[jpk]

Would you mind talking a little bit about the threat model that would lead you to using Graphine on a new device? IIUC, you have to unlock the bootloader to use a custom ROM, which makes the device vulnerable to physical access in cases like theft, confiscation, etc. So you have to trade that for whatever the custom ROM gives you?

[yjftsjthsd-h]

Graphene only supports the pixel line, and part of the reason is because that's one of the very few (if not the only?) phones that let you relock the bootloader after installing a replacement ROM

[prmoustache]

The bootloader is only unlocked for the first install, then locked again.

[yonatan8070]

I don't think I have some crazy threat model, I just highly dislike giving Google more access to my own phone than I have. Although at the end I gave up on that due to the lack of features in GrapheneOS, and went back to crDroid with regular Google services installed as system apps.

[slashtab]

To add to other replies GrapheneOS also provides USB-C exploit protection at hardware level.