that an alternate OS would be more likely to exploit their encryption somehow, but if it’s all using industry standard hardware then it really ought to be open.
According to the linked article it prevents the use of Samsung Pay and access to the Secure Folder (an extra layer of security you can enable that requires a second PIN to be input before you can access certain apps and files). This seems pretty reasonable, the goal is clearly to prevent access to especially sensitive data if someone has stolen the phone.
It’s not reasonable in my opinion.
I can maybe understand not wanting other operating systems in their attestation chain that is protecting a payment system from the standpoint of liability.
All of the other things are entirely hardware features that any OS should be able to use. They’re using the ARM Trusted Execution Environment (ARM TrustZone) and a embedded Secure Element to enable the ability to store cryptographiclly secured files without the system ever having access to the keys.
Both TEEs and eSEs are not a Samsung invention or IP and are enabled by hardware on the device, the TEE is part of the ARM standard and is used in a huge number of other OSs (https://en.wikipedia.org/wiki/ARM_architecture_family). Secure Elements are also widely used pieces of hardware supported by innumerable OSs and also a feature of the hardware that you paid for.
GrapheneOS also claims it’s not defending against anything real. Which makes sense as Pixels can clearly maintain security while allowing alternate OSes. So this is just hostile vendor lock-in. Disappointing as there was some speculation that OP would be the GOS OEM, but there’s no way they would do this is that was true.
Sad. Having used the OPX, OP6T, OP9, and briefly the OP10, I can honestly say their hardware is usually pretty good. I went to Graphene on a Pixel for the software. Software was always Oneplus’ weak point so it’s extra silly that they’re doing this. So many hobbyists have bought OP hardware and used it with software of their choice. They started co-developing their Oxygen OS with Oppo a while back and that’s when it really went to hell.
That makes sense. I figured they were worried that an alternate OS would be more likely to exploit their encryption somehow, but if it’s all using industry standard hardware then it really ought to be open.