- instructions: https://grapheneos.org/install/cli
- using Arch Linux (officially supported by CLI installer method) on a Lenovo W510
- updated device: Settings -> System -> Software updates -> System update -> Check for update -> "Your system is up to date"
- worked according to instructions
-
sudo pacman -S android-tools
just worked -
fastboot --version
prints:fastboot version 34.0.5-android-tools Installed as /usr/bin/fastboot
sudo pacman -S android-udev
just worked
pacman -Ss fwupd
: 1.9.16-1 would be the latest version; was not installed on my system - can be ignored IMHO
- Restart -> hold volume-down button -> boots into bootloader
- Connect USB-C between laptop and phone
-
fastboot flashing unlock
just workedOKAY [ 0.047s] Finished. Total time: 0.047s
-
phone now shows option to unlock bootloader
-
press volume-down once; option at power button changes to "Unlock the bootloader"
-
press power button to confirm to unlock bootloader
-
phone returns to initial bootloader screen
sudo pacman -S openssh
was not needed, since 9.7p1-1 was already installed
-
download factory images public key:
curl -O https://releases.grapheneos.org/allowed_signers
-
contents:
contact@grapheneos.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUg/m5CoP83b0rfSCzYSVA4cw4ir49io5GPoxbgxdJE
--> matches the expected key that was listed in the instructions
-
download the factory image and signature:
curl -O https://releases.grapheneos.org/husky-factory-2024040300.zip
(ca 1.5GB)curl -O https://releases.grapheneos.org/husky-factory-2024040300.zip.sig
-
verify the image:
-
ssh-keygen -Y verify -f allowed_signers -I contact@grapheneos.org -n "factory images" -s husky-factory-2024040300.zip.sig < husky-factory-2024040300.zip
outputs:Good "factory images" signature for contact@grapheneos.org with ED25519 key SHA256:AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM
--> all good
-
- extract the factory images:
-
bsdtar xvf husky-factory-2024040300.zip
prints:x husky-factory-2024040300/ x husky-factory-2024040300/image-husky-2024040300.zip x husky-factory-2024040300/bootloader-husky-ripcurrent-14.4-11403750.img x husky-factory-2024040300/radio-husky-g5300i-231218-240202-b-11396366.img x husky-factory-2024040300/avb_pkmd.bin x husky-factory-2024040300/flash-all.sh x husky-factory-2024040300/flash-all.bat
--> all good
-
cd husky-factory-2024040300
- flash the image:
- a quick read though
flash-all.sh
:- big disclaimer to not mess around in this script
- check that
fastboot
is available - check that recent enough version of
fastboot
is being used - check if image that is tried to be flashed matches device ID queried using
fastboot
- flash bootloader twice ???
- flash radio (GSM etc modem ?)
- erase and flash avb_custom_key ?
- ... ?
- update firmware image:
fastboot -w --skip-reboot update image-husky-2024040300.zip
- --> seems ok to me for now?
- thus now executing
./flash-all.sh
(12:01am - 12:04am) -- ca. 3 minutes in total
- a quick read though
fastboot flashing lock
just works- need to change selection using volume-down button to switch to option "Lock the bootloader" for power button
- confirm by pressing power button
- after bootloader has re-booted, press power button to confirm "Start" option
- yellow warning sign on non-Google firmware briefly shows up
- was not fast enough on first try to read it
- would have needed to press power button to pause
- boot screen: Graphene OS :-)
- initial setup offers to disable OEM unlocking -> keep bock ticked
- already done (verified by entering developer mode again -> OEM unlocking was actually disabled again)
- disable developer mode again (need to restart device)
- this time, pressed power button in time to be able to verify boot key hash
- matches expected value from website:
896db2d09d84e1d6bb747002b8a114950b946e5825772a9d48ba7eb01d118c1c
- pressed power button to resume boot
All done at this point AFAIK, now need to setup phone for actual use.
- The instructions were in a little weird order: I ended up downloading the new firmware image while the device was in bootloader mode
- probably it would be better to first install all required packages
- and verify that they are suitable for use
- then download all data that will be needed and verify its integrity
- and only then start working with the phone itself
- BUT: The instructions worked out-of-the-box on the first try and were unambiguous enough to be followed without hickups. Great job, Graphene OS team!