Installing GrapheneOS on Pixel Phone from Qubes OS

deeplow · September 7, 2021, 12:45pm

Is it possible to install Graphene OS from Qubes? If yes, how does one go about doing it?

fsflover · September 5, 2021, 2:47pm

One probably can do it from a disposable sys-usb.

Sven · September 5, 2021, 5:25pm

Do you have Chrome and network in your disposable sys-usb?

Thinking about it now, I could have just used my Windows HVM with one USB controller attached. But then again, I had that Windows laptop just standing there collecting dust…

fsflover · September 5, 2021, 7:58pm

I don’t see why it would be impossible to install Chrome and temporarily connect the network to sys-usb if needed. It’s going to be reset after that, right?

Sven · September 6, 2021, 1:34am

Who said impossible?

qubes-kernel-5.8 · September 6, 2021, 9:10pm

I tried doing this and flashing from the command line, and it did not work. The Pixel goes through several reboots, and after a certain reboot the Pixel didn’t appear in the USB device manager GUI (though I didn’t dig any further with the terminal).

fsflover · September 7, 2021, 9:23am

If you follow my suggestion, this should not be necessary. Your sys-usb has the usb devices connected directly and should behave like a standard Linux OS with the connected devices. You do not need to connect them anywhere.

Plexus · September 7, 2021, 12:19pm

+1

Ive always found your method works best. I do it as so: make disposable usb Qube, attach the PCI device ID of the USB controller, start qube, install latest ADB, download g=GrapheneOS then run flash-all.sh from the GrapheneOS installer.

of course, if the keyboard is USB and not PS/2 then there can be some issues to work around.

deeplow · September 7, 2021, 12:46pm

oijawyuh · September 7, 2021, 2:04pm

Command line install (this is quick and incomplete steps to follow)

In Fedora sys-usb, download, verify and extract the standalone platform-tools on Linux
Next, add the tools to your PATH in the current shell so they can be used without referencing them by file path, enabling usage by the flashing script.
$ export PATH="$PWD/platform-tools:$PATH"
$ fastboot --version

Download from grapheneos.org: factory.pub, Graphene OS image in zip file and zip.sig file.
Install in Debian signify-openbsd to verify the install (couldn’t find signify in Fedora)
Copy files to Debian AppVM and verify command:
$ signify-openbsd -Cqp factory.pub -x grapheneos-factory-2021.09.01.zip.sig && echo verified

PHONE (see online for full tutorial)
Enabling OEM unlocking
Unlocking the bootloader:
$ sudo fastboot flashing unlock

INSTALL
$ sudo ./flash-all.sh

If there’s a space problem (unable to allocate bytes…), delete tmp folder and try…
$ sudo mkdir tmp && sudo TMPDIR="$PWD/tmp" ./flash-all.sh

crowphale · March 28, 2022, 2:06am

Got this finally working by
1/ adding Android udev rules in sys-usb qube
2/ increasing disk space for sys-usb
3/ using sys-usb qube directly (copying platform-tools and the image with qvm-copy-to-vm sys-usb ...

Definitely not the ideal Qubes-proper solution, but worked. I will try to figure out how to get the low-level access for flashing from a regular qube with access to internet etc. (rather than directly within sys-usb)

deeplow · March 29, 2022, 8:57am

Thanks a lot for coming back and sharing your update

equbes · August 19, 2022, 8:54pm

If you have an archlinux template, then you can create an HVM qube based on it passing only the usb device you intend to use (make sure to have at least 2GB RAM & 8GB of free storage), then installing the required packages with sudo pacman -S android-udev android-tools signify (connect the device after packages are installed to avoid permission errors) and following the official instructions.