I Installed a Graphene-Based OS on Non-Pixel Phones… Here’s the Catch
https://www.youtube.com/watch?v=-RjGjqBAAgQ
"I was watching youtube(Invidious) and notied RestlessOS . Have you heard of this and are there people actually tried this on non-pixel phone?
“RestlessOS is an unofficial, unaffiliated fork of GrapheneOS packaged as a Generic System Image (GSI) for Project Treble devices. It is not endorsed by, sponsored by, or in any way connected to the GrapheneOS project or its developers.”
https://github.com/cawilliamson/treble_restlessos
I’m very hesitant to give money to Google pixel so I’m going to experiment on this one."
Looks like they put in a ton of effort to make this compatible with generic devices, but I have to ask, with all the features removed, why choose this over any other ROM?
Features removed
hardened_malloc — causes boot loops on devices with 39-bit virtual address space. replaced with AOSP Scudo.
Auditor — requires hardware attestation which > doesn’t work on GSI
mtectrl / misctrl — Pixel-specific memory tagging control; breaks vendor TEE drivers
USB protection — the low-level USB port controls rely on Pixel-specific hardware and are non-functional on other devices
native debugging protection — not ported; breaks compatibility with root solutions and vendor debugging tools
Features disabled by default
These can be re-enabled in TrebleApp → Hardening or Settings → Exploit protection.
MTE/TBI for vendor processes — memory tagging breaks some vendor drivers
hardened thread stacks — non-standard memory layout breaks some vendor drivers
secure (exec-based) app spawning — breaks root solutions (Magisk / KernelSU)
Sandboxed Google play I guess
Minimalism. Compared to AOSP, Google components and pings removed. Compared to other privacy GSI ROMs, no weird, quirky, or flashy functions or themes the author decided to bake in.
Still better than nothing? And more privacy centric options out there are better as it gives people a way to figure out how it can fit into their life vs the all private where nothing works and you need to know tech to get around or nothing private but at least things work, world people are in.
Why are a multitude of poor options better than a few good options?
There’s this weird mix of free market capitalism and FOSS philosophy that says more and shallower forks = better ecosystem.
Not commenting on this OS specifically, but just questioning your blase assertions that more options is better. Maybe it would be have been better to invest more time into an existing project.
Edit: Great arguments for this OS all around, I’m just saying please DO make an argument instead of just assuming that ANY diversity is good.
There are a few issues with there being… a single ideal privacy option line of devices (the Pixels):
- the pixel isn’t available for sale in all regions
- there are only so much Pixels out there… Meaning less options to choose from and potentially higher prices
- people using them stand out… So much so some agencies treat Pixel users like criminals even if they don’t have Graphene on it
- Google may choose to end the Pixel line, drastically limit production or remove some feature Graphene relies upon any time they feel like
Having more vendor choice drastically lowers these negatives. And I can’t really think of any negatives for the other side than increased dev time and operating costs.
Having the privacy features trickle down to other devices is great since some already landed in AOSP.
However, the trickle down is slow (and often a myth). And some protection is better than no protection.
Why are a multitude of poor options better than a few good options?
Is anything other than a Pixel a poor option?
They may be suboptimal but… Some hardening is definitely better than no hardening any day of the week.
What actively blocking “okay” or even “good” options when “the perfect” one exists should be plainly obvious.
Privacy-consciousness will never spread. Which also has negative effects on the privacy-conscious. Namely point 3 of my little list.
Wasn’t GOS working with other company to have a second brand that could use GOS? These dudes are nkt stupid and i think they too realuse that relying only on pixels is risky business. I read somewhere that, its not about GOS, the phone or whatever but its about what you need to have so that you can call it a secure phone. The GOS folks have done their homework and concluded that only pixels have what is needed. Whay intreagues me is that the biggest surveilance machine out there built the most secure hardware. Why did they do it?
Yup. Motorola should be coming out with a GOS-compatible phone in a year or so. There was a bit of buzz because of local age verification requirements, which GOS dev said fuck you to, but I don’t think thatś enough to derail the project since I don’t think Motorola ever planned to ship GOS, just make it compatible for users and IT depts to install it—which so far does not violate any laws.
They are. It’s a step in the right direction and I absolutely welcome it.
However, it’s way overdue in my book, and the harm is im the waiting. It’s much better to strike while the iron’s still hot and avoid these issues. As is not waiting on improving accessibility.
I’m also intrigued by the fact Google makes such custom devices for the market. I think I came across some explanations lurking (and sometimes popping my head out and commenting) here on Lemmy (and on Reddit before the API apocalypse), but I don’t really have anywhere to point you in your search other than Libredirect+Reddit since searching Lemmy has always proven an uncatchable golden goose to me.
Why are a multitude of poor options better than a few good options?
People make do with what they have.
It would be ideal if everyone had access to the “best” options, so a single approach makes sense, but we don’t live in an ideal world.
deleted by creator
Lmao they use telegram.
Direct quote from GOS
GrapheneOS is an open source project and that means people can make forks of it. There aren’t any ports of GrapheneOS to other devices providing the same set of privacy and security features it provides. There are only highly incomplete ports losing many of the core features.
Many accounts across platforms have recently started falsely claiming there’s a port of GrapheneOS to other devices and that it somehow disproves that it depends on hardware-based security features unavailable elsewhere. The person who made it says that isn’t what they did.
It omits large portions of the GrapheneOS changes including not having any of the kernel changes. Many parts don’t work.
Since they don’t have our kernel changes and haven’t done the substantial work needed to port GrapheneOS to a specific devices, many core features including hardened_malloc, hardware memory tagging, USB protection, dynamic code loading restrictions and much more are missing.
It’s missing many core GrapheneOS security features and also privacy features. It doesn’t provide updates to the kernel, firmware, drivers and HALs. It’s missing standard Android protections including but not limited to verified boot. They haven’t ported GrapheneOS elsewhere.
It’s missing a lot more than what they list as not being included and that’s likely partly because they don’t realize how much isn’t working. It’s only one part of an OS and is using the stock OS kernel, drivers and HALs. It also doesn’t provide updates for those or the firmware.
The author of this project is likely more than willing to list many additional features which are missing are not functional. They’re also likely willing to make it clear it can’t provide people with proper updates. They don’t want people to be misled or to attack GrapheneOS
Tldr no this isn’t GOS and isn’t even anything close to it, the entire point of GOS is the hardened utilities, kernel, extra security features, and bootloader locking, of which this project supports none them
(Also the video you linked is poorly made AI slop and straight up inaccurate, considering no real YouTube videos exist on the OS its pretty safe to assume this is just another GSI with very little to offer)
There’s a really good chance that a person running this would incorrectly assume they have some level of security and safety approaching graphene.
It uses vendor kernels and relies on the user to monitor update channels and perform patches.
If you need security and will not buy a pixel, you are most likely best served by switching to ios.
That’s not because I feel that a person who will not buy a pixel is somehow less-than or stupid, but because ios is very secure when hardened and kept up to date.
deleted by creator
I have it installed on my S23 Ultra and everything works well except that I have to re-register fingerprints once I switched profiles or restart the phone. So, I am using private profile for now as I read somewhere that it’s the GSI problem. The ROM itself is probably the best option to degoogle for general devices. Hardening & secure app spawn also works well.
RISC-V phone with open bootloader and vanilla kernel when?
It invalidates the point of GrapheneOS. The latter supports only Google Pixel for a reason, which is security.
On unsupported devices, you should stick to LineageOS.Finally, a smartphone operating system for me!
Removed by mod









