I Installed GrapheneOS on a Non-Pixel Phone… Should You? (Youtube Video)

General
1
What GrapheneOS has stated about Generic System Image. Thanks @MyIdentityIsntImportant

GrapheneOS does not support being used as a Generic System Image, which only exists for development/testing purposes and isn’t usable for GrapheneOS since we require kernel changes and the userspace part of the OS cannot run on top of a kernel without the required functionality. The generic targets simply run on top of the underlying device support code (firmware, kernel, device trees, vendor code) rather than shipping it and keeping it updated. It would be possible to ship generic system images with separate updates for the device support code. However, it would be drastically more complicated to maintain and support due to combinations of different versions and it would cause complications for the hardening done by GrapheneOS. The motivation doesn’t exist for GrapheneOS, since full updates with deltas to minimize bandwidth can be shipped for every device and GrapheneOS is the only party involved in providing the updates. For the same reason, it has little use for the ability to provide out-of-band updates to system image components including all the apps and many other components.

The best option is still to buy a Pixel, the only officially supported device for GrapheneOS. Alternatively, you could wait for the upcoming Motorola devices that are expected to support GrapheneOS in the near future.

I saw this video and thought it was pretty cool. However, be warned: doing this is not recommended, as you could break your phone and you won’t get the full security benefits of GrapheneOS.

That said, if you understand the risks, this could still be in my opinion a better privacy option than a standard Samsung or Xiaomi device OS though at the cost of significantly reduced security and potential bugs.

Here are the reasons for the decreased security:

  • Missing Titan M2 security chip and hardware-backed verified boot

  • No Verified Boot with Attestation

  • Lack of pKVM, memory tagging (MTE), and secure element isolation

  • On unsupported hardware, firmware and driver vulnerabilities go unpatched.

These issues make the device more vulnerable to persistent malware and supply chain attacks. So, if anyone decides to proceed, do so at your own risk. Carefully consider whether you’re truly willing to sacrifice that level of security because privacy and security go hand in hand.

The best option is still to buy a Pixel, the only officially supported device for GrapheneOS. Alternatively, you could wait for the upcoming Motorola devices that are expected to support GrapheneOS in the near future.

So, here are the cons:

  • No real security guarantees

  • No OTA updates

  • Higher risk of bugs, instability, and bricking

  • Defeats the core purpose of GrapheneOS: security-first design

3 Likes
2

For anyone interested, the GOS documentation’s device support subsection has a dedicated paragraph about using generic system images.

2 Likes
3

Big fan of cool tech projects, this is a neat video, but lets not get carried away… as per the cited GOS website:

GrapheneOS does not support being used as a Generic System Image, which only exists for development/testing purposes and isn’t usable for GrapheneOS

The generic system image is not a supported OS, nor it even really GrapheneOS. As for the claim that…

… I absolutely disagree. This is a fun project for testing purposes, nothing more. Do not run an unsupported forever-alpha OS as your daily driver. The security of a Samsung offers a much greater value, despite the privacy costs

4 Likes
4

Even the new Motorola phones will have a poor fingerprint as less people will be using it.

Also pixels were globally available due to Google, I don’t know if Motorola will be a global thing

5

The video has been removed by the uploader.