I haven't used my Pro purchase in years, but if I did want to ssh from my phone today, I'd use the newish Terminal app, available since Android 15. It's a full Debian virtual machine.
Apparently it's about software, not hardware - Qualcomm recommends running Android under a virtual machine (which lacks nested virtualization support).
IIRC Qualcomm smartphone SoCs have always run some kind of hypervisor, I believe it's to allow partitioning of the CPU cores with the modem/DSP.
They used to (mid-late 2000s) use an L4 derivative ("REX"?), with the more recent chips (including the 'X' series for PCs) using their homegrown "Gunyah" hypervisor (https://github.com/quic/gunyah-hypervisor)
Would be interesting if you know of any evidence about being an architectural hw limitation. Though of course the practical difference may be small if the DRM bootloader enforces loading the hypervisor through cryptographic checksums. But I guess if a customer asked they would allow it and the hardware could do it.
Is this for real? Do you have any more info on this? It seems crazy to me given how popular their chips are and how many problems I’d imagine this creates
The other HN comment already has some info, but from what I remember from r/android threads, it's because qualcomm doesn't allow unsecure (sic? unencrypted?) VMs, which, ironically, are needed to run nested Linux.
Disclaimer, my memory on the exact terminology is extremely fuzzy. But pixels with tensor can run it just fine. And it's purely a software thing too, btw.
It shouldn't be problematic if the processor supports it well. For example modern Windows is always running as a VM and people are barely aware of that.
It should work fine for any Android phone with pKVM support. It runs Debian in a VM, with some kind of Wayland trick (using virgl for GPU acceleration) to get GUI support.
pKVM requires a) a compatible CPU (most CPUs will do, probably), b) compatible firmware/bootloader software, and c) a compatible Android build
The latter two parts are the most likely reason why not all phones have support for this.
Yeah, another vote for Termux. The linux VM ends up being a bit laggy because it's actually a webview that renders a terminal, that's connected to the VM. More importantly though, the soft keyboard support is totally broken, so if you try to backspace more characters than you've typed, it won't let you. That sucks if do something like:
1. type some command, hit enter
2. hit up to edit it (because you typoed something)
3. can't backspace because the soft keyboard thinks there's nothing to delete
Ive always considered termux the more elegant option for userspace programs than the android terminal debian vm. I just wished android had the permission api to create user namespaces (containers) in termux
It is extremely flaky on GrapheneOS, at least on my Pixel 8 Pro. Just typing Ctrl-D to exit will corrupt it, requiring a full reinstallation of the Debian VM
The built-in terminal app seems to be similarly flaky on my Pixel 8. Also, the kernel it boots into is really stripped down, and it lacks a ton of essential features. I was not able to install VirtualHere client to pass through USB devices, and there's no built-in functionality. There's also no way to open it full-screen on the Pixel 8's DP-over-USB-C desktop mode. Hopefully it continues to improve, but it seems like Google is more into extracting value than they are improving their products at this point.
Oh wow. I did a very basic test this morning `ping google.com` and then ctrl+c and it seemed to work okay. Not done any more extensive testing than this though.
Could it be that it's just very flaky on all pixel devices? Or maybe something graphene is doing to harden the OS doesn't play nicely with how it's been implemented?
I just tried it on my S25. I can enable the option an open the APK but can't download it because it fails to create the VM because the S25 does not support Non-protected VMs, so I may require a rooted device. I guess I will stick to Termux but interesting feature nonetheless
Termux is doing a container. The android terminal is doing a virtual machine. That's the difference.
Termux would definitely be the light weight option, but you will be pinned to whatever version of the kernel your device is shipped with (may be a bit old.)
No, termux isn't a container, it's running directly in userspace on the host. The only weird thing is that because it's running directly on the host, it has to be built to use unusual paths, eg. /data/data/com.termux/files/usr/bin/bash instead of /usr/bin/bash. If it used containers (which IIRC it can't because Android doesn't really support it) that would actually be easier because then it could use a chroot to make the paths look normal.
Ah, well that stinks a little. I guess it makes sense, if android doesn't mandate a few kernel settings then working with containers might not be an option.
Couldn’t it implement a “fake chroot” by e.g. creating its own libc which wraps the real one but with path remapping, and then linking all its executables against that?
That would only work for things that use libc (so eg. most Go programs are probably not going to work). The main way that you can do an unprivileged fake chroot is proot, which termux does offer - see https://wiki.termux.com/wiki/PRoot - but that has a significant performance hit.
