Final's avatar
Final
final@stacker.news
npub1hxx7...g75y
Digital forensics and security specialist part of the GrapheneOS project. Posts my own and not endorsed by my employer. AI slop and Nostr DMs ignored. Matrix: f1nal:grapheneos.org
Final's avatar
Final 11 months ago
#GrapheneOS version 2025031300 released. This release greatly improves the experimental virtual machine management app with many backports from the Android Open Source Project main branch. You'll need to install Android's latest Debian-based image in order to continue using it. You'll be prompted to do this at startup after it fails to start with the old setup with an opportunity to back up the data. The data inside it should continue to be treated as disposable rather than relying on it not losing it from a bug or a backwards incompatible update. • Sandboxed Google Play compatibility layer: overhaul our default enabled reimplementation of the Google Play location service (location request rerouting) to provide much better compatibility for apps depending on network-based location by always telling apps that the Google Improve Location Accuracy toggle is enabled and providing fallback to GNSS for low power location requests when the OS network location service is disabled as it is by default (unlike Google Play services, which has no fallback, but apps assume users enable the feature) • fix Storage Scopes related null pointer exception in thl • Bluetooth: backport fix for empty adapter name handling in Android 15 QPR2 to avoid crashes when the name is set to an empty value or whitespace • Terminal (virtual machine management app): backport a large set of improvements including terminal tabs, port forwarding, GUI support with opt-in GPU hardware acceleration (ANGLE-based VirGL until GPU virtualization support is available), speaker/microphone support and fixes for a bunch of bugs including overly aggressive timeouts • Settings: add Terminal app toggle to System category when developer options are enabled (requirement will be dropped when it's no longer experimental) so it can be enabled in other users (it's still currently only possible to use 1 instance at a time due to conflicting use of an internal network specific to virtual machine management) • Pixel 8 Pro, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold: fix support for enabling UWB (ultra wideband) radio by adding missing SELinux policy to avoid the UWB service chain crashing and burning CPU • kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.130 • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.82 • Seedvault: update to 15-5.3 (will be replaced with a better backup implementation in the future) • Vanadium: update to version 134.0.6998.95.0 • Camera: update to version 83
Releases | GrapheneOS
Final's avatar
Final 11 months ago
Our 2025030900 release currently in the Beta channel is the first one with support for managing hardware-based virtual machines via the Terminal app in Android 15 QPR2. Since then, we've backported massive improvements to the feature for an upcoming new release, maybe even today. Backports include terminal tabs, GUI support with opt-in GPU hardware acceleration (ANGLE-based VirGL until GPU virtualization support is available), speaker/microphone support and fixes for a bunch of bugs including overly aggressive timeouts. We're working on VPN compatibility. At the moment, the Terminal app isn't compatible with having a VPN in the Owner user. It only works if VPN lockdown (leak blocking) is disabled and the VPN allows local traffic to pass through. It's also not clear how it SHOULD interact with a VPN since VPNs are profile-specific. #GrapheneOS
Final's avatar
Final 11 months ago
#GrapheneOS version 2025030900 released. This release adds support for the experimental virtual machine management app introduced in Android 15 QPR2. It currently only provides support for managing a single VM and interacting with it via a WebView-based terminal. Android is in the process of adding support for graphics and GPU acceleration for a future release. For now, it's only available in developer options due to being highly experimental. We don't recommend using developer options on a production device, but you can temporarily enable it to turn on this feature and turn them back off without it being disabled like most developer options. The data inside it should currently be treated as disposable rather than relying on it not losing it from a bug or a backwards incompatible update. We plan to support choosing other guest operating systems beyond the Debian-based image provided by Android along with taking far more advantage of the virtualization infrastructure.
Releases | GrapheneOS
Final's avatar
Final 11 months ago
For our next release after 2025030800, we've added support for the Android 15 QPR2 Terminal for running other operating systems using hardware virtualization. It's currently only a terminal but Android is adding support for graphics and GPU acceleration for a future release. Android has a greatly overhauled desktop mode on the way to replace the current primitive proof of concept in developer options. 6th gen Pixels added hardware-based virtualization support and 8th gen Pixels added USB-C DisplayPort alternate mode. It will all come together soon. Overhauled desktop mode is already partially shipped as a disabled-by-default feature. Android enables some of it for the Pixel Tablet already but not Pixel phones. We plan to enable the same feature flags for phones too. Either way, it's an experimental developer option for now. Beyond using a phone or tablet as a desktop by connecting a display, keyboard, mouse, etc. to the USB-C port, we want to eventually have support for #GrapheneOS on laptops. There's currently no laptop close to meeting the hardware requirements we cover at
Frequently Asked Questions | GrapheneOS
 On Pixels, virtualization implemented based on pKVM (see
Android Open Source Project
Security | Android Open Source Project
 for how it's different from KVM) and CrosVM from extended with Android specific code. CrosVM is written in Rust so it fits in well with Android using Rust for new or rewritten low-level components.
Final's avatar
Final 11 months ago
#GrapheneOS releases based on Android 15 QPR2 is available now, will refrain from mirroring changelogs because there's always a lot of releases during this period due to fixing upstream bugs, would be better when everything is done. All of the supported devices are now using the Linux 6.1 LTS branch kernel so the 5.10 and 5.15 branches are retired for GrapheneOS. 6.6 continues to be used for microdroid virtual machines on devices and for emulator builds, which will likely move to 6.12 this year.