Cutting off the Crostini
Use Chromeos’s built-in hypervisor to run a Linux VM.
Crostini is Chrome OS’S tasty mix of technologies that together enable a Linux container to be fired up in Chromeos. With that Linux applications can be installed, launched and hacked more or less as if the device were actually running Linux (I think you’ll find Chromeos is already running a Linux kernel: you mean Gnu/linux – Ed).
GUI apps should work, albeit slowly, while audio input and output should work, but sadly there’s no USB access available at present.
Crostini is only available for some Chromebooks and tablets. Older, 32-bit Arm devices are certainly not supported, but some newer Aarch64 devices, like the Rockchip Rk3399-based Chromebook Flip 101PA and Samsung Chromebook Plus, are up to the task. Newer x86 devices will almost certainly be fine, but older ones won’t. The Bay Trail CPUS used in Chromebooks lack the required virtualisation extensions: Intel VT-X aka VMX, AMD AMD-V aka SVM. The official list of
supported devices can be found at http://bit.ly/ lxf250crostini. This list doesn’t seem to be quite up to date, so it’s worth hunting around.
You can enable Crostini from the Chrome OS settings page: scroll down to the ‘Linux (Beta)’ option and activate it. If there’s no such option then either your device isn’t supported, or it isn’t supported yet. It’s possible that if you switch to the Beta or Dev channels the option might appear.
The gateway to our freshly baked Linux VM is the
Terminal application – not the Crosh shell – which you should find has appeared in the Chrome OS launcher. Slightly confusingly, the VM that Crostini ultimately fires up is called Termina, which you shouldn’t confuse with the Terminal, a Frankensteined Crosh instance that talks to a container running inside the Termina VM. Inside the Terminal you’ll find your Linux commandline-fu can be put to good use: $ cat /etc/issue
Debian Gnu/linux 9
All the Termina VM does is run containers and the default container is a minimal Debian Stretch-based affair. The initial VM image is updated from Google’s side, but once you’ve enabled the Linux VM you’re responsible for keeping everything inside it up to date. If you turn that feature off – deleting the associated VMS, containers and whatnot – and then re-activate it, a new, possibly updated, VM image will be downloaded.
We can update things as usual with apt, so let’s do that and at the same time flesh out our Frankenlinux by adding our favourite text editor and system information script, neofetch:
$ sudo apt update
$ sudo apt upgrade
$ sudo apt install nano neofetch
Note that no password is set up for the user, which is named from the first part of your Google username. When the command completes run neofetch to verify that you are indeed in a Debian VM. But we’re not limited to Cli-based software, we can install and run GUI apps too; they even integrate nicely with the Chrome OS desktop.
stick it up your Google
It seems appropriately provocative to install Firefox on Google hardware, but let’s go one step further and install the Tor Browser Bundle. That’s based on Firefox, and takes a stance diametrically opposed to Chrome on user privacy. That being said, if you have privacy concerns that warrant use of Tor, we can’t recommend this approach as being bulletproof: what happens in the Termina VM may not necessarily stay in Termina.
Still, you can probably be safe in assuming that your browsing history won’t be tied to your Google account, and a virtualised Tor Browser is probably a more robust way to access Tor than other solutions available on Chrome OS – such as using Guardian Project’s Orbot
app via the Android layer, or a dubious third-party app from the Chrome store.
We’ll install the Tor Browser Launcher from the Debian Stretch backports repo – we could just wget the binary and run it straight from Terminal, but we’re old-fashioned and like packages. Tor Browser isn’t included in the official Debian repo since new versions are released frequently and they depend on newer libraries that have been backported to Stretch. So the first step is to add the Stretch backports repo to apt, which involves editing a text file – just as well we downloaded nano earlier. Run:
$ sudo nano /etc/apt/sources.list.d/stretchbackports.list and add the following line: deb http://deb.debian.org/debian stretch-backports main contrib
Then save and exit with Ctrl+x followed by Y. Now we update the repo cache to acknowledge the backports repo and install the launcher:
$ sudo apt update
$ sudo apt install torbrowser-launcher -t stretchbackports
The launcher fetches and verifies the binary and keeps it updated. Hopefully this will help you feel safer in your browsing of the onions. You can continue installing your favourite Debian packages – having the backports repo activated means some slightly newer software is available – but we wanted to look at something different. At present this requires us to switch to the Developer Channel (see box on the
opposite page). To switch channels, go to Settings > About Chrome OS > Detailed Build Information.
VIRGL media
For our purposes moving away from the Stable channel will avail us of some new features in Crostini. In particular, hardware permitting we can get 3D acceleration for our Linux applications via the VIRGL virtual graphics device – see our LXF243 interview with Collabora’s Daniel Stone for some insight into this project. We need to stop and restart our VM to take advantage of the new technologies, which is done from the Crosh shell. So open up Chrome, hit Ctrl+alt+t and enter the following incantation:
> vmc stop termina
> vmc start --enable-gpu termina
If that doesn’t work it’s most likely your device isn’t supported. If it is, the prompt will change to (termina) chronos@localhost , but don’t worry, we’re hopefully done with Crosh for now. So close the Crosh tab, open the Terminal application and run:
$ glxinfo -B
All going well, you should see some output which includes:
Opengl vendor string: Red Hat
Opengl renderer string: Gallium 0.4 on virgl
If you see references to ‘Vmware, Inc.’ and ‘llvmpipe’, then it is with some regret that we must tell you that it’s not working. Remedying this is probably a matter of waiting until Crostini support is more mature. If on the other hand it works, we can try out some Opengl apps.
It’s common to misuse the timeless cog renderer
glxgears for this purpose, but this might just lead to confusion. On the Pixel Slate, there was noticeable tearing and stuttering with glxgears running maximised under software rendering. With VIRGL the rendering was certainly much smoother, even when the window was maximised, but the FPS readings were lower.
Glxgears also helpfully informed us that the renderer was synchronised to the refresh rate of 60Hz, which meant that our FPS should be around the same, but then proceeded to output much higher values. You can compare and contrast with software rendering by closing the Terminal app and restarting the VM from
Crosh. Ultimately, don’t give too much credence to the numbers – it’s more of a qualitative sort of a thing.