How do i install custom phone roms like GrapheneOS through Fedora Kinoite?

Hey. So i’ve been trying to use some guides that explain how to do this. One of them was this one: Ultimate Guide: Installing Graphene OS on Your Google Pixel Device

I’ve also tried few other guides, along with guides made for classic Fedora versions but through my use of atomic version, i wasn’t sure if some of the commands worked or if the files got through to the phone etc.

It seems things may have to be done differently on atomic types like Kinoite.

If you have any tips how to step-by-step install custom roms, it would be great!

P.S.: I do use custom image called Bazzite if that changes anything.

You should likely follow the instructions from Install | GrapheneOS, using the Firefox web browser included by default (i.e. not a Flatpak one) or command line tools installed in a rootfull toolbox (sudo -i then toolbox create ; toolbox enter).

Added adb, android, docs-team, grapheneos and removed kinoite-team

The GrapheneOS instructions are really strange, only meant for Ubuntu and more. For example, bsdtar is not needed, just use unzip.

The WebUSB stuff only works through Chromium, I dont think this has changed.

As GrapheneOS has its own way, there is this tag.

I did an install recently and it worked well.

Instead of a rootful toolbox, download the official Google binaries to ~/.local/bin/, as the Fedora fastboot doesnt work for GrapheneOS / modern Android / whatever anyways.

Follow the “without installing to OS” guide for the correct instructions.

@vgaetera told me that the guide is likely still not perfectly correct, but it works.

You need the udev rules to theoretically make the Browser install (rootless) possible.

But it didnt work at all, not even on another phone, last time. Fedora Kinoite CLI was the only one working. This was some strange bug, I installed GrapheneOS already from another GrapheneOS phone.

You could use another Android phone with a Chromium-based browser.

To use the web install, after installing the udev rules, layer Chromium, but only if you want. The CLI install works fine.

1 Like

Compared to other Android ROM flashing, it looks basically like a bootloader unlock, unzip their ROM, flash-all it (ideally looking at the script and manually flashing), and relock the bootloader. Looks standard and nothing special :stuck_out_tongue: (DivestOS’s flash and verification procedures look easier though).

The extra-fancy stuff GrapheneOS has is with verifying the download and signatures. If that didn’t just-work on Fedora, I’d LiveUSB Ubuntu just to do that one-time flash, or just manually hash check it and roll with it. The device likely does verification any way prior to flashing, and I’d like to assume GrapheneOS has built-in verification to check itself post-install and future updates.


The udev rules I didn’t need on a OnePlus 6 and Fedora Workstation (non-Atomic) and a quick sudo fastboot handled that. adb without root worked fine for sideload, but doesn’t appear needed to flash GrapheneOS.

Both adb and fastboot from Fedora’s repos were fine for me (probably because of an old non-special phone), but downloading the latest tools from Google also seems quick and easy; I’d just extract it in Downloads and run the tools as-is for that one-time flash.

From what i’ve seen, the Firefox browser isn’t supported and unfortunately i’m not the best at command lines.

Sometimes it doesn’t feel clear which command should i use or when i look for some, they sometimes don’t work, which likely is a downside of an atomic system and it being relatively new with little documentation.

sigh i even have trouble installing non-flatpak Chromium on my pc. I think that’s the biggest downside for me as simple things are made overcomplicated.

I’ll try following the guide you’ve sent with the no os installation path and see how it goes.

I think installing from one phone to another is an interesting option but here issue is i don’t have the correct cable type to connect them both.

I’m alternatively considering a rebase to a different custom image of Fedora Kinoite. It’s what i was thinking about for few months and it does have chromium (i presume non-flatpak?) installed right away.

Alright. Funnily enough i think my USB-C to USB-A converter was what caused the issue with the phone not being detected.

I’ve found a direct USB-C port in back of my PC and it got detected instantly. I believe there should be no major problems going forward. I’ll update you when i’ll finish or stumble upon a roadblock again.

DONE! :slight_smile: It went pretty damn quick after removing the converter. I’ve spent so many days and hours upon hours trying to get it to work and in the end such a small thing was what caused the issues ^^’

Anyways, i really appreciate you trying to help me as it motivated me to push further. Thank you.

1 Like

Really nice!

Rpm-ostree is not overcomplicated, it is a good mechanism to manage RPMs.

rpm-ostree install chromium

Its just that people recommend extremely against layering, even though there is no real problem, it is still way less issue-prone than installing something on traditional / ‘package based’ Fedora.


I assume you mean Secureblue?

Chromium is extremely bad for privacy, it does dozens of connections to Google even after disabling everything in the GUI, the flags and even a policy.

Ungoogled-chromium is not in the Fedora repos and would require a new COPR to get something.

The security benefits of Chromium are not clear. There is nothing proven, they use a different approach to process isolation (seccomp-bpf and userns sandboxes) than Chromium (userns sandboxes). As the sandboxes dont work on Flatpak, it still has the other method.

But the RPM of Firefox / Librewolf (which I use because Fedora ships Firefox, uBlue removes Firefox and now I cannot reinstall it…) can use both userns sandboxes AND seccomp process isolation.

So yeah, this is not clear. Firefox has its rendering engine rewritten in Rust, which immediately prevents a ton of the bugs that are the cause of Sandbox escapes.

I tried to use Chromium on Secureblue, and the experience just sucks. There are no tab containers so multiple accounts need multiple profiles. The UI is not customizable at all. Using googerteller, I saw how it contacted Google on every occasion.

(This is off topic but related to some comments).

You still need the udev rules and should remove them again when not needing them, following my guide.

You also need to enable Data transfer on the Android phone, to make it work. Additionally to enabling OEM unlock and USB debugging

Yeah, when i found it’s the rpm-ostree to do the commands it helped a lot. It’s just that earlier when i was looking for guides / documentation i wasn’t sure how to look for it or the results were still giving me classic fedora os or different os’es.

I still do run into issues here and there but i think that’s more due to me sucking at commands. I do keep at it and get better though!

I hear different perspectives on both firefox (or gecko based) and chromium-based browsers. I’m not the expert and know the technical details behind the scenes.

I do preffer librewolf or mullvad overall but i also keep brave as one of the backups cause sometimes it proves useful. I think i’ll also switch that Chromium on Secureblue to Librewolf or maybe Mullvad.

On the other hand after having the GrapheneOS on my phone, i have to say i am extremely impressed by it and it’s minimalism and of course the privacy and security goodies. I am not gonna complain about Vanadium, which is secured and privacy friendly Chromium. It works well and it does it’s job.

Yeah maybe i won’t be supporting the ‘‘smaller player’’ everywhere but 80/20 split ain’t that bad as i still mainly use PC for browsing and the Librewolf for like 95% of time.

Yeah that one i’ve also read upon. With no issues it took around 1 hour, which is similar for me to switching distros and i’m glad i’ve went so far as i remember struggling with such procedures and cursing it across many days.

Removed grapheneos