WARNING, THE FIREWALL DOESN’T WORK ON DEFAULT ARMBIAN IMAGE FOR RADXA SO DISABLE IPV6 (and verify in network-manager) AND USE YOUR INTERNET BOX NAT

root@rock-5b:~# lsmod | grep tabl
ip_tables              24576  0
x_tables               32768  1 ip_tables
root@rock-5b:~# iptables-save 
iptables-save v1.8.7 (nf_tables): Could not fetch rule set generation id: Invalid argument

To resolve this (and use iptables, (g)ufw still unusable):

update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

Table of Content

Introduction
ARMbian base installation
activate the PPA
Chrooted Arch Linux

Introduction

I Just bought few weeks ago a Radxa Rock5 Model B, based on Rockchip RK3588 powerful and energy efficient SoC. It costs around 250 $ with 16GB, I added a 128GB (pluggable) eeprom for 72$ and few accessories (thermal disspator I still didn’t need to use, PD (USB-C) power supply and a light box (the metal box was no more available), and the more important, a USB<->UART (serial) wire. You will see later that it is today (january 2023) needed to be able to install some distribution as ARMbian (at least my model, it looks like provided kernel had HDMI output on older one).

The default Radxa proviced image, use ARM made, closed source Mali driver, that is quite limited (including no desktop OpenGL, only GL ES), I so installed an ARMbian, and needed to tune a lot to have working one.

ARMbian, made a great work at integrating the closed source patched Linux (5.10) kernel with some flavours of preinstalled Debian and Ubuntu GNU/Linux distributions.

I choose Ubuntu flavour, as first test, as it provides the liujianfeng1994 PPA to obtain GPU (via Panfork, a fork on panfost, using some ARM binaries) and video (via Rockchip multimedia libs) acceleration.

I tried Xubuntu flavoour without success with 2 included kernel (no HDMI output), the default GNOME version, doesn’t have either HDMI output with the default kernel (5.10.110), but can be easily switched to 5.10.72 that works just fine.

ARMbian base installation

As said previously, I used ARMbian 22.11 Jammy GNOME (magnet torrent link), as I didn’t manage to have any HDMI output with XFCE version.

After downloading the previous link, you can write on disk with dd or if you are not sure of your SD or eeprom, with ARMbian recommanded writing tool, that verify that write is correct, and there is no wrong blocks. Arch Linux Wiki give some generally available tool for writing USB, including some with verification. Both recommand USBImager (available in AUR package on Arch). gnome-multi-writer is available on both Debian, Ubuntu and Arch Linux. If you are not sure about the process it’s still safer to use this kind of tool. Here is the full ARMbian guide about writting the image on an SDcard.

The first time you need another computer to connect by serial to the terminal and change the kernel (see this former article about possible remote connexion methods). As said on RadXa website the default speed is 1500000 (not 115200), so 1.5Mb/s. look at this page to know how to connect serial to the board. You can boot the board with serial only current, but you will have more stable power with the PD/QC (>2A) powered USB.

You can so use, for exemple, with GTKterm:

gtkterm --speed 1500000 --port /dev/ttyUSB0

I had some problems with screen, the minicom exemple given works better, I used it to make this first boot Asciinema screencast (local file copy, playable with ASCIInema (package asciinema))

You can then boot the board and follow the procedure. It will take few tens of seconds to few minutes to boot, please be patient.

After the reboot you should then install minimal things, (not sure it’s not already the case):

apt install armbian-config armbian-firmware

And, using armbian-config, change kernel to 5.10.72 to obtain HDMI output (at least in my case).

So launch armbian-config

Here is a ASCIInema screencast of the process (local file copy playable with ASCIInema (package asciinema))

Select System

Select Defreeze to unlock kernel and modules changes

And confirm with Defreeze

Now, select Other to change current used kernel

Then check the [*] Yes, I understand box and then Accept

Now, select the second line kernel, the first with 5.10.72 to change currently used kernel.

It will ask you to Confirm reboot.

After reboot, the HDMI should work.

Don’t forget to launch again armbian-config to freeze the kernel and modules, else HDMI could again gone away.

Here is a ASCIInema screencast of the process (local file copy playable with ASCIInema (package asciinema))

So go again to System

and this time choose freeze

activate the PPA

For this part, just follow what is on the ARMbian Radxa Rock5 page

sudo add-apt-repository ppa:liujianfeng1994/panfork-mesa
sudo add-apt-repository ppa:liujianfeng1994/rockchip-multimedia
sudo apt update
sudo apt dist-upgrade
sudo apt install kodi

Chrooted Arch Linux

The ARMBian Firefox-ESR (firefox 102) is quite old and strangely doesn’t support video acceleration on lot of online videos. You can still use epiphany browser (epiphany-browser package, epiphany package is a boulder-dash clone). It is available with the name Web and a blue ball in the Internet submenu of applications.

But as I exported my finetuned Firefox connfiguration from an Arch Linux (Firefox 108 at this time), I couldn’t even import my configuration in ESR :(. so my bookmarks, password manager, search engines, adblockers and script blockers configurations, etc. Some video can’t even be played in this Firefox anyway, and installing Ubuntu one is worst; It depend on huge an clumpsy snapd, buttons for upload/dowload doesn’t work in websites (drag’n'drop work for upload strangly), and everything is super slow, and video not accelerated at all (but all video works… slowly, maybe at 5~10fps).

I then chrooted an archlinux, and noticed that default and non snapdised firefox works perfectly with video acceleration. This can be done in few steps. Audio was a bit more tricky, but after setting one first time it work each time, where X11 ned to have a fresh copy of Xauthority.

First to easy chrooting, you need the Arch Install scripts. They can be compiled without problems on debian.

First you need build-essential and asciidoc-base, I use wget to get files from HTTP/FTP:

apt update && apt install asciidoc-base build-essential wget

Then et the tarball from Here, unarchive and compile it:

wget https://github.com/archlinux/arch-install-scripts/archive/refs/tags/v28.tar.gz
tar xf v28.tar.gz
cd arch-install-scripts-28/
make
sudo make PREFIX=/usr install

Then get the last ArchLinux ARMv8/aarch64 rootfs and unarchive it with root privileges to have good rights (you should have some warnings). I put it in /opt/archlinux

cd /opt
wget http://os.archlinuxarm.org/os/ArchLinuxARM-aarch64-latest.tar.gz
mkdir archlinux; cd archlinux;
sudo tar xf ../ArchLinuxARM-aarch64-latest.tar.gz

Now you can chroot easily in the directory, dont forget to mount –bind each time your reboot your system, as it will been needed to install arch pagckage, else you will have an error about mountpoint of /var/cache/pacman/pkg:

sudo mount --bind /opt/archlinux /opt/archlinux
sudo mkdir -p ${chroot}/run/user/1000
sudo mount --bind /run/user/1000 ${chroot}/run/user/1000
sudo arch-chroot /opt/archlinux

The /run/user/1000 is used at least by PipeWire for audio, you will need to set the XDG_RUNTIME_DIR to use it, see bellow.

You are now chrooted. Before be able to update or install package you will need to populate archpackages PGP keys.

code>pacman-key --init
pacman-key --populate
pacman -Syu

And now you can use chrooted arch as usual. To be able to use Firefox in chrooted environement. First update current packages with pacman:

pacman -Syu

Then install needed xorg-auth tools anf firefox:

pacman -S firefox xorg-xauth

Delete the default alarm user (UID 1000, GID 1000) and replace it by your user, so your user can use it to be sync to Debian or Uubuntu.

You can define the name of your user in a variable for this:

myuser=toto

Delete alarm and create a user with the same id and name than your system user.

userdel alarm  
useradd $myuser
mkdir /home/$myuser
cp -a ~$myuser/.Xauthority /home/$myuser/.Xauthority
chown $myuser -R /home/$myuser
usermod -a -G audio,input,video,render $myuser
groupmod --gid 116 audio
groupmod --gid 106 input
groupmod --gid 109 render
groupmod --gid 44 video

The usermod aloow to add user in audio (play/record audio), input (graphics tablet and other advanced inputs), video (video decoding (not sure it is useful), and render (3D rendering).

The groupmod is used to have the same gid on the arch host than default ubuntu one.

If you have several audio devices you can set the device you want as default, by first looking the number of the “card” (device) you want to select with: alsactl info

For my USB audio headset for exemple, I found it as Card 4:

[…]
#
# Sound card
#
- card: 4
  id: H340
  name: Logi USB Headset H340
  longname: Logitech Inc. Logi USB Headset H340 at usb-fc8c0000.usb-1, full speed
  driver_name: USB-Audio
  mixer_name: USB Mixer
  components: USB046d:0a38
[…]

So I defined it as default card by creating /etc/asound.conf with the following rules:

defaults.pcm.card 4
defaults.ctl.card 4

Then in other virtual terminal tab, get the xauth parameters, you will need to copy current xauth session at each new X11 session (when you deconnect or reboot your computer). There are two ways for this:

The more straight one is to just copy the .Xauthority file, it will override any previous settings in this file.

cp -a ~${myuser}/.Xauthority ${chroot}/home/${myuser}/

This is more conventionnal way, allowing a host to connect to several remote hosts, here output is an exemple:

myuser@rock-rb:~$ xauth list
rock-5b/unix:0  MIT-MAGIC-COOKIE-1  8fc6dfacd55a50d2d58bed78339

You need to copy your output in chrooted env now:

su - $myuser
xauth add rock-5b/unix:0  MIT-MAGIC-COOKIE-1  8fc6dfacd55a50d2d58bed78339

add the following entry in ${chroot}/home/${myuser}/.xsessionrc to have the autoselection of the correct display:

export DISPLAY=:0

You need also to set XDG_RUNTIME_DIR variable, you can add this line in your user .bashrc

export XDG_RUNTIME_DIR=/run/user/1000

To have .xsessionrc working you should use something like this to log in your user from root chroot.:

sudo -u ${myuser} bash

If you use the following line to sudo, you will have to type manually export DISPLAY=:0:

su - ${myuser}

More efficiently, you can simply start directly an xterm or any other kind of term, so you will not have to resudo several time (xfce4-terminal is in xfce4-terminal package, you can add tabs from ther terminal by ctrl+alt+t combo:

sudo -u ${myuser} xfce4-terminal

And you can launch Firefox now. don’t forget to copy your ~/.mozilla dir before launching it if you want to avoid all Google & co spying by default. You can also launch an xterm (pacman -S xterm to install it) and launch other things from it.

xterm