Since Mint is based on a stable distro, it’ll be running older software that won’t support your newer hardware well, and you’re experiencing that firsthand.

Try Fedora, Bazzite, OpenSUSE Tumbleweed, or anything else that’s more bleeding edge – they’re still very usable and reliable, it’s just that stable distros like Mint and Debian are “stable and reliable” overkill.

Edit: and if you’re wondering why this wasn’t mentioned to you from the start, the answer is likely that these distros tend to be:

1. Less popular and get fewer mentions and votes, and
2. Are considered riskier in an enterprise context, so stable distros are deemed a safe recommendation since the odds of things going wrong on supported hardware is extremely low.

From what I’ve heard at work and from others, MS uses version queries to stall tickets because they constantly release updates that they can point to and say “you need to update before we can help”.

No, Play Integrity intentionally checks if it’s a Google-approved key. Android itself has an API to check verified boot and gives info on the signing key - most devs just want to know verified boot is working.

I feel Play Integrity has a short life ahead of if competition authorities realise how exactly it works. “Anti-competitive” is the first thing policy-minded folks think when I explain the API to them.

For GrapheneOS, it’s primarily that it’s re-lockable. That’s why other unlockable phones aren’t supported.

The GrapheneOS install process sets new OS signing keys so you can lock the phone again and get full verified boot. However, most manufacturers haven’t implemented this feature.