GrapheneOS releases

These are early sample releases of GrapheneOS, an open source privacy and security oriented mobile OS with Android app compatibility. Many past features of the project still need to be ported to the current releases. The project is in the 5th year of development and has been reborn as a non-profit open source project not strongly associated with any specific company or organization. It will take some time for the pieces to come into place turning it into a much broader and more sustainable project with a strong development team. There are multiple organizations and companies in the process of backing this new incarnation of the hardened mobile OS project.

See the GitHub organization for sources of the OS sub-projects including the cutting edge new hardened memory allocator.

These official GrapheneOS releases are supported by the Auditor app and attestation service for hardware-based attestation. For more details, see the about page and tutorial.

The sources are available via the manifest on GitHub.

Bitcoin donations can be sent to 3QpKs45BLXirWAgYtV1sTCbAkfUe7HByR5 to support the project. Alternatively, PayPal donations can be sent to (please state that it's a GrapheneOS donation in the payment reason). Other ways of making donations will be provided in the future including donations via a registered charity in the US supporting the project.



You should have at least 2GB of free memory available.

You need the unlocked variant of one of the supported devices, not a locked carrier specific variant.

You need an updated copy of the fastboot tool and it needs to be included in your PATH environment variable. You can run fastboot --version to determine the current version. It should be at least 28.0.0. Don't proceed with the installation process until this is set up properly in your current shell. A very common mistake is using an outdated copy of fastboot from a Linux distribution package not receiving regular updates. Make sure that the fastboot found earliest in your PATH is the correct one if you have multiple copies on your system. You can run which fastboot to determine where the tool being used is coming from. Older versions do not have support for current devices. Very old versions of fastboot from several years ago are still shipped by Linux distributions like Debian and lack the compatibility detection of modern versions so they can soft brick devices.

Enabling OEM unlocking

OEM unlocking needs to be enabled from within the operating system.

Enable the developer settings menu by going to Settings -> System -> About phone and pressing on the build number menu entry until developer mode is enabled.

Next, go to Settings -> System -> Advanced -> Developer settings and toggle on the 'Enable OEM unlocking' setting.

Unlocking the bootloader

First, boot into the bootloader interface. You can do this by turning off the device and then turning it on by holding both the Volume Down and Power buttons.

The bootloader now needs to be unlocked to allow flashing new images:

fastboot flashing unlock

The command needs to be confirmed on the device.

Obtaining factory images

The initial install will be performed by flashing the factory images. This will replace the existing OS installation and wipe all the existing data.

You can download the factory images from the bottom of this page.

Verify the official factory images using the GPG signature:

gpg --recv-keys 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A
gpg --verify

When this signing key is replaced, the new key will be signed with it.

Flashing factory images

Next, extract the factory images and run the script to flash them. Note that the fastboot command run by the flashing script requires a fair bit of free space in a temporary directory, which defaults to /tmp:

cd blueline-pq1a.181205.006

Use a different temporary directory if your /tmp doesn't have enough space available:

mkdir tmp
TMPDIR="$PWD/tmp" ./

Wait for the flashing process to complete and for the device to boot up using the new operating system.

You should now proceed to locking the bootloader before using the device as locking wipes the data again.

Locking the bootloader

Locking the bootloader is important as it enables full verified boot. It also prevents using fastboot to flash, format or erase partitions. Verified boot will detect modifications to any of the OS partitions (vbmeta, boot/dtbo, system, vendor) and it will prevent reading any modified / corrupted data. If changes are detected, error correction data is used to attempt to obtain the original data at which point it's verified again which makes verified boot robust to non-malicious corruption.

Reboot into the bootloader menu and set it to locked:

fastboot flashing lock

The command needs to be confirmed on the device since it needs to perform a factory reset.

Unlocking the bootloader again will perform a factory reset.

Disabling OEM unlocking

OEM unlocking can be disabled again in the developer settings menu within the operating system after booting it up again.

Reverting to stock

These factory images flash a non-stock Android Verified Boot key which needs to be erased to fully revert back to a stock device setup. After flashing the stock factory images and before locking the bootloader, you should erase the custom Android Verified Boot key to untrust it:

fastboot erase avb_custom_key

Stable channel

Beta channel