Hello friends, this is the first time I know about this GOS and its forum.
Before using it, I have a few questions, and I hope someone can answer them.

  1. I have a ROOT requirement for Android phones. So can I flash into Magisk to use ROOT on the mobile phone equipped with GOS?

  2. Assuming that the answer to question 1 is yes, will my mobile phone be able to receive and update the newest GOS normally?

  3. If the answer to the above questions is yes, the last thing I want to ask is whether I need to update to GOS with the newest Android system? Because Magisk is not necessarily compatible with the newest Android system, but if it is not updated to the newest, will it affect security?

Thank you for any help you can provide, my thanks in advance

  • abcZ replied to this.

    Rooting GrapheneOS is inadvisable for a number of reasons, as far as security is concerned. It severely weakens the security model and exposes a massive privilege escalation risk for apps, and also means that Verified Boot would have to be disabled: In such a case, you cannot verify that OS you're booting cannot be guaranteed to be maliciously tampered with or corrupted. This removes a large pillar that the security model stands on.

    There's no official method for rooting GrapheneOS, nor will there ever be one. As a project focused on retaining a strong base security model and further improving it, it would not make sense to.

    You are free to build your own fork of GrapheneOS with root enabled, but at that point it is not GrapheneOS.

      cyberparty

      In such a case, you cannot verify that OS you're booting cannot be guaranteed to be maliciously tampered with or corrupted.

      Meant to write "In such a case, you cannot verify that the OS you're booting into hasn't been maliciously tampered with or corrupted." The window for editing my original response had passed when I realised the mistake and I didn't catch it the first time I edited it to correct another small mistake.

        FireRat cyberparty
        Thank you for your patience!

        Allow me to ask one more question?
        Why is it not so safe after ROOT, even if I just give ROOT permissions to modules or software that I trust?

          The linked content which was posted by @FireRat is not accurate. It is not GrapheneOS and does not preserve the security model of GrapheneOS. Replacing a substantial portion of the core OS with something breaking the security model is not GrapheneOS. It's a violation of the rules for using our trademark:

          https://grapheneos.org/faq#trademark

          We expect this to be fixed. It's inappropriate to present something like this as being GrapheneOS. It needs to be fixed by using a different name and being clear that it is a completely different OS that is not GrapheneOS.

          It does NOT have working verified boot or many other parts of the security model. Verified boot is not simply the verification of all the firmware and OS but also the security model of not trusting the persistent state. This is placing complete trust in persistent state.

          @FireRat Please use your own branding for your own OS and remove our branding. It's not GrapheneOS.

          You do not preserve the hardening of GrapheneOS or the standard security model including verified boot when you place full trust in persistent state. AOSP goes far out of the way to keep the fully trusted components of the OS to a bare minimum and substantial parts of the security model are based around that. If you fully trust persistent state and also fully trust the OS application layer and even third party apps, that's all completely destroyed. A minor vulnerability in an app is now a complete persistent compromise of the OS and the security model for verified boot and attestation are not intact to detect that.

          SuperCreek When you give any permission to an app, you're completely trusting that app with what you granted. You aren't just trusting that the app isn't malicious. You're trusting that the app is fully secure and does not have vulnerabilities. Normally, only a few tiny core OS processes have root access. The rest of the OS follows the principle of least privilege, with the minimal access needed to get things done granted to it. The OS has gradually been split up into more and more sandboxed processes implementing meaningful security domains. Even things like netd managing the network without the OS do not have anything close to root access and cannot do much outside what they are meant to manage. The proper way to implement a feature is to write components which have the minimal access needed to accomplish the goals and which cannot violate the overall security model. You are completely destroying this approach by doing that. You are placing complete, permanent trust in third party apps which you cannot actually revoke in a meaningful way. You're also massively extending the highly trusted portion of the OS itself to include a massive amount of the OS instead of only specific bits of it. This makes the OS dramatically more vulnerable to remote attackers and also local exploitation by apps or from other sandboxes, etc. You've turned temporary, partial control of the UI into full persistent access to all data on the device and everything it can do. Is that really what you want? Why do you want to use GrapheneOS at all?

          When you give an app 'allow while in use' or one time access to the camera, you are trusting it with a limited form of access with constraints and which can be revoked. Better yet, there are case-by-case consent approaches. With that camera example, apps can actually just open the system camera via a media capture intent to have you take a picture for them on their behalf without you directly giving the app any access. Even with the camera permission with persistent access granted, you can decide you don't want it having that access anymore and revoke it or remove it. You can only give it the access when you need it. It only has access when meeting the 'allow while in use' foreground constraint.

          Root access doesn't work that way at all. You've given it persistent, permanent access and control of everything. Revoking the access doesn't take it away if they've already used it to persist privileged access. Also, this means vulnerabilities in the OS which are just barely enough to get a permission wrongly granted now give full persistent, permanent access and control of everything. This could simply be OS UI weaknesses which allow an app to trick you into accepting a request.

          The authors of Magic do not claim that the standard security model is intact when you've integrated it and especially when you are using it for this.

          Doing this goes entirely against the core of what GrapheneOS is meant to provide. An OS doing this is certainly not GrapheneOS and this is exactly why we care about our trademarks being used appropriately.

            GrapheneOS
            Thank you for your answer.
            But I am in Hong Kong. If I want to use 5G, I must flash the Magisk module to use it normally. Otherwise, I really do not need ROOT! Just 5G!

              Hmm, looks like this conversation has gone in a very unfortunate direction, and rather than answering the questions, turned into a potential legal nightmare.

              SuperCreek while the grapheneos position is clearly maximum security and therefore no root. As you have presented, there are some valid and legitimate uses for root. Some others include adding call recording and accessing user data for any reason (including making full backups). So I will answer your questions precisely;

              1) Magisk works exactly as expected.
              2) Automatic updates only will work on Pixel 7 since the changes are moved from the boot partition to init_boot, which in my experience, does not break the update validation as it does on Pixel 6 and older. However, the update will result in loss of root.
              3) Take the newest grapheneos and install with magisk in the normal manner. There is nothing special to worry about.

              And please pay attention to the warnings that you have been provided with and take these into account when deciding to make these types of unsupported modifications, and especially respect the fact that its not the fault of grapheneos or any of its developers if you break something in the process.

                abcZ
                Oh, thank you so much for your detailed answer, it helped me a lot, thanks a lot!

                2 months later

                With the latest changes to verity, does root still work? I didn't try to update yet, I don't want to f up my phone right now

                  spl4tt You are unlikely to receive help with regards to rooting your device or the maintenance thereof here. Any installation that is rooted is not considered GrapheneOS and anybody providing a rooted OS under that name is doing so wrongfully (and harmfully). If your installation is rooted, zero guarantees can be made about whatever you've installed in the context of GrapheneOS functionality.

                    spl4tt

                    You will not find help here, because this site is owned and operated by the official GrapheneOS project team and they don't want to help with anything that goes against their usage policy, which includes rooting.
                    But if you own the phone, you are free to do anything you like with it.

                    Search Engine: "rooting grapheneos -site:grapheneos.org"

                    This will allow you seek answers while avoiding this "official" support platform.

                    cyberparty

                    cyberparty Thanks, I know and expected that, but maybe there were some users who know the answer, as there seem to be some interest in this topic.
                    Guess I'll just try then.

                    5 months later

                    SuperCreek
                    Have you been able to get your Pixel 7 Pro to use 5G in Hong Kong? I have one too (with a China Mobile SIM card) and I the best connection I get is LTE. 5G just doesn't work.