Thanks! Very interesting. I hope that Canonical will eventually ship Ubuntu with signed binder/ashmem kernel modules for installation via dkms.
I’m straying a bit from the topic, but I’ve often wondered why, as an alternative to installing binder/ashmem kernel modules via dkms, Anbox (perhaps in cooperation with Canonical) doesn’t offer an optional kernel with binder/ashmem already compiled.
Has the Anbox Team considered reaching out to the Canonical Kernel Team and asking if they would be willing to maintain a specialized “anbox” kernel with binder/ashmem already compiled and properly signed for secure boot?