0·
3 months agoI mean… This is kinda close. The “Linux Terminal” app is running a full Debian install in a KVM VM. On the newest version of the app (like on Android beta or on GrapheneOS), you even have a full GUI that you can use.
In theory, we should be able to boot any mainline Linux distro in a VM, if someone writes an app for it, as AVF (Android Virtualization Framework) is just a wrapper around Linux KVM with some restrictions. (for now the built-in app only supports Debian)
The have their reasons: https://grapheneos.org/faq#future-devices
I know you’re only trolling here and I’m feeding into it, but you nerd sniped me just right to explain why your question is stupid on multiple fronts.
First of all, “Ring -1” is the hypervisor, at least on virtualization-capable devices (which modern Pixels are), and the hypervisor will be Linux’s KVM in this case, which is open source and compiled by the Graphene team as part of the kernel from source.
Secondly, Arm (which is the architecture basically all phone chips use, including Pixels) has a slightly different model of security, where apps are Exception Level 0, the OS is EL1, the hypervisor is EL2, and the “secure monitor” (or management firmware) is EL3 (and is probably what you were trying to refer to).
So yeah, I don’t think you know what “Ring -1” is. At least not enough to warrant a snarky comment.