Chrome OS devices/Custom firmware
Related articles
Contents
Introduction
Why flash a custom firmware?
Pros
- Adds a much recent version of SeaBIOS
- Adds SeaBIOS payload of coreboot to Chrome OS devices that did not shipped with SeaBIOS.
- Reduce boot time.
- Remove developer Mode screen.
- Enables VMX.
- Fixes some issues (like suspend) without further modifications.
Cons
- Dangerous, might brick your device.
- Cannot boot stock Chrome OS (you can install Arnold the Bat’s Chromium OS build and it should be possible upgrade it to full blown Chrome OS with a script).
- It is possible that some quirks will be added, [1].
Flashing the custom firmware
There are several approaches for flashing a custom firmware:
- Use John Lewis' script which will save you time finding the correct firmware.
- Use Matt DeVillier's ezScript (currently supports only Chromeboxes).
- Manually with
flashrom
, in this case you will need to obtain the firmware by yourself or to compile it from the Coreboot sources (official or Chromium OS fork).
Disable the hardware write protection
See the Disabling the hardware write protection at the Firmware write protection.
Flashing with John Lewis' script
Understanding the script
What John Lewis' getnflash_johnlewis_rom.sh
script does ?
- Automatically downloads Chromium OS 32bit version of
flashrom
. - Backup your current firmware.
- Disables software write protection by running
# ./flashrom --wp-disable
. - Checks the Chromebook product name with dmidecode and download the proper custom firmware.
- Writes the custom firmware.
What the script does not do ?
- Does not ask for confirmation.
- Does not check if the hardware write protection is disabled.
- Does not confirm the compatibility of a custom firmware to a specific Chromebook sub-model.
Conclusions
- Make sure you disabled the hardware write protection.
- Read the FAQ.
- Confirm that your Chromebook model is supported, if your model is untested then visit the coreboot on Chromebooks Google+ community and ask for advice.
Running the script in Chrome OS
- Access your command prompt via VT-2.
Ctrl + Alt + =>
- Enter the command shown on the Download ROM page at John Lewis site.
- After the script exited copy the backed up firmware to an external storage before rebooting the system.
You should now have a custom firmware installed on your device, cross your fingers and reboot.
If you flashed the firmware as part of the installation process then continue by following Installing Arch Linux[broken link: invalid section], if the custom firmware boots the installation media correctly then you might want to enable back the hardware write protection.
Running the script in Arch Linux
- In Arch Linux on 64bit environment you will need to enable the Multilib repository (if it is not already enabled) in pacman.conf and install lib32-glibc.
# pacman -S lib32-glibc
- Install dmidecode.
# pacman -S dmidecode
- Enter the command shown on the Download ROM page at John Lewis site.
- After the script exited copy the backed up firmware to an external storage before rebooting the system.
You should now have a custom firmware installed on your device, cross you fingers and reboot.
If the custom firmware boots Arch Linux correctly then you might want to enable back the hardware write protection, although John Lewis states that it's not necessary and will only make upgrading more difficult later. However, if you do not re-enable it you want to be careful not to use flashrom.
Flashing with ezScript
Currently ezScript supports only Intel based Chromeboxes.
Before installing this custom firmware carefully read instructions at ezScript official page. To install firmware only use install option #5 (Install/update: custom coreboot Firmware
).
Manually with flashrom
The use of the upstream flashrom package is discouraged as it's missing operations like --wp-disable
, --wp-status
and it will not write firmware successfully to the ROM of the Chromebook unless it already been programmed externally (i.e. flashing by another device over SPI with SOIC clip), this is why it's recommended to use Chromium OS's flashrom
.
Get flashrom for Arch Linux
- Download a 64-bit statically linked Chromium OS's
flashrom
version.
# wget --no-check-certificate https://johnlewis.ie/flashrom # chmod +x flashrom
Do not forget that flashrom
's location is not in $PATH
, to execute it you will need to precede the command with ./
, e.g. # ./flashrom
.
Get flashrom for Chrome OS
Chrome OS already includes flashrom
.
Basic use of flashrom
- Disable software write protection before writing to the firmware chip.
# flashrom --wp-disable
- Backup firmware from the firmware chip.
# flashrom -r old_firmware.bin
- Write firmware to the firmware chip.
# flashrom -w new_firmware.bin
Flashing back stock firmware
Disable the hardware write protection and follow the how to manually flash firmware with flashrom
to flash the backup of your stock firmware.
Unbricking your Chrome OS device
Required tools
- Programmer, both the Raspberry Pi and the Bus Pirate are mentioned as compatible devices on the flashrom wiki. The Bus Pirate is preferable as it will allow you to use Chromium OS's version of
flashrom
that supports--wp-disable
and--wp-status
flags. - SOIC clip is recommended, see [3].
- Female jumper wires.
- If you want to use Chromium OS's
flashrom
another Linux machine (32bit or 64bit) is required.
General idea on the unbricking process
- Connect the jumper wires to the programmer and the SOIC clip.
- Connect the SOIC clip to the ROM chip.
- If your programmer is running Linux (Raspberry Pi) then modprobe the spi modules.
- If your programmer is not running Linux then connect it to your Linux machine.
- Write the firmware with
flashrom
, you might need to disable software write protection by runningflashrom
with the--wp-disable
flag (this is why Chromium OS'sflashrom
is handy).
Recommended reading about unbricking
- Flashrom's wiki pages on ISP, Bus Pirate, Raspberry Pi and SOIC8.
- Coreboot's wiki page on Chromebooks.
- Examples of unbricking the C720: guide, pictures.
- Example of unbricking HP Chromebox: guide
Firmware write protection
The firmware (Coreboot and its payloads) stored on a SPI chip (usually SOIC8) that some of its storage is protected from writing (mostly Coreboot).
As long as the write protection was not disabled or the protected range was not set to (0,0) any change made to the unprotected part of the firmware (mainly SeaBIOS) should be recoverable with Chrome OS recovery media.
There are two parts of the write protection: hardware and software.
Hardware write protection
The hardware write protection is an electrical circuit that when it's closed or open it prevent writing to the software protection special registers, thus the hardware write protection only protect directly these special registers but indirectly also the data in the firmware chip.
To disable the hardware write protection you may need to remove a screw, press a switch or short a jumper.
Software write protection
The software write protection are special registers which determining if the data stored in the firmware chip is protected and also holds the range of addresses of the protected data.
Understanding the Process of Disabling the Write Protection
To disable the write protection one would need to:
- Disable the hardware write protection of the special software register.
- Change the value of the special software register to disable software write protection or change the range of the protected addresses so no data will be protected (start and end at 0).
Conclusion: If we will disable the software write protection and will not enable it back, then even if we will enable the hardware write protection the firmware chip will stay unprotected.
Disabling the hardware write protection
To find the location of the hardware write-protect screw/switch/jumper and how to disable it visit the ArchWiki page for your Chromebook model (see Chromebook Models[broken link: invalid section]). If there is no information about your device on the ArchWiki then turn to Developer Information for Chrome OS Devices and Coreboot's Chromebooks page.
Disabling the software write protection
Chromium OS's flashrom
can manipulate the software write protection special registers.
- Read the status of the software write protection special registers.
# flashrom --wp-status
- Disable or enable the software write protection.
# flashrom --wp-disable
- Change software write protection addresses range.
# flashrom --wp-range 0 0
For more details on Chromium OS's flashrom
and how to obtain it, see Manually Flash Custom Firmware with flashrom
.