Can't disable module_locking in ChromeOS dev channel #1278
Comments
|
Yep you are right, https://chromium.googlesource.com/chromiumos/third_party/kernel/+/c53c314ecf5f48bea1dd0ce07be492d4a081f3dd The only workaround is to enable it in the boot parameter. http://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices/running-virtual-machines-on-your-chromebook Very unhappy with... |
|
I recently noticed in an article on the chromium site where it speaks of how to 'Enable VMX Support' that, in addition to specifying 'disablevmx=off' that they also add 'lsm.module_locking=0'. Maybe this is now needed too. In the wiki that gives a step-by-step method to 'Repack kernel to Enable VT_x for Virtualbox', I think Step 6. might need to be ammended to add lsm.module_locking=0, as in:
I've modified my script 'enable-vmx.sh' to incorporate it. |
|
Thanks for the suggestions. I used the 'enable-vmx.sh' script which completed successfully and I was able to load vboxdrv modules, verified by 'lsmod |grep vbox'. Unfortunately now as soon as I fire up a virtual machine the Chromebook reboots, whether I have VT-x enabled in the VM or not. Any thoughts? |
|
Sorry but I recently got a new HP Chromebook 14, my Acer C710 died, and I haven't loaded any VM's on it yet. |
|
So this means to load modules verified boot has to be disabled and the kernel has to be rebuilt. What a pain in the ass just to load modules. At least there is still a workaround posted, thanks for the script Dennis. I am not interested in virtual machines but I am interested in loading extra modules sometimes. |
|
I got around to re-compiling the kernel within a dev channel session. After I installed the new kernel, applied the 'enable-vmx.sh' script and rebooted my Virtualbox machines start and run OK now. Thanks to Dennis and all for the suggestions and support. Of course I removed the /sys/module/lsm/parameters/module_locking stuff from /etc/rc.local. I guess once these changes make it to stable the module loading instructions in the wiki will need to be updated. |
|
OK, module_locking may be returning. Feel free to star the bug to get updates, but there's no need to comment on it. |
|
@dnschneid Thanks for taken the time for this. The ability to load your own kernel modules without disabling verified boot is something that really adds a nice fun factor and a very useful feature on dev mode. Hopefully this issue can be closed soon in a positive way. |
|
@dnschneid Thank you so much for this and everything you do for crouton. I really appreciate you going to bat for us. From your avid crouton fans. I'm really hoping this feature can be preserved in dev mode. |
|
Update: module_locking is not returning, so kernel flags are the only way forward. |
|
I am working on a script to simplify changing kernel flags with also the possibility to revert any changes, so go back to a previously backed up signed kernel. Once this is done I will update the wiki pages. |
|
@divx118 - |
|
Its official :) I just received a normal update from Google and no more module_locking. |
|
Ok, I put my script online https://github.com/divx118/crouton-packages/blob/master/change-kernel-flags a short description is in https://github.com/divx118/crouton-packages/blob/master/README.md |
Looks like v41 dev channel does not have /sys/module/lsm/parameters/module_locking present so the rc.local script provided to allow insertion of modules does not work for things like Virtualbox, etc. Does anyone know of a work-around?
Thanks,
The text was updated successfully, but these errors were encountered: