What's the difference between this rom and lineage with microg?
True question
With respect to the dev, tbh CalyxOS wihout the ability to relock the bootloader is pretty much useless for the nature of this ROM. (Bootloader can be locked only in Pixels and Xiaomi A2 devices)
I guess the build in Firewall and App Lock it's something make it stands out, otherwise it's like a pure AOSP ROM with microG.
I am sorry, but I beg to differ. While i agree that being able to lock the bootloader would make it much more secure, i still think calyxos is more secure because of the following reasons:
1. I have enabled DM-Verity which means that everything in the boot process is verified once the kernel is loaded, but if something before the kernel is loaded, it will probably be able to maintain that access. That said, it is definitely more difficult to get infected with something sophisticated that starts itself before the kernel than other more common attacks out that start after the kernel is loaded, which DM-Verity should prevent from happening.
2. Microg for LOS enables signature spoofing for all system apps (according to the FAQ on their website), which means a malware that manages to get system privileges could potentially be able to misuse the permissions. On the other hand, calyxos sandboxes signature spoofing to only the microg apps with explicit whitelist, which makes much more difficult to be exploited.
3. Lineageos builds are userdebug, while my builds are user builds. Userdebug builds have many debugging capabilities that "normally violate the android security model" (quoted from AOSP). Those debugging capabilities could also potentially add more attack surfaces making it less secure.
Some might even find the other features like restricting unknown USB, making a signal/ WhatsApp call directly from the dialer and other such calyx features useful.
Like I said in the beginning of this post, it is definitely not as secure as a device with a locked bootloader would be, but I have tried my best to make it as secure as possible.
Last edited: