Is it possible to install Graphene OS from Qubes? If yes, how does one go about doing it?
One probably can do it from a disposable sys-usb.
Do you have Chrome and network in your disposable sys-usb?
Thinking about it now, I could have just used my Windows HVM with one USB controller attached. But then again, I had that Windows laptop just standing there collecting dust…
I don’t see why it would be impossible to install Chrome and temporarily connect the network to sys-usb if needed. It’s going to be reset after that, right?
Who said impossible?
I tried doing this and flashing from the command line, and it did not work. The Pixel goes through several reboots, and after a certain reboot the Pixel didn’t appear in the USB device manager GUI (though I didn’t dig any further with the terminal).
If you follow my suggestion, this should not be necessary. Your sys-usb has the usb devices connected directly and should behave like a standard Linux OS with the connected devices. You do not need to connect them anywhere.
Ive always found your method works best. I do it as so: make disposable usb Qube, attach the PCI device ID of the USB controller, start qube, install latest ADB, download g=GrapheneOS then run flash-all.sh from the GrapheneOS installer.
of course, if the keyboard is USB and not PS/2 then there can be some issues to work around.
Command line install (this is quick and incomplete steps to follow)
In Fedora sys-usb, download, verify and extract the standalone platform-tools on Linux
Next, add the tools to your PATH in the current shell so they can be used without referencing them by file path, enabling usage by the flashing script.
$ export PATH="$PWD/platform-tools:$PATH"
$ fastboot --version
Download from grapheneos.org: factory.pub, Graphene OS image in zip file and zip.sig file.
Install in Debian signify-openbsd to verify the install (couldn’t find signify in Fedora)
Copy files to Debian AppVM and verify command:
$ signify-openbsd -Cqp factory.pub -x grapheneos-factory-2021.09.01.zip.sig && echo verified
PHONE (see online for full tutorial)
Enabling OEM unlocking
Unlocking the bootloader:
$ sudo fastboot flashing unlock
$ sudo ./flash-all.sh
If there’s a space problem (unable to allocate bytes…), delete tmp folder and try…
$ sudo mkdir tmp && sudo TMPDIR="$PWD/tmp" ./flash-all.sh