Just flashed a GrapheneOS phone, and as someone used to the command line was blown away by the web interface. Download, flash, lock bootloader all through the site after plugging your phone in. So much easier for more people to have a privacy focused phone grapheneos.org/install/web
Conversation
Replying to
We funded the creation of fastboot.js (github.com/kdrag0n/fastbo) to have an open source implementation of this we could use. You can even use our web installer to install GrapheneOS on one phone from another. Can buy 2 phones and turn them into GrapheneOS phones with nothing else.
1
5
14
We might eventually make an app we could publish to the Play Store and our app repository as an alternative which would include pinned factory image keys, similar to manually verifying signatures with signify for CLI install and verifying our factory image public key out-of-band.
The only downside of the web installer is that it's secured by TLS / WebPKI instead of having pinned keys that are locally verified. It would be useful to have an Android app to chain trust from the Play Store, etc. instead. Currently a very low priority. Too much else to do.
1
4
We do have DANE TLSA records for our web services pinning our keys but browsers don't currently enforce DNSSEC + DANE. We're already doing our part of making the web site/services not depend on WebPKI for security but it's not supported by web browsers or most other clients yet.
5