Here's all you need to know about Google's year-long secretive development of Linux app functionality in Chrome OS, also known as Project Crostini.

In a nutshell, it's a way to run regular Linux applications on Chrome OS without compromising security or enabling developer mode. The (not yet available) official setting states that it's to "Run Linux tools, editors, and IDEs on your Chromebook."

Crostini is a culmination of several years of development that enabled the functionality to run securely enough to meet Chrome OS's high-security standards. To understand why it's only just appearing, it's best to look at what came before.

Putting Crostini in context – the dark ages of Chrome OS

Before Android apps arrived on the scene, there wasn't much in the way of offline functionality let alone useful productivity apps in Chrome OS. Why would any sane person buy a Chromebook? “It’s just a web browser,” was the closing remark of every Chromebook review. The Chrome Web Store was as much as you'd get, but the selection of apps was pretty poor and rarely updated. The adventurous could try to run Android applications using a tool called ARC Welder, but that was hit-or-miss and performance was poor.

To get around offline limitations, frustrated users either wiped Chrome OS and installed Linux or used the open source tool Crouton to set up a simultaneous desktop environment [e.g Ubuntu Unity] working on top of the Chrome OS kernel.

Screenshot of Crouton installation

Running a replacement GNU/Linux distribution or Crouton required a fair bit of know-how and was often riddled with bugs—and neither option was particularly user-friendly or secure. Press the wrong key and you’ll wipe your device or brick it, and if you left your Crouton environment unencrypted, any guest user could access it.

Android app integration, setting a precedent

Android apps landed on Chrome OS in 2016 and was a huge leap in offline-functionality, but enabling this functionality wasn’t just plug-and-play. The only way it could work on an OS that values security was if it was effectively sandboxed.

The novel solution the Chrome OS developers chose was containerization, a way to bundle applications into standalone executable packages. Using a container and more than a few tweaks, they managed to get the full Android environment and all its dependencies to run in a container, separated from the rest of Chrome OS yet running on the same kernel.

But Android apps aren't usually developed with a desktop/laptop form-factor in mind. Add a poor touch experience on Chrome OS into the mix and you've got yourself a frustrating productivity session if apps worked at all.

Android apps on Chrome OS can be a headache sometimes

While Android apps helped bridge the productivity gap so far, there was still that yearning for the massive library of full desktop apps. As with the initial Android problem, simply opening up the ability to run Linux applications would increase Chrome OS's attack surface because malicious applications could have access to everything on the host OS. So this time the developers designed Linux app functionality as siloed as possible, on top of what they already learned with Android.

Defense in depth

As the name implies, Crostini is like Crouton, but instead of having an insecure user space sitting alongside Chrome OS, it's got two walls between them. The first wall is Termina VM, a Chrome OS KVM (Kernel-based Virtual Machine) implementation. Once that VM starts, it puts up the second wall—a container—which then has the app you actually want to run. So when you want to run your full-fledged Klondike desktop app, it runs in a container-inside-a-VM.

The developers haven't made the public-facing documentation particularly digestible from a non-technical point of view, but from my unofficial layman’s reading, the software architecture for Chrome OS now probably looks like this [note: all work my own, definitely not an official document of the Chrome OS team, probably completely untrue, please don’t hurt me]:

Diagram of what we think Crostini architecture looks like

In short, the VM component has a separate user space and virtual devices (vCPU, IP, MAC, etc.), and the container is a packaged app that utilizes those resources. At this point, I should add a caveat that the VM component doesn't actually emulate any hardware.

Rich people only… for now

Some, like the community at Reddit's /r/Crostini, have already started tinkering with Crostini on their Google Pixelbooks. Unfortunately, the Pixelbook is the only device that has Crostini functionality so far, but signs point to other devices, even ones with ARM system-on-chips, receiving support in the future. But perhaps not quite yet for 32-bit machines. There are also hints that some parts of VM functionality required to run Crostini won't be available for devices with older kernel versions.

If you’ve gotten this far, you’re probably wondering: What can I run? Success has been limited. Chrome developers have hinted that they have Visual Studio running. Reddit users have gotten WINE and Android Studio working, and ChromeUnboxed did a handy video demo. But we probably won’t know the full capabilities—and limitations—before Google actually showcases something. What we do know is that apps are persistent, meaning that you can continue where you left off and that the developers are working on making them available in your recent apps list.

What next? A few points to consider

If you are in the developer channel on a Chromebook other than a Pixelbook, the Terminal app may have arrived on your Chromebook. You might see a "failed to start concierge" error. That's because VM functionality hasn't been enabled on devices other than the Pixelbook… yet.

We don't yet know how resources are allocated and what kind of overhead these nested apps produce. The idea of gaming on Linux-compatible Steam games is enticing, but if GPU-acceleration isn't available then, for now, it's a no-go.

We don't know what limitations the host/container air gap will produce (if any). The communication between the container and Chrome OS is controlled, so will that introduce latency or even disable some peripherals?

We have many unanswered questions, and it’s only a matter of time until all is revealed. Many are convinced Google I/O 2018 in a few weeks will be the big reveal—it makes sense as it’s a developer conference. In the meantime, stay tuned as we keep track of Crostini.


Sources:

Maksim Lin – Chrome OS Containers

Chromium Git - ARC container bundle, vm_tools, project-termina, crosvm