Guardian Rom [Secure] [Privacy] [Preview]

[x942]

Guardian Rom by x942​

Thanks to:​

• The Guardian Project
• Cyanogen Mod
• Android Open Source Project
• Open-Pdroid Project
• Any one else I am missing

What is Guardian Rom?​

Guardian ROM is a custom android ROM multiple devices. The ROM is completely Open Source and based off of the CM10.1. While this build is stable because it's based on CM10.1 it is a preview so please expect some bugs, & missing features (i.e updater).

What Features does Guardian Rom have?​

• Kernel is hardened with SecDroid Tweaks.
• ROM is patched with and includes OpenPdoird for
  permissions management.
• Guardian Project apps are pre-installed – These include Orbot (Tor), Gibberbot (Secure IM),
  and more.
• CSSimple and OStel (https://guardianproject.info/wiki/Ostel) are included as replacements to the
  built calling apps. providing encrypted communications.
• If encryption is enabled and password is entered wrong 10 times the phone wipes user data.

Coming Soon:​

• Including support for Deniable Encryption (similar to Truecrypt hidden volumes).
• Including GRSecurity for exploit mitigation and more secure phone.
• Including SQLCipher to ensure all data is encrypted whenever possible
• Including a customer “app store” for our repos.
• Different lockscreen pin and Pre-Boot authentication password.
• Auto-Prompt for encryption setup on first boot.

​

How to use:​

Simply flash the flashable zip through your favorite custom recovery. (TWRP is recommended as it supports encrypted devices). Once flashed you should enable Full Disk Encryption by doing the following (may very depending on device):

Settings --> Security ---> Password [enter a strong 8-16 char password]

Than

Settings --> Security ---> Encryption --> Enable Encryption

Downloads:​

Downloads are over here.

Please verify the downloaded file with the attached GPG signature to ensure is is a legit copy.

GAPPS
Google Apps are NOT included and before you flash them you may want to read this article.

UPDATES:
Since this is a preview I have not had a chance to remove or modify the CM Updater. Please do NOT use it as you will be flashing a stock CM10.1 build and not Guardian Rom. This will be fixed shortly.​

 

[x942]

Reserved.

 

[baz77]

you could cherrypick some stuff from here
selinuxproject.org/page/SEAndroid

 

[x942]

you could cherrypick some stuff from here
selinuxproject.org/page/SEAndroid

I may use SeAndroid. Right now I am focusing on the encryption side of things instead of the exploit mitigation side. That will come later.

 

[azrash]

Been following your work on sec Droid, this looks like a very very good start! May I know which version of CM that you used for this? Or it is based on the latest repo when you built it.
Thanks!

Flowed from my Nexus⁴

 

[x942]

Been following your work on sec Droid, this looks like a very very good start! May I know which version of CM that you used for this? Or it is based on the latest repo when you built it.
Thanks!

Flowed from my Nexus⁴

Awesome! Thanks! It's is based off the latest repo. I simple pulled and than modified the sources. I am currently getting some hosting for our own repo and Tor Hidden service for downloading. Stay tuned much more to come.

 

[x942]

Look'in good, might try.

The next build will have an AOSP 4.2.2 base with Mobiflage built in. Also Lock screen PIN and Pre-Boot PINs are now separated. So you can use a simple 4 digit pin on the lock screen and a 32 character pin at boot.

Also for more security you have to passwords one for the "outer volume" which you use as you daily usage and one as "hidden volume" which is your hidden os. You use the second for anything sensitive. That way if an attacker tries to force you to give up your password you just give up the outer volume (decoy) password. There is no way to prove the hidden volume exists.

Encryption also uses AES-256-XTS now instead of AES-128-CBC. Better key length and protection against watermarking attacks.

EDIT: If anyone wants early access please PM. The build is not ready for prime time as there is no GUI for encryption but can be used as a daily driver.

 

[droidkevlar]

No, I'm sure you're right. But since he explicitly stated that he won't build an ('unofficial') AOKP version, I'm looking for a way to get in the favor of the securiry modifications without gaving to switch to another ROM. It's just that AOKP has so many cool simplifications compared to CyanogenMod, I'd like to avoid a switch backwards. Maybe he could create an unsupported AOKP version every month? Possible?

Or you could compile your own. Not trying to sound like a d**k but he had already stated numerous times he is only doing Cm base and yet u and others keep saying do this for aokp. There is a reason he is using cm as a base.

Sent from my Nexus 4 using Tapatalk 4 Beta

 

[x942]

I'm guessing the modifications he has been making go a little further beyond a flashable zip. Otherwise he would've done that instead of making a whole rom around privacy.

Could be wrong..

Sent from my Nexus 4 using Tapatalk 4 Beta

Yes. I custom kernel is needed at the very least. Not to mention removal of Google Apps and tweaked UI for encryption (mobiflage). All of these are OS level tweaks and cannot be made into a ZIP.

Or you could compile your own. Not trying to sound like a d**k but he had already stated numerous times he is only doing Cm base and yet u and others keep saying do this for aokp. There is a reason he is using cm as a base.

Sent from my Nexus 4 using Tapatalk 4 Beta

This. AOKP will NOT be supported. EVER. If anyone wants a different base download the source code from my github and compile it yourself. Build documentation is on there. Furthermore AOKP and CM10.1 are both great roms, however there are too many variables. Both have a ton of unneeded binaries and settings. We cannot guarantee security are these builds. We choose CM10.1 because it's fully open source and has fewer complications then AOKP. On NEXUS devices we are using AOSP modified with our security tweaks. On non-nexus we use CM10.1 for now for simplicity.

I am hoping with the recent Google Edition devices it will be easier to port/compile AOSP onto those devices.

TL;DR:

WE WILL NEVER OFFICIALLY SUPPORT AOKP.

Thanks for understanding.This message is only meant to stop these requests, not to be rude so please don't take it that way.

 

[Toledo_JAB]

Cleaning

This thread is in the DEVELOPMENT section. And is for the "Guardian Rom [Secure] [Privacy] [Preview]".​

If you need to report an issue or bug then READ THIS POST ABOUT BUG REPORTS

Keep ALL posts aimed at the ROM development.
This thread is NOT A Q&A thread.
So don't ask why the WiFi won't work, post a LOGCAT of the actual event or it did not happen.
I have cleaned this thread.
If you repeatedly make junk posts, then INFRACTIONS will follow.
~JAB

 

[SecUpwN]

Hey @x942, where is our Android 4.3 version of this funky ROM?

 

[x942]

Hey @x942, where is our Android 4.3 version of this funky ROM?

We are working toward this. The issue we are having is that while 4.3 is latest 5.0 may be just around the corner. We don't want invest a ton of effort just to have re-port everything to 5.0 if it's released 2-3 months from now. That's not to say 4.3 won't happen. It's just we are focusing on adding more security. For now stable is 4.2.2.:good:

 

[mikiosmart]

Am I missing where to find the flashable zip?

Sent from my Nexus 4 using xda app-developers app

 

[koz]

Will this ever come to a Samsung Galaxy 3, or are your plans only for Nexus devices?

 

[x942]

Will this ever come to a Samsung Galaxy 3, or are your plans only for Nexus devices?

S3 is underway. We have support for:

S3, HTC One, Nexus 4, Galaxy Nexus, S4, Nexus 7 and soon Moto X, Note 3 and Nexus 5.

 

[stokeyblokey]

Request

Hi,

Please add the new moto g xt1032 to your list of planned devices - it would be a great way to get more people secured as it is a very popular handset

Thanks for all your hard work!

 

[koz]

S3 is underway. We have support for:

S3, HTC One, Nexus 4, Galaxy Nexus, S4, Nexus 7 and soon Moto X, Note 3 and Nexus 5.

Has this ever been developed for the Galaxy S3? I haven't been able to find a download anywhere...

 

[mrrocketdog]

@X942 gaurdian rom sounds very interesting to me. would also like the att slll i747 to be added on list for consideration for dev.
am not a dev myself.
thank you for your work/time/energy. :thumbup:

err on the side of kindness

 

[asuperpig]

good

Sent from my Nexus 4 using XDA Premium 4 mobile app

 

[joelstitch]

S3 is underway. We have support for:

S3, HTC One, Nexus 4, Galaxy Nexus, S4, Nexus 7 and soon Moto X, Note 3 and Nexus 5.

I cant find a download for the Note 3 ROM. The only thing I read about it is an update on http://shadowdcatconsulting.com/blog/ saying that support will come soon.