Or does it have to be disabled in order for Anbox to run?
As you need to load the binder/ashmem kernel modules as long as you want to run Anbox and both are not signed, there is no way of using secure boot together with Anbox at the moment.
I was about to ask this exact same question. Thanks much for the answer!
Is providing signed versions of the binder/ashmem kernel modules feasible?
And if so, care to speculate regarding when signed binder/ashmem kernel modules will be available for use on Anbox?
Kernels on Ubuntu are signed with a key only Canonical has access too. Having signed binder/ashmem kernel modules would mean both are shipped with an official Ubuntu kernel.
Thanks! Very interesting. I hope that Canonical will eventually ship Ubuntu with signed binder/ashmem kernel modules for installation via dkms.
I’m straying a bit from the topic, but I’ve often wondered why, as an alternative to installing binder/ashmem kernel modules via dkms, Anbox (perhaps in cooperation with Canonical) doesn’t offer an optional kernel with binder/ashmem already compiled.
Has the Anbox Team considered reaching out to the Canonical Kernel Team and asking if they would be willing to maintain a specialized “anbox” kernel with binder/ashmem already compiled and properly signed for secure boot?
I don’t remember where but I think Morphis said he’s wanting to move away from needing binder and ashmem, so that would fix that