Jan-Lukas Else

Thoughts of an IT expert

How I got Crostini to work in Chrome OS Flex

Published on in 👨‍💻 Dev
Updated on
Short link: https://b.jlel.se/s/577

I blogged that I could not run Linux support (Crostini) on CloudReady and Chrome OS Flex. Every time I tried to enable Linux support in the settings, the activation failed with an error.

Also when I then tried to open a Linux terminal the following error came up:

Launching vmshell failed: Error starting crostini for terminal: 5

According to CloudReady, this is due to “unmitigated CPU vulnerabilities”.

Now, hidden in a Reddit comment thread, I found a solution that actually works.


For this I had to copy Ubuntu to a USB stick and start it on the laptop in live mode. Using Gnome Disks, I searched for the EFI partition, which in my case was /dev/sda12, and mounted it:

sudo mount /dev/sda12 /mnt

With sudo and Gedit, nano or vi (or any other text editor) it is then possible in the file /mnt/efi/boot/grub.cfg to add the following to the list of parameters after linux in each entry (you can just append it to the end of the line):

kvm-intel.vmentry_l1d_flush=always

But when using legacy BIOS, other files need to be adjusted, as pointed out by a Reddit user!

The Ubuntu Wiki describes the option:

Configuration options are available to deviate from the default L1 data cache flushing behavior and either always perform a cache flush or never perform a cache flush when entering a guest. Always flushing the cache will negatively impact performance in a manner that’s dependent on the workload inside of the virtual machine while never flushing the cache will make your system vulnerable to CVE-2018-3646. Use the “kvm-intel.vmentry_l1d_flush=always” or “kvm-intel.vmentry_l1d_flush=never” kernel command line options to change the default persistently across reboots. Write “always”, “cond” (the default), or “never” to /sys/module/kvm_intel/parameters/vmentry_l1d_flush to temporarily change the behavior.

In summary, this means that VMs with this option may run a bit slower, but are more secure.


It worked for me and I was now able to install Visual Studio Code in Chrome OS Flex and access my home server via SSH and program from there! 😄

Tags:

Jan-Lukas Else
Interactions & Comments