May 26, 2017 6 min. read

Aiming for a 10 year life-cycle for smartphones

Samsung Galaxy SII (i9100) running postmarketOS

Introduction post to postmarketOS, a touch-optimized, pre-configured Alpine Linux with own packages, that can be installed on smartphones. (Not usable for most people yet!)

Index

Minimalistic Linux distributions run fine on ten year old PCs.

It is 2017. Pick an average PC from 2007 and install a minimal Linux based operating system. You will be able to do basic computing tasks (eg. surfing the web, reading E-Mails, listening to music, chatting) just like on an expensive modern PC. You will even get security updates, so your old computer is protected, just like as a new one.

Why are Android/Linux phones different?

Androids architecture is based on forking (one might as well say copy-pasting) the entire code-base for each and every device and Android version. And then working on that independent, basically instantly incompatible version. Especially adding device-specific drivers plays an important role.

This workflow makes it next to impossible to patch all Android devices with security updates in time or at all (Stagefright vulnerabilities for example rendered one billion devices vulnerable). And even if the vendor provides updates, it will only be for a limited time and then you must buy a new device to get security updates or the latest Android version. How convenient!

Alright, so there is the LineageOS community, which provides weekly updates for an impressive number of smartphones. They provide a practical solution today, and we are very grateful for that. However, such Android based projects will always run behind Google and the phone industry, fixing only symptoms but never the root-cause.

This is just the tip of the iceberg. Android has way more problems, read Cascardo's GNU on Smartphones (part II) for more nightmares.

We can fix this as a community.

Here is the solution: Bend an existing Linux distribution to run on smartphones. Apply all necessary changes as small patches and upstream them, where it makes sense.

Of course we are not the only ones, that came to this conclusion - especially in the last few weeks with the Halium project rising (greetings!). We are all-in for working together — sharing udev rules, merging Android kernels together, whatever makes sense!

Unlocking encrypted rootfs via telnet

postmarketOS architecture

We're working on an Alpine Linux based distribution called postmarketOS where each phone will have only one unique package — all other packages are shared among all devices.

These device-$vendor-$name packages contain a so-called /etc/deviceinfo file, which describes what makes the device special: SD card availability, which flash software to use and other information. The file format is not stable yet, and once we have common kernels for multiple devices, I'd like to include the required modules and dtb name.

And just to make it clear, postmarketOS does not fit the Halium model, as it avoids the Android build system entirely and does not run any part of the Android userspace next to its more or less typical Linux userspace. (At least not in the regular install, but it could come at some point in the future as optional compatibility layer for Android applications if someone wants to work on it.)

pmbootstrap

Technical details incoming! If you're not into that, skip this section.

Alpine Linux is really small. A base installation is only about 6 MB in size and takes not more than a few seconds to extract! Thanks to this characteristic, we can have a bootstrap program that abstracts everything in chroots and therefore basically runs on top of any Linux distribution, which has Python 3 and the openssl command line program available.

Consequently, the host system does not get touched when installing the required programs (fastboot etc.) and your distribution doesn't even need to have them packaged.

Quick feature rundown:

  • Chroot setup (with distro-independent QEMU user emulation):
    • x86_64* (building, flashing, ...)
    • armhf* (building)
    • armhf* (target rootfs)
  • Clean chroot shutdown (umount) and zapping
  • Build software as packages:
  • Cross-compile all armhf-packages:
    • Linux Kernel: build with cross-compiler in x86_64 chroot
    • Other: build in armhf chroot, use cross-compiler with distcc from x86_64 chroot (alarm-style)
    • Use Alpine Linux' shipped modern gcc, no pre-built Android toolchain
  • Effective caching out of the box (survives chroot zaps):
    • ccache (also works with distcc/cross-compiler)
    • Alpine Linux package cache
  • Installation targets:
    • Raw image file (flash as "system" partition)
    • SD card
  • Flasher abstraction:
  • Logging:
    • all shell commands executed are logged in an extra file
    • readable overview is displayed on the screen
  • Security:
    • Initial package manager download
      • Signature verification with openssl against keys shipped with pmbootstrap
      • Minimum installed version check (for downloaded package and version reported by the extracted binary)
    • All executed shell commands get properly escaped with Python's built-in shlex
    • Working testcases for the above two points
    • Only using root rights where necessary (through sudo)
    • No default passwords in the installation: The install action asks for the user's and for the root partition password.

* x86_64/armhf: Example architectures for host/target. The code is generic, so it should work with any architectures supported by Alpine Linux.

Future goals and where you could help

Rough direction of where we'd like postmarketOS to head to. In case you're a hacker who wants to help, feel free to do so. But please write into the tracker before starting serious work. This way we can make sure, that we do not have redundant work.

Devices

Pick an old Android device, that you don't need anymore and start porting postmarketOS for it. It should be pretty straight forward. One device-* package, one for the kernel, calibrate the touchscreen, and the demos should more or less work already!

If you're feeling adventurous, try a non-Android device. How about iPhones?

Drivers

Make the following peripherals work:

  • WiFi
  • Audio
  • Modem (Phone calls, mobile internet)
  • Hardware buttons (Volume keys, home button)
  • Camera
  • ...

In most cases, the drivers are already provided by the Android/LineageOS kernels, that we currently use and only need to be configured in the userspace (for example with udev rules).

The long time goal is using the mainline kernel.

Phone interface

postmarketOS is developed in the spirit of regular Linux distributions, so there's no problem in having multiple phone interfaces (just like KDE/Gnome/XFCE/...) and let the user choose.

See the current status in #62.

Security

Great care has been taken to make pmbootstrap safe, as it will run on productive systems of postmarketOS developers. This is not the case for postmarketOS in its current proof-of-concept state (Weston runs as root, ...) so we must work on that before it can be used in real life. Even better would be privilege separation throughout the entire OS.

This post was originally published here. It has been slightly modified to remove outdated information and to reflect the community efforts.

Photos

postmarketOS demos menu

Firefox running in XWayland

htop in two weston-terminals

Weston smoke demo

lg-mako: colors are red, but weston-editor works due to the bigger screen size