Can I re-enable secure boot after installing Anbox?


#1

Or does it have to be disabled in order for Anbox to run?


#2

As you need to load the binder/ashmem kernel modules as long as you want to run Anbox and both are not signed, there is no way of using secure boot together with Anbox at the moment.


#3

I was about to ask this exact same question. Thanks much for the answer!

Is providing signed versions of the binder/ashmem kernel modules feasible?

And if so, care to speculate regarding when signed binder/ashmem kernel modules will be available for use on Anbox?


#4

Kernels on Ubuntu are signed with a key only Canonical has access too. Having signed binder/ashmem kernel modules would mean both are shipped with an official Ubuntu kernel.


#5

Thanks! Very interesting. I hope that Canonical will eventually ship Ubuntu with signed binder/ashmem kernel modules for installation via dkms.

I’m straying a bit from the topic, but I’ve often wondered why, as an alternative to installing binder/ashmem kernel modules via dkms, Anbox (perhaps in cooperation with Canonical) doesn’t offer an optional kernel with binder/ashmem already compiled.

Has the Anbox Team considered reaching out to the Canonical Kernel Team and asking if they would be willing to maintain a specialized “anbox” kernel with binder/ashmem already compiled and properly signed for secure boot?


#6

I don’t remember where but I think Morphis said he’s wanting to move away from needing binder and ashmem, so that would fix that