Security is a mess, and why a threat model is important

fauxliving@lemmy.world

Make sure you're getting a newer one.

They have versions which have a hardware vulnerability that allows the device to be cloned.

Guest

You're system sounds well thought out and more than secure enough for most people's needs, so if that is what works for you I would go for it. I also like the fun idea for the duress passphrase, I just hope a friend doesn't get tempted to try and unlock your phone and accidentally wipe everything! Overall, the only comments I would make are:

• be wary of using biometrics for ring 0, in countries like the US the cops can force you to use your biometrics, by law. GrapheneOS does have ways to quickly disable biometric unlock in emergencies, or automatically disable it after a set period of time
• you are using both a security key and a passphrase for securing the ring 0 database. Perhaps commit to one of them, to reduce complexity. The more complicated the system, the more places there can be vulnerabilities
• getting access into the ring 0 device is effectively compromising the database, even if you have a password on the database. There are numerous things that an attacker can do once in control of the device, like enabling internet, flash a custom rom and copy all the files over to make it look identical, installing a keylogger, changing the UI to hide any modifications, etc. This is also why I try to use my ring 0 device as little as possible, every time I enter the password is another chance for the password to be stolen
• putting your Aegis TOTP app on ring 0 means you have to constantly use your ring 0 device. I prefer to use my ring 0 device as little as possible, both for security and convenience. My TOTP app is on a ring 1 device instead, and is only used to secure online accounts (which I consider ring 2). If you want to use 2FA for ring 1 then I suppose you are forced to put your TOTP app on ring 0, though I find the inconvenience not worth it.