Latest release of GrapheneOS finally shipped the long awaited duress PIN/password implementation. If you have a spare device, we recommend trying it out.
We’ve added initial documentation to the features page:
https://grapheneos.org/features#duress
It near instantly wipes and shuts down.
We’ve also finally added documentation on our USB-C port control to our features page:
https://grapheneos.org/features#usb-c-port-control
Most users can set this to “Charging-only when locked” without a loss of functionality or even “Charging-only” if you don’t use USB accessories, DisplayPort or MTP.
Default is “Charging-only when locked, except before first unlock” to avoid locking users out of devices with a broken touchscreen. The main threat model for this is defending the device until the auto-reboot timer started when the screen is locked gets user data back at rest.
Our upcoming 2-factor fingerprint unlock will make using a strong passphrase as primary unlock method practical via fingerprint+PIN secondary unlock instead of fingerprint-only. Great for people who want to avoid relying on secure element throttling but don’t want fp-only unlock.
If I read the release notes correctly, I think that’s the case. The Duress mode requires setting both a Duress pin and a Duress password, (I think it’s) so that no matter the current sign in options, Duress mode is still available.
That is correct. During setup, you’re prompted for both password and pin which allows use with pin or password prompts
deleted by creator