Fartimoji Somewhat recently there was an announcement about this: https://discuss.grapheneos.org/d/20647-user-facing-hardware-virtualization-support-in-our-next-os-release
What about the status of the official TOR VPN?
de0u kindly provided a link to the official announcement.
Running e.g Windows 11 fully like a desktop VM (Full Desktop Interface, Window Manager...) would be rather a unintended consequence and not something officially supported.
It's actually about running specific apps in the upcoming, overhauled AOSP desktop mode. With all the nice integration that comes with such efforts. It's about running Windows or Desktop Linux Apps right next to your native Android Apps in a Desktop interface.
Seems like Windows App support will need extra effort from the GrapheneOS Devs compared to Desktop Linux.
And yes, it will work with your Pixel 8 + a Dock/Hub + external Monitor + Mouse Keyboard etc.
Another thing would be, like I already said, running Android Apps virtualized. That includes Webbrowsers as well. Especially useful for TOR Browser, without the huge attack surface for the Host Device.
- Edited
Fartimoji Dang! I hope you've got this right! :-)
I presently run Linux VMs dedicated to browsers on my aging QubesOS laptop, and confidently surf and retrieve mail with relative abandon. But it's coming time to replace that old laptop, and I would LOVE to instead add a keyboard and monitor to my GOS phone and browse/mail with Vanadium instances in VMs!
de0u that's a bit high for me what I read in the link you provided. Would you mind explaining the content for halfnoobs like me?
What I read out there is that virtual machine support is an upcoming feature which in first will be without a graphical user interface (just command line) and later it'll be possible to run virtual machines even with a graphical user interface like a normal Desktop OS.
I understood from what I heared so far, that with (at least) a pixel 8 phone it will be possible to add a monitor to the phone with cable, so people can use grapheneos as a desktop solution.
Any operating system could be ran in the virtual machine is that right?
And the virtual machine feature is the feature which will be the first step in a GrapheneOS Desktop experience, which is one of the goals of GrapheneOS.
Did I get this all right?
Did i get something wrong?
Did I miss something?
And did especially get it right that at least a pixel 8 is needet for that feature?
If so: would it be better to have something newer? Or would the pixel 8 be enough?
Molasses running Android Apps virtualized... Especially useful for TOR Browser, without the huge attack surface for the Host Device
You mean, Host OS? The Device is the same hardware for both the Guest OS & the Host OS.
What pKVM has done is provide mutual distrust boundary between the Host and the Guest (which isn't usually the case, as the Host has near-total control over Guests), without needing a secure enclave (like ARM TrustZone at EL3 running Trusty Execution Environment) or elevated exception levels for sensitive code (like Hypervisors at EL2) or a secure element (which are way watered down & way less capable than APs in the kind of payloads it can run).
- Edited
Indeed, I appreciate that.
de0u do you mean pixel 6 devices and newer? Or do you mean it works on 6 devices in general?
ignoramous Nice (and intriguing) comments!
Thank You.
de0u Virtualization works on 6 devices or newer, but an 8 or newer is required for driving an external display.
Fartimoji do you mean pixel 6 devices and newer? Or do you mean it works on 6 devices in general?
I don't understand the question. But perhaps this announcement addresses it? https://discuss.grapheneos.org/d/20647-user-facing-hardware-virtualization-support-in-our-next-os-release
de0u sorry English is not that great.
What I understand from the link you provided, the feature to run a virtual machine on the phone is already available for me on my pixel7a, if my phone is on the newest version,
(which is the 2025031400 right now),
but this feature is currently just a "primitive proof of concept" and limited to just a terminal.
What do they mean here with "primitive"?
Just the fact that a different operating system can run " but just limited to a terminal mode"?
Or are there other limitations beside the missing graphical user interface?
Or is it possible to run a full functional version of Linux in a virtual machine right now, without limitations of it's functionality?
- Edited
Fartimoji What I understand from the link you provided, the feature to run a virtual machine on the phone is already available for me on my pixel7a, if my phone is on the newest version,
(which is the 2025031400 right now),
but this feature is currently just a "primitive proof of concept" and limited to just a terminal.
That matches my understanding.
Fartimoji What do they mean here with "primitive"?
Just the fact that a different operating system can run " but just limited to a terminal mode"?
Or are there other limitations beside the missing graphical user interface?
I'm sure there are limitations. For example, I would be mildly surprised if non-virtio storage and network were supported (though I haven't looked into it at all, so I could be wrong!).
Or is it possible to run a full functional version of Linux in a virtual machine right now, without limitations of it's functionality?
As indicated above, this feature has not yet shipped for general use. It has lots of limitations. The code is changing fast enough that I suspect it doesn't make sense for anybody to write down exactly what does and doesn't work, because by the time writing finished the software would have changed again. By no means is this feature fully functional!
This feature is experimental, meaning that people who wish to experiment with it can do so. But at this point it doesn't make sense for people to be asking questions about exactly what will and won't be supported (nobody knows!). At this point, nobody knows what will/won't work a month from now, or six months from now. There isn't a roadmap.
Please note that this is just my personal opinion. From time to time the GrapheneOS project makes announcements, in this forum and also on social media.
de0u okay that tells me everything I need to know. Thank you so much for your time!
Fartimoji I suspect it is probably safe for you to "tune out" this issue for a couple of months, though obviously it would also be fine in the interim to watch the release announcements (which are available through an atom feed).