Android 13 virtualization hack runs Windows (and Doom) in a VM on Android

Here is a enjoyable new function of Android 13: working virtualization assist. Google is constructing virtualization into Android for its personal causes, however Android developer kdrag0n has commandeered the function as well ARM Windows 11 and desktop Linux. The developer even acquired the Home windows model of Doom working, all inside a VM on the Pixel 6.

kdrag0n says that Android 13 has “full KVM performance” at “near-native efficiency.” You want root to allow the performance, which does not assist GPU acceleration. The performance additionally would not assist nested virtualization, so whereas now you can run Android on Home windows and Home windows on Android, making an infinitely nested OS turducken is out of the query.

This makes for a neat demo that is by no means what Google desires to do with Android’s upcoming VM assist. Esper’s Mishaal Rahman has been meticulously monitoring Android’s virtualization progress for a while now, and the obvious plan is to sometime (possibly in Android 13) use digital machines as a safety and privateness sandbox for numerous options. Think about as an alternative of processing delicate information on the regular app permission stage, the info might be processed in a separate OS, so any attackers must break by means of the app safety mannequin, then Android, then the hypervisor, then this different, non-public OS.

Sure, it runs Doom (connecting to the telephone’s Home windows VM from my pc for keyboard enter) pic.twitter.com/6PORUnJk8m

— kdrag0n (@kdrag0n) February 14, 2022

The primary a part of Google’s virtualization work is standardizing the Linux kernel shipped with an Android system. Right now, the kernel on Android is Android’s traditional story of fragmentation, with each particular person telephone mannequin transport a customized model of the Linux kernel loaded with particular modifications and drives. Kernels principally by no means get up to date, and it is very arduous to roll out any virtualization options at an OS stage when actually 10,000+ completely different Android kernels are on the market. Google’s plan to standardize the Linux kernel known as the “GKI” or “Generic Kernel Picture.”

The Generic Kernel is the Android kernel with as few modifications as attainable, and any producer modifications or {hardware} assist is finished by way of a module system. Now the principle kernel is standardized and has a recognized set of options. In the future, the kernal could even be updatable. The GKI is transport first on the Pixel 6, which is why the Pixel 6 is the primary (and to this point solely) Android telephone that may do that.

Google is adopting the Linux kernel’s KVM and Chrome OS’s digital machine supervisor, crosvm. The corporate can also be constructing a headless, stripped-down model of Android to run in a VM.

Beforehand, this tiny OS was thought to go by the title “Microdroid,” however that moniker simply appears to be a label in Google’s VM software program. The extra correct title seems to be “CompOS,” as in an OS meant for performing remoted compilation. All of this code will ultimately be shipped to each Android telephone by way of a brand new “virt” Mainline module.

Google imagines working the principle Android distribution and the protected VM on the system hypervisor, making the VM information a complete further stage of personal and safe from even essentially the most restrictive Android settings. For starters, Google desires to make use of it as a alternative for ARM’s TrustZone (working issues like DRM) and cryptography work. Google desires to eliminate TrustZone as a result of TrustZone is stuffed with highly-privileged, third-party proprietary code, and since TrustZone is sluggish. With a quicker safe surroundings to do work in, Google may begin doing extra time-sensitive duties like voice recognition in certainly one of these non-public VMs. To this point, the corporate looks as if it is making progress!

Itemizing picture by Andrew Cunningham