GrapheneOSMar 6

The official microG OS project (https://lineage.microg.org/) leaked their private keys for logging into their servers and signing releases:

https://github.com/lineageos4microg/l4m-wiki/wiki/December-2025-security-issues

We make our official builds on local machines. Our signing machine's keys aren't ever on any storage unencrypted.

LineageOS for microG

LineageOS for microG website.

LineageOS for microG
Show threadDemi Marie ObenourMar 6
@GrapheneOS Do you use an hardware token? Some projects do and some don’t. I’m curious what the reasoning is.
Show threadGrapheneOSMar 6
@alwayscurious We definitely don't trust any of the available HSM products and have far more confidence in keeping signing keys secure by having them stored encrypted at rest on the primary build machine. However, we do plan to improve things by having a reproducible build signoff system with configurable signoff parties along with using Pixels with GrapheneOS to provide an HSM via the secure element. We need to develop an app to run on GrapheneOS and a client side part for the build machine.
Show threadpacketMar 6
@GrapheneOS @alwayscurious How does reproducible build help here?
Show threadGrapheneOS
@packet @alwayscurious See https://grapheneos.social/@GrapheneOS/116182571408865473 where we gave an explanation.
GrapheneOS (@[email protected])

Our roadmap for improving security of verifying updates is based on taking advantage of the reproducible builds. We plan to have multiple official build locations and a configurable signoff verification system in the update clients also usable with third party signoff providers.

GrapheneOS Mastodon
Mar 6 at 2:17pmWeb