The Linux kernel is a gigantic, complex project written pretty much entirely in a memory unsafe language. It is a monolithic kernel with no internal sandboxing/isolation and all the normal code running as part of them is fully privileged. A little typo causing memory corruption can be used to perform dangerous attacks.
The Linux kernel alone is focused on performance and compatibility, not security.
Even with the countless hardening work and security tools we make for Linux (hardened malloc), Linux is the core security liability in GrapheneOS. If people want the security of the operating system to go beyond, then the Linux kernel must be replaced with something new from the bottom up.
Our roadmap page was updated to reflect our approach better.
The initial phase for the long-term roadmap of GrapheneOS is to deploy and integrate pKVM and CrosVM. We would securely deploy Android apps in virtualized environments using this virtualization setup. Virtualization will allow us to contain Linux. In the longer term, Linux inside the sandboxes can be replaced with a compatibility layer like gVisor, which would need to be given a new backend alongside the existing KVM backend. Over the longer term, i.e. many years from now, Linux can go away.
Frequently Asked Questions | GrapheneOS
