Using prebuilt kernels

Some vendors do not release the kernel source code, which is very bad for freedom and goes against the Linux kernel license (see My device runs the Linux kernel (e.g. Android), but the vendor does not provide the source in the Troubleshooting page).

But you can still extract the kernel image from a device that is running Android and use it to run postmarketOS. Of course this is totally discouraged because we want to make sure that we know the code our devices are running but you might find it useful in order to start hacking on postmarketOS without having the kernel source code.

Extracting boot.img from an Android device
You can extract the kernel that is running your Android device, it doesn't matter if it's the stock ROM, LineageOS or any custom ROM. For this approach you need the  tool and root permissions.

Running postmarketOS with a pre-built kernel
You can use  (usage is described in here) to extract the kernel from your recently extracted boot.img or from a LineageOS release and run it together with postmarketOS initramfs.

If you extracted the kernel from your Stock ROM, it might not have encryption support enabled and in this case you would not be able to boot from an encrypted partition. You might need other modules as well for pmOS to work properly.

You then have two options:
 * Either you repack the boot.img with working prebuilt kernel and ramdisk (= initramfs) from postmarketOS (using ) and flash it
 * Or you boot everything from  :

Note that the fastboot boot command loads kernel (and eventually the ramdisk) in memory and does not write anything on partitions.

Immediately after downloading kernel (and eventually the ram disk) in memory, it tries to boot it. If nothing happens, your device is frozen. You just have to remove battery to restart with your original kernel or do a force reboot.

Maybe we can chainload the pmOS kernel?
Linux kernels can load other kernels via the kexec syscall. The deal is, that signed bootloaders only allow signed kernels. But what if we repackaged the signed kernel with our own initramfs, that loads our own kernel via kexecboot from the boot subpartition? Not sure if this will work because of SELinux etc, but if it did, it would be a nice way to get around the bootloader's signed kernel enforcement! If you have an usecase for this, please open a ticket to discuss this further.

More research showed, that the  syscall is usually disabled in such kernels. However, it could be possible to do  without it being enabled in the kernel (such as it has been done in the PS4 hack, where a kexec gets done on the PS4's BSD kernel, which does obviously not support this feature, to load a Linux kernel). This is a lot of work, but it would be an impressive hack!

kexec is also used by MultiROM in order to allow users to choose which ROM to boot up. For MultiROM support in pmbootstrap, see issue #421.

Useful links

 * 2014-03-10-Extract-boot.img-from-an-android-device.md
 * HOWTO: Unpack, Edit, and Re-Pack Boot Images