Max on Nostr: GrapheneOS now supports hardware-virtualized Linux environments on Pixel devices. ...

GrapheneOS now supports hardware-virtualized Linux environments on Pixel devices. Combined with OpenCode, you can run a complete vibe coding setup from your phone, with no vendor lock-in on either the operating system or the AI tooling. Here is how to set it up.

quoting
naddr1qq…6kyc

GrapheneOS now supports a Terminal app, which runs a full Debian 12 (Bookworm) virtual machine using hardware-based virtualization. This is not a container or compatibility layer but an actual Linux kernel running in an isolated VM, complete with systemd, apt, and the full Debian package ecosystem. The feature uses pKVM (protected KVM) on Pixel 6 and later devices, providing hardware-enforced isolation between Android and the Linux guest.

To enable the Terminal app, first activate Developer Options by navigating to Settings, then About, then Device identifiers, and tapping "Build number" seven times. A toast notification will confirm developer mode is active. Then go to Settings, System, Developer options, and toggle on "Linux development environment." The Terminal app will appear in your app drawer.

Before launching Terminal for the first time, you must address a known bug: the app fails to initialize while a VPN is active. If you run a VPN on your device (including local VPN services like DuckDuckGo's App Tracking Protection or Blokada), disable it before opening Terminal. The app will hang at "Preparing terminal" indefinitely otherwise. Once the VM has completed its initial setup and you have a working shell, you can re-enable your VPN for regular use. Only the initial launch and setup require the VPN to be disabled.

On first launch, Terminal downloads the Debian base image and configures the VM. After a minute or two, you will see a standard Debian shell prompt. You are now running a full Linux environment on your phone, hardware-isolated from the Android system above it.

OpenCode is an open-source AI coding agent released under the MIT license. Unlike proprietary alternatives that lock you into a single model provider, OpenCode works with Claude, OpenAI, Google, local models, or any of dozens of other providers. The project has accumulated over sixty thousand GitHub stars and serves more than six hundred thousand developers monthly. It provides the same agentic coding capabilities as commercial tools while letting you choose your model provider and inspect every line of the source code.

Installing OpenCode in your new Debian VM takes one command. Run the following in your Terminal:

curl -fsSL https://opencode.ai/install | bash

The installer downloads the appropriate ARM64 binary and places it in your path. Alternatively, if you prefer package managers, you can install via npm with npm install -g opencode-ai after installing Node.js through apt.

After installation, run opencode to launch the terminal UI. On first run, use the /connect command to authenticate with your chosen model provider. OpenCode Zen offers a curated selection of tested models if you want a quick start, but you can configure any provider by adding your API keys.

The interface presents two modes accessible via the Tab key. Plan mode analyzes code and suggests changes without modifying anything, useful for understanding unfamiliar codebases or reviewing proposed implementations before committing. Build mode gives the agent full access to create, edit, and delete files while executing shell commands. You can drag images directly into the terminal for visual context, undo changes with /undo, and share conversation links with /share.

Because OpenCode runs inside the Debian VM rather than on Android directly, you have access to standard development tools. Install Git, your preferred language runtimes, linters, and build tools through apt as you would on any Debian system. The VM mounts your Downloads folder at /mnt/shared, allowing file transfer between Android and Linux. Clone repositories, edit code with your AI assistant, run tests, and commit changes, all from a device in your pocket.

The combination matters for more than convenience. GrapheneOS provides a security and privacy foundation that most development environments lack, while the hardware VM isolation means a compromise in your development environment cannot directly access your Android apps and data. OpenCode's open-source nature and provider independence means you control your toolchain rather than renting it from a vendor who might change terms, raise prices, or discontinue service. You can audit the code, fork it, run it against local models, or switch providers without losing your workflow.

Current limitations include restricted GPU acceleration (the VM uses software rendering by default, with experimental VirGL support available), no access to Android sensors or cameras from within the VM, and a single-VM-per-device constraint. The shared folder access is limited to Downloads. These constraints will likely loosen as Android's virtualization support matures in future releases.

For developers who already run GrapheneOS, this feature adds a real capability without requiring additional hardware. For those considering the switch, it removes one common objection: that a privacy-focused phone cannot be a productive development machine. It can, and now it runs the same open-source AI tools available on desktop Linux, against whatever model provider you choose to trust.