GrapheneOS version 2024053100 released.
This update contains the longly requested and demanded Duress Password feature. In any prompt where the user PIN or Password is requested, an optional duress PIN can be entered to make all data on device unrecoverable.
To configure this option go to Settings (in owner profile) -> Security -> Duress password.
Changelog:
-
add support for setting a duress password and PIN for quickly wiping all hardware keystore keys including keys used as part of deriving the key encryption keys for disk encryption to make all OS data unrecoverable followed by wiping eSIMs and then shutting down
-
disable unused adoptable storage support since it would complicate duress password support (support can be added if we ever support a device able to use it)
-
increase default max password length to 128 to improve support for strong diceware passphrases, which will become more practical for people who don't want biometric-only secondary unlock with our upcoming 2-factor fingerprint unlock feature
-
disable camera lockscreen shortcut functionality when camera access while locked is disabled to avoid the possibility of misconfiguration by adding the camera lockscreen shortcut and then forgetting to remove it when disabling camera access
-
kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.153
-
kernel (6.1): update to latest GKI LTS branch revision
-
Vanadium: update to version 125.0.6422.147.0
-
GmsCompatConfig: update to version 115
-
make SystemUI tests compatible with GrapheneOS changes