I know you’re only trolling here and I’m feeding into it, but you nerd sniped me just right to explain why your question is stupid on multiple fronts.
First of all, “Ring -1” is the hypervisor, at least on virtualization-capable devices (which modern Pixels are), and the hypervisor will be Linux’s KVM in this case, which is open source and compiled by the Graphene team as part of the kernel from source.
Secondly, Arm (which is the architecture basically all phone chips use, including Pixels) has a slightly different model of security, where apps are Exception Level 0, the OS is EL1, the hypervisor is EL2, and the “secure monitor” (or management firmware) is EL3 (and is probably what you were trying to refer to).
So yeah, I don’t think you know what “Ring -1” is. At least not enough to warrant a snarky comment.
The have their reasons: https://grapheneos.org/faq#future-devices
I know you’re only trolling here and I’m feeding into it, but you nerd sniped me just right to explain why your question is stupid on multiple fronts.
First of all, “Ring -1” is the hypervisor, at least on virtualization-capable devices (which modern Pixels are), and the hypervisor will be Linux’s KVM in this case, which is open source and compiled by the Graphene team as part of the kernel from source.
Secondly, Arm (which is the architecture basically all phone chips use, including Pixels) has a slightly different model of security, where apps are Exception Level 0, the OS is EL1, the hypervisor is EL2, and the “secure monitor” (or management firmware) is EL3 (and is probably what you were trying to refer to).
So yeah, I don’t think you know what “Ring -1” is. At least not enough to warrant a snarky comment.