> Also some people (me) value independence from Google more than the highest degree of security (which relies on Google hardware).

The requirements are indeed minimal. I have no problem with your valuing independence from Google, but please don't misrepresent GrapheneOS' requirements as the highest degree of security because not even they have said that. They have actually mentioned wanting to be more involved in the hardware/firmware side to implement more pro-user changes.

They are mostly basic requirements that Android OEMs should be embarrassed not to meet in 2026.