It does appear to be what they want from us, but it's not possible to bypass the Weaver disk encryption throttling via compromised OS updates or even secure element updates. It's fully not possible to bypass the security of a strong passphrase, which we encourage via optional 2-factor authentication support for fingerprint+PIN as the main way people unlock to make using a passphrase as the primary lock method after booting or 48h timeout much more convenient.
Once they've established a rule that you have to help them in all cases, what stops them from forcing you to push an update to a phone while the user still has it, to collect information from the phone while actually unlocked and in use?
We won't comply with illegal demands, so how would they force us to do it?
GrapheneOS System Updater doesn't identify the device or user to the server. A massive portion of GrapheneOS users are using a VPN and some are using Tor so many of the IP addressed are VPN/Tor exit IPs shared between people. How would an update be targeted to a specific phone?
It's rate limiting on key derivation attempts. A key is made via scrypt from the passphrase. A hash of this key is used as an authentication token to obtain a random token from the secure element for the final hardware-bound key derivation to use as an additional input. Passing the wrong authentication token results in rapidly increasingly throttling. We documented the previous less aggressive ramp up at https://grapheneos.org/faq#encryption but it actually ramps up a lot faster now to make 4 digit PINs less horrible, although we still strongly recommend 6 random digits as the minimum.
Secure element updates don't only need to have a valid signature and greater version. They also require the Owner user to authenticate successfully after booting in order for it to be accepted. This is what they refer to as insider attack resistance, since it protects against them being coerced by a government into removing the brute force protection for a locked device via an update.
https://news.ycombinator.com/item?id=46038241
It does appear to be what they want from us, but it's not possible to bypass the Weaver disk encryption throttling via compromised OS updates or even secure element updates. It's fully not possible to bypass the security of a strong passphrase, which we encourage via optional 2-factor authentication support for fingerprint+PIN as the main way people unlock to make using a passphrase as the primary lock method after booting or 48h timeout much more convenient.