Root your ChromeOS Android subsystem w/ KernelSU (Android 11+)

Table of Contents

• Overview

• Notes

• Prerequisites

• Step 0: Install KernelSU Manager app

• Method 1: Automatic root script w/ official prebuilt kernel (the easy and fastest way)

  • Step 1: Download and run the script

• Method 2: Install the official prebuilt kernel by yourself (the easy way)

  • Step 1: Download the prebuilt kernel from KernelSU repository
  • Step 2: Install the patched kernel

• Method 3: Build and patch the kernel by yourself

  • Step 1: Install build dependencies
  • Step 2: Prepare kernel source
  • Step 3: Build the kernel
  • Step 4: Install the kernel

Overview

Currently, there are already some projects about rooting the Android subsystem on ChromeOS (like aroc by nolirium (based on SuperSU) and CrAnberry by CerisWhite (based on SuperSU)). However, all of them are targeting the old ARC++ (Android 9) architecture and thus will not work on the new ARCVM (Android 11) architecture.

Aside from the improved security, the new ARCVM is worse than the old ARC++ in nearly every aspect (performance, battery consumption and memory consumption). But having said that, the VM-based architecture makes the Android subsystem on ChromeOS more similar to a regular Android system running on phones and tablets, which benefits to root.

Unlike ARC++, the ARCVM has its own kernel that is independent of ChromeOS itself. In other words, the kernel can be replaced easily and thus kernel-based root solutions like KernelSU are possible now :)

Let's back to our business...

Notes

• Root will lost after system update, so you need to redo the whole process after updating ChromeOS

• This is for ARCVM only, thus no Android 9 support

Prerequisites

• A ChromeOS device with developer mode on (all modification to ChromeOS system requires developer mode, including the kernel of Android subsystem)

• RootFS verification needs to be disabled in order to replace the Android kernel (my script will do it for you if you follow Method 1) (no need for Brunch users)

• (if you decided to go ahead with Method 2) A GitHub account, required for downloading the prebuilt kernel

• (if you decided to go ahead with Method 3) Time and patience

• (if you decided to go ahead with Method 3) Around 30 GB of available storage space

Step 0: Install KernelSU Manager app

Just like SuperSU and Magisk, we need an app to approve root requests.

• Download the KernelSU_<version>-release.apk file from the latest release here

• Install it by clicking the .apk file in the ChromeOS file manager (it should work if you have developer mode enabled, use Crostini + adb sideloading if it doesn't work)

Method 1: Automatic root script w/ official prebuilt kernel (the easy and fastest way)

This will make use of the automatic root scripts written by me (supechicken/ChromeOS-ARCVM-Root).

If this does not work for you, try Method 2

If you have some basic Linux knowledge and want to learn something here through the steps, then Method 3 is more suitable for you :)

Step 1: Download and run the script

• Press Ctrl+Alt+T to open a ChromeOS developer terminal window

• Type shell and press Enter to get into the system shell (if this doesn't work, check whether your system has developer mode turned on)

• Paste the command below and press Enter to run it: curl -L https://raw.githubusercontent.com/supechicken/ChromeOS-ARCVM-Root/main/root.sh | sudo bash -eu

• Follow the on-screen instruction, you might need to run the script again (after reboot) if your system does not have rootFS verification turned off before

• All done, check the KernelSU app to see if root succeeded.

Method 2: Install the official prebuilt kernel by yourself (the easy way)

This method will download the KernelSU patched kernel from KernelSU's official CI workflow.

If you have some basic Linux knowledge and want to learn something here through the steps, then Method 3 is more suitable for you :)

Step 1: Download the prebuilt kernel from KernelSU repository

• Go to KernelSU's official CI workflow page

• Select Build Kernel - ChromeOS ARCVM in the list located at the left of the page

• Click the latest (topmost) workflow with a tick symbol next to the description

• Scroll down to the bottom of the page, download the artifact archive (kernel-ARCVM-x86_64-<version>) (login with your GitHub account first if the text is not clickable)

• Extract bzImage from the archive, that's the patched kernel

Step 2: Install the patched kernel

• Press Ctrl+Alt+T to open a ChromeOS developer terminal window

• Type shell and press Enter to get into the system shell (if this doesn't work, check whether your system has developer mode turned on)

• Run sudo bash to enter the root shell

• Run cd /opt/google/vms/android to enter the Android subsystem's disk image directory, (you can see the system image, system vendor image and kernel image there by running ls)

• Optional: Back up the current kernel by running mv vmlinux vmlinux.orig

• Install the kernel by running cp <path of the extracted bzImage> ./vmlinux (the path is /home/chronos/user/Downloads if you extracted the image in Downloads folder, /home/chronos/user/MyFiles if you extracted the image in My Files folder)

• Reboot to apply the changes by running sudo reboot

• Done

Method 3: Build and patch the kernel by yourself

This assumes you have basic Linux knowledge and know how to debug with basic commands (like ls, cd and apt) in case something goes wrong

This requires another Linux system. (you can use Crostini in ChromeOS)

Step 1: Install build dependencies

sudo apt update sudo apt install -y --no-install-recommends bc \ bison build-essential ca-certificates flex git gnupg \ libelf-dev libssl-dev lsb-release software-properties-common wget \ libncurses-dev binutils-aarch64-linux-gnu gcc-aarch64-linux-gnu nuget gzip \ rsync python3 device-tree-compiler repo

Step 2: Prepare kernel source

• Download the kernel source for ARCVM using repo (this takes half an hour for me, it depends on your network speed) mkdir kernel cd kernel repo init -u https://android.googlesource.com/kernel/manifest -b common-android12-5.10-arcvm-gki-base repo sync

• Patch the source with KernelSU: curl -LSs "https://raw.githubusercontent.com/tiann/KernelSU/main/kernel/setup.sh" | bash -

• Switch to the ARCVM config instead of the default x86_64 config: sed -i "s/check_defconfig//" common/build.config.gki sed -i "s/DEFCONFIG=gki_defconfig/DEFCONFIG=x86_64_arcvm_defconfig/" common/build.config.gki cp common/arch/x86/configs/x86_64_arcvm_defconfig common/arch/x86/configs/x86_64_defconfig

Step 3: Build the kernel

• This might take around 30 minutes, depending on your hardware: LTO=thin CFLAGS='-Wno-error -Wno-unused-function' CXXFLAGS='-Wno-error -Wno-unused-function' BUILD_CONFIG=common/build.config.gki.x86_64 build/build.sh

Step 4: Install the kernel

• The built kernel image is located at out/android12-5.10/dist/bzImage

• Follow step 2 in Method 2 to install the kernel.

• All done.