MrChromebox's coreboot
The MrChromebox's coreboot is a coreboot fork maintained by one of the coreboot leaders [1], Matt DeVillier (MrChromebox) [2]. The fork targets Chrome OS devices based on x86 architecture. ARM is not supported [3].
Firmware Utility Script
Even though the scripts are stored on GitHub, the blob files will be downloaded from the MrChromebox's website [4]. In the case of firmware blobs, only md5 and sha1 checksum verification is implemented, but the checksums are also stored on the website, which breaks all security. [5] [6] [7] In addition, the script downloads binary tools from the website without any verification and runs them as root. [8] [9] [10] Therefore, there is no way to know if the blobs or tools have been compomised.
MrChromebox provides a script that automatically detects the motherboard, downloads the compiled coreboot as a blob, injects the VPD into that blob, disables write protection, and flashes it to the device. The script can be executed as follows:
user $git clone https://github.com/MrChromebox/scriptsuser $cd scriptsroot #./firmware-util.shThe current state of the script running on various live images:
| Distribution | Version | Date | Status | Notes |
|---|---|---|---|---|
| Gentoo LiveGUI USB Image | 20240707T170407Z | 2024-07-14 | Borked | The kernel is not permissive enough. |
| Linux Mint Cinnamon Edition Live Image | 21.3 | 2024-07-14 | Works | Works out of the box. |
| Ubuntu Desktop Live Image | 24.04 LTS | 2024-07-14 | Works | Requires curl to be installed. |
Manual installation
Device list
This is a list of Chrome OS devices on which manual installation has been successfully performed. Feel free to add to the list!
| Device | Motherboard | Coreboot version | Owner(s) | Status | Notes |
|---|---|---|---|---|---|
| Lenovo IdeaPad Flex 5 13IML05 Chromebook | akemi | 2405.0 | Lars Hint | Works |
Linux Mint environment
EFI users should be aware that if Linux Mint is installed on an external disk, the EFI partition type code of the internal disk must be changed from EF00 to another partition type (e.g. 8300), otherwise the installer will screw up the partition instead of creating a new one on the external disk.
After writing a live Linux Mint image to a USB drive, the following error will occur when booting to the drive and the process will hang:
stdin: Invalid argumentThis happens because Linux Mint checks if the GPT at the beginning of the disk matches the GPT at the end, which does not exist. After checking, Linux Mint writes GPT at the end and hangs. To fix the problem, just do a hard reset and it will work on the next boot.
To achieve a more reproducible environment, the compilation will be performed from a Linux Mint system (version 21.3).
Install crossgcc dev-dependencies:
root #apt-get install git g++ zlib1g-dev gnatInstall coreboot dev-dependencies:
root #apt-get install libssl-dev uuid-dev nasm imagemagickInstall menuconfig dev-dependencies:
root #apt-get install libncurses-devInstall flashrom dev-dependencies:
root #apt-get install libpci-devCreate a symlink to python:
root #ln -s /usr/bin/python3 /usr/bin/pythonCompilation
Clone the repository:
user $git clone --recurse-submodules https://github.com/MrChromebox/corebootuser $cd corebootSelect a version (all versions can be seen by executing git branch --all):
user $git checkout remotes/origin/MrChromebox-2405Compile the cross-compiler:
user $make crossgcc-i386 CPUS=$(nproc)Detect the name of the motherboard:
root #dmidecode --string system-product-nameStarting with version 4.22.0, there is a script in the repository to simplify the build [11]:
user $./build-uefi.sh <MOTHERBOARD_NAME_IN_LOWER_CASE>To see the compiled binary file, run the command:
user $ls ../roms/*.romThe binary is not yet ready for flashing as it requires VPD to be injected.
VPD injection
BIOS region extraction
Compile flashrom with the internal programmer option enabled:
user $git clone https://github.com/flashrom/flashrom
user $cd flashrom
user $git switch --detach v1.4.0-rc1
user $make CONFIG_INTERNAL=yesExtract the BIOS region into a file:
Intel-based device
root #./flashrom -p internal --ifd -i bios -r /tmp/bios.binNon-Intel-based device
root #./flashrom -p internal -r /tmp/bios.binVPD extraction and injection
Compile the cbfstool:
user $git clone https://github.com/coreboot/coreboot
user $cd coreboot
user $git switch --detach 24.05
user $make -C util/cbfstoolCloning the original coreboot repository is optional, as cbfstool is also present in the MrChromebox's fork.
Extract the VPD from the BIOS region extracted earlier:
user $./util/cbfstool/cbfstool /tmp/bios.bin read -r RO_VPD -f /tmp/vpd.binEnsure that the VPD is present:
user $hexdump -C /tmp/vpd.binInject the VPD into the firmware file:
user $./util/cbfstool/cbfstool <FIRMWARE FILE PATH> write -r RO_VPD -f /tmp/vpd.binFlashing the firmware
This step may result in hardware damage or data loss. Before proceeding, ensure that everything required for unbricking is in place.
* flashrom can output some failure messages that can be safely ignored, so it is necessary to know the status code (the last echo command must be equal to zero).
- After rebooting, the screen will be black for a minute.
Intel-based device
root #./flashrom -p internal --ifd -i bios -N -w <FIRMWARE FILE PATH>root #echo $?Non-Intel-based device
root #./flashrom -p internal -N -w <FIRMWARE FILE PATH>root #echo $?Customization
It is highly recommended to perform the customization only after ensuring that everything works with the default values.
Find the location of the configuration file:
user $find ./configs -name "config.<MOTHERBOARD_NAME_IN_LOWER_CASE>.uefi"Copy the configuration file to the root directory of the coreboot repository:
user $cp <PATH_TO_CONFIGURATION_FILE> ./.configThe configuration file has the same structure as the kernel configuration file and can be edited via menuconfig:
user $make menuconfigAfter editing the configuration, the original configuration file needs to be replaced:
user $make savedefconfiguser $mv ./defconfig <PATH_TO_CONFIGURATION_FILE>After replacement, it is necessary to (re)build the firmware by (re)running the build-uefi.sh script.
Custom BIOS name
The name is defined through CONFIG_LOCALVERSION, which can be changed in the build-uefi.sh file to, for example, this:
echo "CONFIG_LOCALVERSION=\"coreboot-2405\"" >> .config
Decreasing the boot timeout
To decrease the menu prompt display time from two seconds to one second:
Payload --->
[ ] Don't add a payload
(1) Set the timeout for boot menu prompt Search for <code>CONFIG_EDK2_BOOT_TIMEOUT</code> to find this item.
Larry the Cow as the splash screen image
Download the image to the root directory of the repository:
user $wget wiki.gentoo.org/images/3/3d/Larry_color.svgAnd set the path via menuconfig:
Payload --->
[ ] Don't add a payload
(Larry_color.svg) edk2 Bootsplash path and filename Search for <code>CONFIG_EDK2_BOOTSPLASH_FILE</code> to find this item.
See also
- Coreboot — a free and opensource hardware initializing firmware which supports multiple boot ROM payloads.
- Chromebook — installing Gentoo on a Chromebook
External resources
References
- ↑ https://www.coreboot.org/leadership.html
- ↑ https://arstechnica.com/gadgets/2017/06/how-to-install-linux-on-a-chromebook/
- ↑ https://github.com/MrChromebox/scripts/issues/41#issuecomment-406382894
- ↑ https://github.com/MrChromebox/scripts/blob/c5773cd93f6edaf0099340bcfecb40d08e3ee591/sources.sh
- ↑ https://github.com/MrChromebox/scripts/blob/c5773cd93f6edaf0099340bcfecb40d08e3ee591/sources.sh#L12
- ↑ https://github.com/MrChromebox/scripts/blob/c5773cd93f6edaf0099340bcfecb40d08e3ee591/firmware.sh#L282
- ↑ https://github.com/MrChromebox/scripts/blob/c5773cd93f6edaf0099340bcfecb40d08e3ee591/firmware.sh#L97
- ↑ https://github.com/MrChromebox/scripts/blob/c5773cd93f6edaf0099340bcfecb40d08e3ee591/sources.sh#L9
- ↑ https://github.com/MrChromebox/scripts/blob/c5773cd93f6edaf0099340bcfecb40d08e3ee591/functions.sh#L256
- ↑ https://github.com/MrChromebox/scripts/blob/c5773cd93f6edaf0099340bcfecb40d08e3ee591/firmware.sh#L433
- ↑ https://github.com/MrChromebox/coreboot/commit/209b167567818df791161a69228cf838624beeb5