As far as I know they only accept Pixel devices because they are the only devices on the market that allow locking the bootloader after installation and also because of the Titan coprocessor which greatly increases system security
There's also a third reason, which is regular and timely firmware updates. One of the reasons why the GrapheneOS team rejected the Fairphone was due to the lack of proper firmware updates.
I remember I was not able to re-lock bootloader after custom rom installation, so you're probably right. Unfortunately there are not many phones left to install custom ROMs except Chinese ones :/
because they are the only devices on the market that allow locking the bootloader after installation
AFAIK on Xiaomi Mi A2 lite if I flash back the stock fastboot ROM (I had it do it once because I crippled the partition images (this phone is A/B partition device)) it locks your bootloader and you have to unlock it again. I don't know if this applyes to MIUI/Hyper OS phones too, because Mi A2 Lite uses near to stock Android.
Why would I want to lock the bootloader? I like having freedom 9f OS, I don't want to replace one OS I'm locked into with a different, albeit more privacy friendly one. Most laptops have unlocked bootloaders.
GrapheneOS didn't choose Pixels. They chose a set of requirements for current/future devices, which are standards met or exceeded by current Pixel devices. You want GrapheneOS on other phones? Those other phones have to meet the requirements. None currently do.
My problem is not their design but the fact they are Google phones, as I boycott Google. Also second hand Pixels are hard to acquire for a reasonable price..
Swappa.com is the place to go. You can find them new in the box there for less than the Google store or if you're willing to go used they're even cheaper. Plus you have PayPal protection as a buyer. I've bought and sold phones on there since like 2014 (I think I've bought 8-9 phones and sold roughly the same amount on there without any issues)
@gigachad@syd
GrapheneOS wird exklusiv für Google Pixel-Geräte entwickelt - andere Geräte werden nicht unterstützt. Hintergrund dieser Einschränkung sind die hohen Sicherheitsanforderungen von GrapheneOS. Die folgenden Anforderungen werden derzeit nur von Google Pixel Geräten vollständig erfüllt:
Option to enable automatically rebooting the device when no profile has been unlocked for the configured time period to put the device fully at rest again, which is enabled by default at 18 hours. This can be configured at Settings > Security > Auto reboot.
But it's a security measure to get it to BFU, where data is at rest and secure, in case your phone is out of your possession for an extended period of time (someone steals it, police take it, etc) so it becomes harder to exploit. I've set mine to 12. Some do 4 or even less. Feel free to turn it off.
I don't understand. So if I only lock my phone (turn the screen off) without rebooting it, it is not fully encrypted (considering that the device storage encryption is enabled)?
Something like that. I'm not familiar with the exact details, but there is an additional layer of encryption that applies before the first unlock after a reboot.
Parts of the OS have to be unencrypted for it to function properly.