Thread
With the development branch of #GrapheneOS, we've already successfully already tested Chrome running on top of Wayland with GPU acceleration working via ANGLE on the host. You'll be able to have a GPU accelerated virtual desktop OS that's usable via DisplayPort alternate mode.
Final
Our 2025030900 release currently in the Beta channel is the first one with support for managing hardware-based virtual machines via the Terminal app in Android 15 QPR2. Since then, we've backported massive improvements to the feature for an upcoming new release, maybe even today.
Backports include terminal tabs, GUI support with opt-in GPU hardware acceleration (ANGLE-based VirGL until GPU virtualization support is available), speaker/microphone support and fixes for a bunch of bugs including overly aggressive timeouts. We're working on VPN compatibility.
At the moment, the Terminal app isn't compatible with having a VPN in the Owner user. It only works if VPN lockdown (leak blocking) is disabled and the VPN allows local traffic to pass through. It's also not clear how it SHOULD interact with a VPN since VPNs are profile-specific. #GrapheneOS
View quoted note →
Replies (2)
When it comes to disk encryption on computers, is BitLocker considered secure? Does it have any backdoors?
Are Veracrypt and Picocrypt safe options?
BitLocker is fine, it's the best choice of OS disk encryption for Windows users since BitLocker has TPM support. TPMs suck compared to a proper secure element but they are better than nothing. fTPMs are more resistant to physical attacks documented with TPMs. Veracrypt refuses to have TPM support at all.
Claims of backdoors are unsubstantiated and a lot of weaknesses come from other problems universal to most desktop disk encryption and awful design choices, such as BitLocker being only available in Pro, Enterprise or Education editions of Windows and the default settings just using a TPM with no additional authentication needed. BitLocker is the best choice when certain settings are configured.
You'd need to configure group policies to allow BitLocker to have additional authentication such as a TPM + PIN or USB key (or all three through a hack job), force 256-bit AES encryption, and to make PINs alphanumeric instead of just numbers.
Do not use the Windows Device Encryption in the Home edition. It requires a Microsoft account and requires backing up your key to your account's OneDrive. MacOS has FileVault which users should enable if it hasn't been already. ChromeOS uses the same per-user filesystem encryption per user GrapheneOS uses but depends on a Google account to sue it. Macs provide the best OOTB disk encryption.
Both VeraCrypt and Picocrypt are fine apps and trustworthy. They're better overall for encrypting files or removable drives though, protect them with very secure passphrases. If the OS provides a disk encryption option then I'd believe you're better with using that.