Can we have a project for Qubes OS to run on smartphones ?
Is there any plans for it ?
I think it would be great 
3 Likes
Good oneā¦
1 Like
Unfortunately no smartphones support hardware virtualization today. Perhaps one can hope to use kvm at some point:
2 Likes
I think if there is an official project from Qubes Team we can see certified hardware for smartphones because that might encourage Investors and Entrepreneurs to work on this project .
As we had seen on these supported laptops Certified hardware | Qubes OS
Also, Qubes Team could open a donation for this if they have the passion for this impressive and Future project
I can Imagine my phone with Qubes OS Great
1 Like
Sounds like way too much workā¦
3 Likes
But worth it
1 Like
I donāt know much about ARM and smartphones, but I know a Raspberry Pi 4 can run Xen (flawlessly as per the instructions by the Xen project).
Also when looking at Xen compatible ARM hardware, I see some Allwinner boards, arenāt those used in some smartphones ? Maybe Pinephones use the same board for their SBCs and their phones ?
Requirements:
Currently, qubes is Xen oN X86.
Most phones are ARM. You would have to port Qubes to Xen on Arm, or a port to KVM.
Rregardless, sourcing a phone with components that wouldnāt compromise the security of qubes would be difficult. Camera interfaces to cpu are different, not sure usb-qube would work.
Handling keyboard input would be more complex than you think, as its GUI rendered so to maintain the qubes GUI protocol youād have to have a gui keyboard in sys-gui and a clear way of preventing full screen windows overlaying this keyboard or impersonating a keyboard. THis, in conuction with the fact that touch input would have to be enabled for the part of the screen with the keyboard into sys-gui, but not for the receiving qube.
I believe current systems that work on mobile just have android environments you switch between, taking full screen control, instead of more intricate compartmentalisation.
As future goes on ARM will likely be replaced with RISCV, currently this has the possible issue of different vendors having different instruction set extensions which you may be forced to rely on, hence supporting RISCV may not be easy straightforward.
Must re-iterate, a major issue as I understand it is that phone peripherals typically have a DMA equivalent (directory memory access) to the processor, not PCIE channels or usb interface (which is what enables āsecureā passthrough of devices), like Intel desktop cpu.
1 Like
Thanks for the insights !
What are the specific bits of Qubes which are tied to x86 (as Xen supports both āout of the boxā) ? PCI passthrough or other stuff ?
No one has tried to hack Qubes on a Raspi4 yet ? ^^ With a touchscreen and a SIM800 or equiv, that could be turned into a phone. A big one, but fully OSS, hard+soft !
Iāve read that a major problem with creating and maintaining phones is the lack of communication from SoC producers.
The keyboard problem seems a tough one for sure.
As for full screen windows, it may be changed to āpartially full screenā, with the Qubes colored title bar always on top ?
Have you read the part about DMA/physical translations on the Xen project page ? I dunno if it applies to peripherals too, but they had to hack it to make it work on Raspis.
Note Iām in totally unknown territory here, just trying to understand ^^
Itās not: Raspberry Pi - Wikipedia and Raspberry Pi - Wikipedia. Have a look at Librem 5 and Pinephone for freer smartphones.
Ah, I thought using uboot would remove the use of proprietary software (replacing bootcode.bin), I forgot the GPU blobs. But it seems thereās work on that !
A new fork of the (now abandonned) project linked in the wiki article is here, but ok with minimal support it seems.
Also I found RPi-VK-Driver is a low level GPU driver for the Broadcom Videocore IV GPU.
But proprietary blobs apart, I wish I had a Raspi4 to try Qubes on ^^
I had, and considered Fairphone too. Iām quite interested in technical comparisons between them, as Iām in the process of choosing a smartphone (was using a good old w880i till now, since 10+ years). I have harsh requirements though ā¦
1 Like
Wow thatās a nice comparison chart, many thanks !
Thatās Qubes compliancy, welcome sys-serial VMs ! ^^
Very promising !
I donāt see the fairphone though, whatās your take on this ?
1 Like
I suspect most phones do not have proper IOMMU. But Pixel phones have this (and hopeful pixel tablets will have that too.
GrapheneOS has something like qubesOS in the long term road map. But not in the comming months, for sureā¦
I am not technical enough to judge, but google fuchsia seems preety promissing in the long run too (as an alternative to xen)
1 Like
The closest thing we have on smartphones is using profiles on android or some ācompartmentalizationā things on android (canāt remember their names).
But there is interest in doing smartphones on Qubes OS:
2 Likes
Isnāt that a x86 feature only ? Iāve read ARM defines its version of IOMMU as System Memory Management Unit (SMMU)[13] to complement its Virtualization architecture (wikipedia-IOMMU).
Hmm, recently watched a video about Fuchsia, youāre talking about microkernels ? Cause I donāt remember it was about virtualization, rather abandoning āmonolithic kernelsā ?
By the way, no need for a IOMMU if thereās no DMA, but again I may be wrong.
The chart linked from fsflover shows Android apps 9 can be run in Anbox, is that it ?
Damn, I have so much things to learn, as if x86 wasnāt complicated enough ^^
Have a look at Fairphoneās mentions here: Frequently Asked Questions Ā· Wiki Ā· Librem5 / Librem 5 Community Wiki Ā· GitLab.
Key takeaway:
many component suppliers (like Qualcomm) donāt release new drivers compatible with new kernel versions, so many Android phones have to stay with the old kernel when they upgrade Android. The most extreme example of this is the Fairphone 2 whose last official upgrade in December 2019 was Android 7.1 with Linux kernel 3.4.0, that was released in May 2012. Even when installing a community port of AOSP like LineageOS, it will often use the same kernel that was last provided by the phone maker.
Basically, the main problem is proprietary drivers that prevent upgrading the kernel. All drivers must be free.
1 Like
Damn the 500k fees from google ā¦ And [google] has a policy of only supporting its Android releases for 3 years is even scarier ā¦ And people (including me) think microsoft is evil with such short Windows EOLs ā¦
But one should always read with caution the comparison of other solutions from a competitor, even if on fair/objective grounds ^^ I wonāt disagree though, I had this answer from fairphone :
But the same precaution as above applies of course ^^ And the other part of the answer, about repairability didnāt convince me a lot (no MoBo/SoC exchange possible, some repair operations need to send to customer support, etc).
Can only wish the same, but it does not feel like the trend ā¦ Itās like having a driving license per car brand, and issued by the car manufacturer ^^
1 Like
But there is interest in doing smartphones on Qubes OS
This is about running Android/GrapheneOS WITHIN A QUBE on Qubes OS. It is NOT about running Qubes OS on a smartphone. I am sure this is what @deeplow meant, but at least for me (non-native English speaker) it wasnāt clear from the above sentence.
2 Likes
Not to mention itās quite possible that running full-blown Qubes OS would need a pretty hefty battery, otherwise the phone would be permanently plugged into the wall.
For those of you who have used the PinePhone, youāll know that it generates quite a large amount of heat, and the battery (at least, at the time of posting this) barely lasts for half a day when idle. I would imagine running Qubes OS in its current form on hardware like that would probably be incredibly slow, if it didnāt melt the phone case firstā¦
Not to mention the amount of RAM the phone would need! 
Another thing to consider is the use case. I definitely agree that it would be totally awesome to carry Qubes OS around in your pocket, but would I use Qubes OS as a phone? Probably not. Why? Because I probably wouldnāt be using my phone to do the things I use Qubes OS for.
I donāt really plug anything into my phones except for headphones and a charging cable. (I am aware that some people might plug in other things, though).
It would be nice to see Qubes OS on ARM one day (and I will gladly help out where I can), so that we could see it on machines like the PineBook Pro, Surface ARM, M1 Macs, SBCs (the RockPi 5B looks like a seriously good candidate for Qubes OS).
It would also be awesome to touchscreen/stylus integration, because quite a few laptops come with them now. Again, happy to help out where I can on this.
But as for Qubes OS on a smartphoneā¦.wellā¦ā¦so much of it would need to be changed that it probably wouldnāt be the Qubes OS we know and love any moreā¦.
1 Like