Wanted. Chromebook without ChromeOS

Story: 4 things you (probably) didn't know you can do with Chrome for LinuxTotal Replies: 49
Author Content
ljmp

Mar 06, 2015
7:28 PM EDT
If Chromebook didn't run Chrome OS, I wouldn't need to 'find' new applications to replace the ones I know and love and use daily on my GNU/Linux desktop.
penguinist

Mar 06, 2015
10:03 PM EDT
ljmp, a lot of us are using Chromebooks with Fedora or Ubuntu installed on them.

Good inexpensive hardware and the best software. Perfect combination.
ljmp

Mar 06, 2015
10:19 PM EDT
True, but wouldn't it just be great to not need to 'break' the lightweight notebook or smartphone before being able to use it.
jdixon

Mar 06, 2015
10:25 PM EDT
Absolutely, ljmp. But that doesn't seem to be an option. :(
Ridcully

Mar 06, 2015
10:34 PM EDT
Penguinist, how much RAM and "hdd memory" does a Chromebook have ? And is it simple to overwrite the "hdd memory" with Ubuntu ? I haven't been keeping up with these things, but I have seen Chromebooks locally and I did like what I saw.
jdixon

Mar 06, 2015
10:55 PM EDT
> ....how much RAM and "hdd memory" does a Chromebook have ?

Varies depending on the model. The low end ones come with 2GB and 16GB SSD's. The higher end ones have 4GB or even 8GB of memory and larger SSD's, or in a few cases (I believe) standard hard drives.

You can check out most models on Amazon:

http://www.amazon.com/s/ref=nb_sb_noss?url=node %3D2858603011&field-keywords=chromebooks

Though that doesn't include the Chromebook Pixel.

> And is it simple to overwrite the "hdd memory" with Ubuntu ?

No. There's nothing simple about reloading a Chromebook. :( I'll try to find a link or two to the process and update the post later.

OK. As far as I can tell, it seems there are three primary ways to run Linux on a Chromebook. The full install method, which is discussed at the following locations for Arch and Slackware:

https://wiki.archlinux.org/index.php/Chromebook http://navigium.motd.org/installing-slackware64-14-1-on-a-ac...

The install method and the Chrubuntu script dual boot method are both discussed at:

http://www.linux.com/learn/tutorials/764181-how-to-install-l...

And finally the Chrouton method, which seems to run the Linux installation as a chroot environment under the ChromeOS:

http://www.linux.com/learn/tutorials/795730-how-to-easily-in...

None of them are for the faint of heart. There are rumors that ChromeOS may eventually support simply booting from a USB or SD card in legacy mode, but don't hold your beath waiting.
penguinist

Mar 07, 2015
10:43 AM EDT
Ridcully, since you asked I'll be happy to tell about my Chromebook story.

Being very privacy oriented, I wanted to drive my HDTV with a media box that I fully controlled, not using one of those closed boxes where the vendor gives themselves access, makes all your decisions for you and logs all your activities. So, I noticed that the Acer Chromebook C7 had an HDMI output that supported 1080p and I was able to find a reconditioned unit for $125 so the price was right.

The C7 comes in different configurations, mine came with 10GB of ssd 'disk', 2GB memory, two core Celeron @1.1GHz, and plenty of USB ports into which I plugged in a 4TB external drive. It turned out that this was more than enough "horsepower" to play movies and music.

Regarding installation, I agree with jdixon, it was not a walk in the park. Fortunately I was able to find this installation script that thankfully worked out many of the details. In my case I installed Fedora on it since I'm most proficient administering systems with redhat distros, but there are also some installation scripts out there for Ubuntu if that would be your preference.

That installation script brings you up into an LXDE desktop, but in Fedora it is really easy to yum install your favorite desktop which in my case is XFCE.

After that I added a few custom tweaks of my own. Since this media box was going to be unattended laying on the shelf, I added a password-less bootup, and VNC sharing of the X11 screen between the HDMI TV and the ultrabook that is seldom more than an arms length away from me. That shared screen is incredibly nice. It's like having the HDTV screen "projected" onto my ultrabook, so I can control it remotely as if it were a computer rather than having to mash buttons on a remote control. I can't overstate just how useful and convenient this remote control technique is.

All in all, this is a powerful "media box" for $125 and my privacy is secure.

Now I'm waiting for a Chromebook to come out that supports 4K 2160p on its HDMI port. When that happens, I'll be upgrading everything to 4K.
ljmp

Mar 07, 2015
11:03 AM EDT
@penguinist:

What kind of things do you present on the HDTV? You mention movies and music. However, with the connection you've described, you could also easily use it to display "Impress" presentations or easy to navigate Internet -- kind of like a DYI 'smart board', very nice...

For my intranet movies and music, I use an old PC hardwired into my network running minidlna which is compatible with nearly all 'smart' media products that include the dlna logo on the box. It works great for me.
penguinist

Mar 07, 2015
11:18 AM EDT
You are exactly correct, ljmp, our HDTV is basically running as a fully capable computing system, not just a display device for TV shows.

For example, while watching a movie, we can bring up a browser over in the corner to check the current weather situation, present slide shows of family photos to groups of visiting friends and relatives, read and reply to emails, catch up on the latest LXer news, and the list goes on.

I also use this setup to display security cameras (running on Raspberry Pi wifi hardware).
seatex

Mar 07, 2015
1:12 PM EDT
I built a 2GHz AMD Kabini Quad-Core Mini box, running Linux Mint 17.1 Cinnamon. It has built-in Radeon R3 graphics, 8GB 1600 MHz memory, a 1TB 2.5" hard drive and only consumes about 35 watts max. We use a Logitech wireless keyboard with built-in trackpad. We use it for Netflix, Hulu, Youtube, group web browsing, Google Earth, etc. My wife absolutely loves it.

Jeff91

Mar 07, 2015
11:32 PM EDT
Can't recommend the Acer C720 enough. Runs Linux great and upgrading the SSD is super easy if you want to.
Ridcully

Mar 08, 2015
6:12 AM EDT
@jdixon and penguinist.......Thankyou, both of you. At this stage, I think I'll give it a miss. A Chromebook seems to be built so that it is Chrome OS, and very difficult for a non-tech to alter. I know my limitations. I'll stick with a conventional laptop. But thanks muchly for all the information. Most appreciated.
Jeff91

Mar 08, 2015
10:22 AM EDT
If you are technically capable enough to install your own operating system on any computer you are more than capable of installing Linux on an Acer C720/other SeaBIOS Chromebook.
ljmp

Mar 08, 2015
11:34 AM EDT
@Jeff91:

For me it's not the technical details that typically prevent me for installing GNU/Linux on everything. Generally it's the cost of the hardware and the very real risk of bricking the hardware in a non-recoverable way. I've probably spent thousands of my own dollars over the years on items that I've bricked in my quest to get computing hardware/software/firmware 'the way I want it'

I just don't want spend any more on fancy looking electronic bricks. That's why I'm rooting for [pun intended of course] FFOS or, even better, Tizen. What I really want is easy, sure, secure access to the applications I need...

  • ssh
  • cups
  • libreoffice
  • pluma... not that horrid gedit interface


And that's about it... The difficulty and sheer complexity of trying to effectively install and use these four applications on anything other than a full-up *nix install is just simply incredible -- and still true even if you remove libreoffice from the list.

That's not to say that a Chromebook isn't a good option for hacking in a full *nix install... just complaining about what seems to me to be an unnecessarily complex method for using good FOSS-ware instead of the Ad-ware that fills most 'app' stores.
CFWhitman

Mar 09, 2015
9:22 AM EDT
I have a hacked Chromebook (not that it's that hard to hack, since it's a SeaBIOS based model). I do love how long the battery lasts, and it feels like a reasonably powerful machine. Of course, the troublesome part about the modifications that I performed was the hardware part of it. My Chromebook is an HP Chromebook 14, and taking it apart, though not really that difficult, is not as straightforward as some other Chromebook models. I took it apart to replace the 16GB NGFF drive with a 128GB one and to remove the hardware write-protect screw for the BIOS so that I could reset it to boot to SeaBIOS by default.

The advantage to replacing the internal SSD with a larger one is obvious. However, it was after the Chromebook suddenly decided that it would not boot to SeaBIOS and I had an unusable system that I decided to take it apart again and remove the write-protect screw (the first time I took it apart the information about changing the default BIOS settings had not yet surfaced). In order to make the system usable again, I had to wipe the drive and re-install ChromeOS. I read that if you changed the default boot to SeaBIOS the computer was much less likely to spontaneously start booting to the regular Chromebook BIOS again. I hope that works out because the machine can be very convenient.

If the trouble of a repurposed Chromebook doesn't thrill you, then there are some alternatives now. Some of the Windows 8 machines that were released to try to compete with Chromebooks actually work very well with Linux. They often don't seem to have as long battery life though. My brother's cheap Windows 8 laptop that he purchased at the end of 2013 was very easy to install Linux on with all the hardware working that I tested before returning it to him, including the touchscreen, with no further effort on my part. Also there is the ASUS UX303 ultrabook that gives you Chromebook like features, but also includes more RAM, a nicer screen, a bigger SSD, and a nicer case, but at the cost of seven or eight hundred dollars US (I've considered one of these myself). Of course, with these alternatives you end up getting a Windows license that you may not have much use for.
Jeff91

Mar 09, 2015
12:11 PM EDT
ljmp you seem to be pretty uninformed on the topic. Like CFWhitman said - installing Linux on a SeaBIOS chromebook is not any more of a "hack" than removing Windows for any other laptop and installing Linux is.

You can't "brick" the hardware via software to a point where you can't reflash it back to factory settings.
ljmp

Mar 09, 2015
1:34 PM EDT
@Jeff91:

You are correct. I have not purchased a Chromebook, nor attempted to install anything on a Chromebook.

However, my [probably quite out-dated] living memory bank recalls the following steps:
  1. Put Chromebook in developer mode
  2. Update BIOS
  3. Download GNU/Linux install script from http address
  4. Install and go
If this is still [or was ever] somewhat 'how to do this', then there are significant non-trivial security issues with the process. Also, my understanding is that you need to 'flash' the BIOS ROM in order to install SeaBIOS. There are a large number of possible failures that could definitely brick the BIOS ROM chip, and thus the Chromebook. Again, I'm not saying "don't do it - 'cause it's just too scary' ... I'm saying, it would be great if it didn't need to be done at all. It's also worth noting that, at any time in the future, Google could change chipsets or modify the hardware in various ways to make installation of other OSes nearly impossible.

However, no - I haven't tried to do anything with a Chromebook myself - and I'm unlikely to do so in the future. I'll just wait for the FFOS-book. Unfortunately, whenever it does appear on the market, I'll probably need to go to Pakistan to purchase one.
Jeff91

Mar 09, 2015
3:58 PM EDT
That process isn't correct for SeaBIOS Chromebooks. You do not have to "flash" anything, you just have to enabled the feature that is already there by default. You simply enable the SeaBIOS, turn on support for USB booting and then boot a live USB drive and install the OS.

Again, not any less secure or different than installing on a system that comes with Windows.

You really shouldn't comment on things like this without doing a little bit of search first. A quick Google search would have let you know you are incorrect.
BernardSwiss

Mar 09, 2015
7:42 PM EDT
Not to start an argument, here -- but really; ljmp's misunderstanding strikes me as a perfectly natural and understandable one, and one very easily made by someone with a little experience, but not entirely up to date. (In fact, I'm sure I could easily have made the same assumption, myself).
ljmp

Mar 09, 2015
9:16 PM EDT
@Jeff91, @BernadSwiss:

OK... I suppose I'll need to fork over the $269.99 USD on Newegg and *make sure* I permanently brick it. I suppose the use of a surface mount heat gun is not allowed to claim 'bricking victory.' What the heck - I've bricked more expensive things in the recent past... usually ends in: Aww - ****!

http://www.newegg.com/Product/Product.aspx?Item=N82E16834314406

And for an interesting read...

http://dhanus.mit.edu/docs/ChromeOSSecurity.pdf
BernardSwiss

Mar 09, 2015
11:00 PM EDT
I remember how it felt when I couldn't install my expensive new 40 GB harddrive, on my first very own computer, when the 8 GB drive just wasn't big enough, anymore. Turned out that for my digital lifeline to be able to even recognize a drive over 32 GB, I was going have to flash/upgrade the BIOS -- from a floppy disk... Yes, that did indeed make me feel distinctly anxious.
Jeff91

Mar 10, 2015
1:10 AM EDT
@ljmp

I feel like you keep ignoring what I'm saying. You can't brick the hardware by simply enabling the SeaBIOS+USB booting.

@BernardSwiss the argument is basically the same thing as me saying:

"I can't install Linux on a Windows machine because I've never tried it myself."

Ignoring the fact that a quick search would easily tell me otherwise.
jdixon

Mar 10, 2015
8:34 AM EDT
> Ignoring the fact that a quick search would easily tell me otherwise.

All of the "quick searches" I've done indicate it's a far more involved process than that, Jeff91. Now, those results are probably out of date, but it would be easy to conclude that it's an extremely difficult process if you didn't check carefully.

And everything I've seen indicates the exact procedure is very much dependent on the model of Chromebook your purchase.
penguinist

Mar 10, 2015
9:05 AM EDT
I can see a HowTo from Jeff91 in the near future. :)

My personal experience from installing Linux on two Acer C7 machines is that the process is more involved than installing Linux on a bare machine. In my case, it was necessary to put the machine into developer mode, and there was no need to reflash the bios.

One upside was that it did seem that google did a good job in implementing a recovery strategy. From what I saw, it should be difficult to brick one of these devices. If you fail on the first attempt, just boot the machine back to ChromeOS and try again.
ljmp

Mar 10, 2015
9:35 AM EDT
You can brick the hardware through software. You are mistaken in that technical point. It happens all the time with various devices. A good example is hard drive bricking from the Linux kernel driver. Of course, you could argue that the problematic software was messing with the firmware -- but that's a bit of a stretch in attempting to differentiate the connection between the two. The point is: If you are using the Chromebook in developer mode and something goes wrong ... for example... the manufacturer switched chipsets half-way through the run -- you may have an un-fixable problem.

I've done plenty of hardware hacking, and have written my own middleware to various components on consumer device hardware. But it's always half-baked reverse engineering, since the manufacturers don't want you messing with things to begin with... However, maybe Chrome OS and hardware is a bit different in this way. The broader question of Chromebooks is this:

Can Google or the manufacturer remotely rewrite your system even if you've 'installed' a new OS?

and the answer is: Yes, using the crypto certificates located in the non-writeable portion of BIOS.

Which means, while you have the ability to run what you want today - that can be taken away from you tomorrow - without notice or recourse. Think 'Sony Playstation.' Why would Google do that? It doesn't really matter why... they can do it... and that what matters. All things, considered there are very good reasons to lobby the market for FFOS instead.
CFWhitman

Mar 10, 2015
9:54 AM EDT
Well, I'm definitely not trying to persuade you that you really should use a Chromebook. I'm also not going to say that it's not more trouble to put Linux on a Chromebook, because it definitely is (though being more difficult and being more trouble are not exactly the same thing; I don't know that I would say it's more difficult).

A rundown on a SeaBIOS machine for dumping ChromeOS and just using Linux:

Switch the machine to development mode.

Enable SeaBIOS as an alternative boot. This involves using the command line from ChromeOS.

Get a Linux image you want to use.

Make that image bootable on a USB drive (or use a USB optical drive).

Boot from the USB drive and install Linux normally.

There are a couple of things to be aware of:

Most distributions will not work without modification on a Chromebook because they lack drivers for the touchpad. You can fix this by adding drivers yourself or compiling a newer kernel, or you can use a distribution aimed at Chromebooks where someone else has done this for you, like Jeff's Bodhi image for Chromebooks or one of Hugegreenbug's images on Distroshare for example. If you use a distribution with a very new kernel, you may not have to do this for it to work. However, you will most likely have to apply a number of tweaks to get everything to work right, and many of these tweaks will already be done on a distribution aimed at Chromebooks.

If you do this and boot into your Linux distribution using Ctrl+l, then you run a risk of what happened to me. It's possible that one day your Chromebook will just decide that it is going to boot to the regular Chromebook firmware instead of SeaBIOS, and the only way to fix it will be to recover ChromeOS (you can download a bootable USB image from Google) and start over again. This is more likely if you run the battery dead (though I didn't do that). Apparently the risk is greatly reduced if you change SeaBIOS to be the default boot firmware. To do this you have to add a couple of steps to what I posted above.

You have to find and remove any hardware write protection for the firmware, usually by partially disassembling the machine and removing a write-protect screw.

After you set the machine to boot to SeaBIOS, you have to turn off software write protection and change settings flags in the BIOS before turning software write protection back on. This is all using the command line and is considered a bit more risky (i.e., more important not to make a mistake) than if you never turn off write protection. However, according to what I've read you can still recover your machine using a Google ChromeOS recovery image even if you make a mistake here (I didn't make a mistake, so I can't verify this).

Of course, you ostensibly can dual boot ChromeOS and Linux which leaves a way to re-enable SeaBIOS if it spontaneously flips back to the default boot only, or you can run Linux in a container on ChromeOS. I haven't done these things, so I don't know what to expect from them.
CFWhitman

Mar 10, 2015
10:11 AM EDT
ljmp wrote:Can Google or the manufacturer remotely rewrite your system even if you've 'installed' a new OS?

and the answer is: Yes, using the crypto certificates located in the non-writeable portion of BIOS.


I'm pretty sure that even the default Chrome BIOS doesn't have network access without the operating system running, i.e. there is no way to drive the network card without the kernel and driver modules for the card loaded. I would be very surprised if Google could do anything remotely to a Chromebook where ChromeOS has been completely removed, though I suppose you could argue that it's possible if you were to visit the wrong Web site from Linux. Of course, they could do things to a Chromebook that ever gets booted to ChromeOS.

Of course, you can argue that it's possible even if we aren't aware of any BIOS drivers for the network card, but to that extent, it's just as possible with any device with built-in network capabilities, even a conventional laptop. If you want to be really paranoid, you have to build your computer from scratch.
ljmp

Mar 10, 2015
10:41 AM EDT
Quoting:If you want to be really paranoid, you have to build your computer from scratch.


I am and I do - as much as is possible. I watched with dismay at the demise of the FOSS video card, Open Graphics Project.

Quoting:there is no way to drive the network card without the kernel and driver modules for the card loaded.


There are numerous ways to hide packets from the guest OS. Even if you're accessing the Internet from a Guest OS using lynx and running Tor as well... Google could send packets to the entire IPv4 address space requesting ACK from the pre-placed root certs on all Chromebooks - until everyone 'calls home'. The Google 'reset' packet could very easily be diverted and hidden from the non-Chrome Guest OS... you wouldn't even see it in wireshark, for example.

Note: I have no clear information on exactly how Google sets up the whole thing... just indicating that there's a huge amount of trust that needs to be placed in Google for as long as you intend to use a Chromebook -- with or without Chrome OS. This level of trust is unique to Chromebooks, and not necessarily true for other computing platforms. If I build my own machine, I need to trust many parties, but each trusted party can be locked out from other system areas.

Jeff91

Mar 10, 2015
4:49 PM EDT
Quoting:You can brick the hardware through software. You are mistaken in that technical point.


You didn't even read what I wrote. Here it is again for reference:

Quoting:You can't brick the hardware by simply enabling the SeaBIOS+USB booting.


I never said you couldn't destroy hardware via software. I said the method of getting Linux on the Chromebook doesn't have this risk.

Quoting:All of the "quick searches" I've done indicate it's a far more involved process than that, Jeff91


First page of Google searches for "Install Linux Acer C720" -> http://www.enlightenment.org/ss/e-54ff58237167f8.48552292.pn...

Most of those links detail the short process it takes to enable the normal bios and get booting. Including the very first link (meaning you'd get the right information even by just hitting "I'm feeling lucky").

Quoting:I can see a HowTo from Jeff91 in the near future. :)


Already done. You can find it on the Bodhi wiki here -> http://www.bodhilinux.com/w/chromebook-install-instructions/

It is two very short steps that are easy enough for anyone capable of installing their own operating system.



After reading the other things ljmp has written in this thread, I'm done trying to provide reasonable discourse with him. He is spewing things that are a stallman level of paranoia. Personally I'm surprised you are using a computer in which you didn't build every component by hand. This for example:

Quoting:Can Google or the manufacturer remotely rewrite your system even if you've 'installed' a new OS?

and the answer is: Yes, using the crypto certificates located in the non-writeable portion of BIOS.


Is laughably silly. How exactly are they gaining access to your computer to remotely rewrite it?
ljmp

Mar 10, 2015
5:49 PM EDT
@Jeff91:

Quoting:I never said you couldn't destroy hardware via software. I said the method of getting Linux on the Chromebook doesn't have this risk.


LiveUSB bricking of computing platform...

http://www.phoronix.com/scan.php?page=news_item&px=MTI4ODQ

Quoting:Is laughably silly. How exactly are they gaining access to your computer to remotely rewrite it?


Installation of the Etherboot coreboot module, or just a portion of it... send out a reset packet -- it only needs to be a single packet... the received code locks out the 'developer mode' and reinstalls ChromeOS from system ROM. This bypasses any and all OS interactions.

It's important to note that the SeaBIOS that you are activating sits within the Chromebook coreboot BIOS as a pluggable module. In developer mode coreboot is still fully functional. Developer mode is just redirecting which path to choose after the ME and crypto keys are loaded. So, the crypto keys are present and verified and ready to use...

Again, it's not important why Google would choose to lock out developer mode. But it could do so, and remotely without needing any permission from the Guest OS at all.

You could argue, of course, that Chromium OS is open source and Chrome OS is just Chromium OS tied to a platform... however, I don't remember reading anywhere that Chrome OS binaries - including the coreboot binaries - are publicly verifiable cryptographically verified against a particular source code.

I've already admitted to paranoia, so I take no offense at the condescending comments... but Google could act just like Sony and shut off your new shiny GNU/Linux install from afar. The only way to prevent this is to replace the BIOS chip with one that does not have the root keys installed --- or obtain Google's private key...

Jeff91

Mar 11, 2015
1:25 AM EDT
I'm just clarifying for any sane people reading this that this:

Quoting:the received code locks out the 'developer mode' and reinstalls ChromeOS from system ROM. This bypasses any and all OS interactions.


Actually isn't possible.

I'm done pointing out that your links about bricking hardware have absolutely nothing to do with SeaBIOS Chromebooks.
jdixon

Mar 11, 2015
4:44 AM EDT
> First page of Google searches for "Install Linux Acer C720" -> http://www.enlightenment.org/ss/e-54ff58237167f8.48552292.pn...

And unless they know they're going to get an Acer C720, why would they include that in their search, Jeff?

I used the more generic "installing Linux on a Chromebook". I also tried the more specific "installing Slackware on a Chromebook", since that's the distro I would probably be using.

Most of the hits involved using Crouton, not installing to the hardware.
CFWhitman

Mar 11, 2015
9:14 AM EDT
Since ChromeOS doesn't exist on system ROM, it would be hard to reinstall it from there. If you lose your ChromeOS installation for any reason, you have to download a recovery image from Google to re-install it.

The reason to search on Acer C720 is because pretty much all Chromebooks with SeaBIOS built in have an identical install procedure, and the C720 is the most popular of these. If you're getting a Chromebook with the intent to install Linux directly to hardware, I'd strongly recommend getting that type. Slackware would definitely include extra work (unless there's a pre-tweaked image of it somewhere that I've not seen) because of the drivers for the touchpad, and because of keyboard oddities on Chromebooks.
ljmp

Mar 11, 2015
12:41 PM EDT
@All:

http://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview

Quoting:Rendering pwned devices useless: We do not intend to brick devices that we believe to be hacked. If we can reliably detect this state on the client, we should just initiate an update and reboot. We could try to leverage the abuse detection and mitigation mechanisms in the Google services that people are using from their Chromium OS devices, but it seems more scalable to allow each service to continue handling these problems on its own.


Emphasis mine.

Coreboot is a low level OS fully capable of executing code, applications, initiating downloads. The user 'OS', ChromeOS, GNU/Linux, Windows, is a guest OS. Coreboot, UEFI, and company are fully capable of running all hardware on the machine.

https://brmlab.cz/_media/event/coreboot_cisl2012.pdf

Chromium / ChromeOS boot process:

http://www.chromium.org/chromium-os/chromiumos-design-docs/firmware-boot-and-recovery



Coreboot Etherboot:

http://www.coreboot.org/Etherboot

Boot and install OS from etherboot: http://www.etherboot.org/wiki/appnoted

All the pieces are there in a Chromebook to support Google remotely modifying, bricking, or installing software or firmware. The only visible missing piece is the etherboot module in the coreboot menu. But there's no technical reason to prevent ChromeOS from having the necessary pieces in place. Perhaps, the current crop of Chromebooks are not remote brickable in this way -- but there's no reason to suspect they aren't. And perhaps when Google gets tired of 'developers' installing insecure code and damaging the Chromebook brand image - Google will remotely turn off developer mode until serious developers pay a modest fee. Again, there's no reason to suspect that Google is going to do this at some time in the future - or that they have 'baked' in the necessary components with an eye to future remote recovery... but there's no way to ensure that they haven't -- and, yes, it is possible that they have.
jdixon

Mar 11, 2015
1:26 PM EDT
> The reason to search on Acer C720 is because pretty much all Chromebooks with SeaBIOS built in have an identical install procedure, and the C720 is the most popular of these....

And how would someone just doing "a quick Google search" know this?

> Slackware would definitely include extra work...

Well, duh. It's Slackware. :) Slackware users take that as a given.
Jeff91

Mar 11, 2015
4:08 PM EDT
@jdixon How do you know installing Linux will work on any hardware XYZ?

You search specifically for the particular hardware you want to install on. You don't search for "Linux Asus" and expect to find detail information about getting things working on a specific Asus model do you?

Don't hold the Chromebook to a double standard. You want to find out information about a particular Chromebook - you search for that model.
CFWhitman

Mar 11, 2015
4:58 PM EDT
@ljmp:

It's not that a lot of what you're talking about isn't possible. It's just that it's just as possible with other computers. UEFI is actually more of a complete system than Coreboot. Also, using SeaBIOS on a SeaBIOS enabled machine isn't considered a "hack" by Google. It's an option. No actual "hacks" are involved in booting a SeaBIOS enabled Chromebook directly to Linux.

The flowchart you posted doesn't include the SeaBIOS option. It's what happens assuming you're booting to the default firmware for loading ChromeOS. SeaBIOS would be in an alternate choice box right after "Power on." Still, notice that a recovery image in an SD or USB drive is required for actual ChromeOS recovery. Otherwise, assuming you don't have a good installation to boot to, you get stuck in an endless reboot loop until you power off or insert a recovery drive.

Most Chromebooks don't support Etherboot because they have no Ethernet. I don't think that most Chromeboxes support it either, even though they do have Ethernet. However, Etherboot, like similar Ethernet boot methods that have been available on a lot of hardware since the 90's, requires assistance from a DHCP and an FTP server on your local subnet in order to work. I used to use a similar scheme at my workplace to load Windows on computers with no optical drive from 1999 to sometime in the early 2000's, and the hardware I used was at least two years old when I started.

Yes, it's possible in theory to put all sorts of things into the firmware of a device (though network traffic will generally give efforts like this away). If you want to be paranoid, there's no motherboard manufacturer that is safe.
CFWhitman

Mar 11, 2015
5:09 PM EDT
jdixon wrote:And how would someone just doing "a quick Google search" know this?


I didn't mean to imply that you should know this beforehand. I was just providing the information. I'm sorry if it seemed otherwise. I would look up information for a specific model before I purchased it if I were intending to use it for Linux (as I did for the HP Chromebook 14).

It's definitely more trouble to get a Chromebook working with Linux just the way you want it than with a lot of more conventional machines, but it can be nice when it works. My Chromebook has kind of an ultrabook feel at a much lower price. Of course, you miss the aluminum or carbon fiber construction and the high resolution screen, but you get the battery life and light weight. Now I see Windows 8 computers that are reminiscent of Chromebooks (because of the success of Chromebooks no doubt), and it's possible that they would be more practical to install Linux on (though I'd definitely check them out before purchasing also).
ljmp

Mar 11, 2015
5:24 PM EDT
@CFWhitman:

Quoting:The flowchart you posted doesn't include the SeaBIOS option.


Yes it does. SeaBIOS sits in the dark blue "Load Developer Kernel" box near the center of the chart. The chart is not mine, it's directly from the Chromium website as indicated by the link above the chart. The point of the chart is that SeaBIOS is not 'replacing' the coreboot 'stuff', it's being loaded as a plug-in instead of the default plug-in. This is a significant difference. The only reason SeaBIOS is present is to enable 'developers' to load unsigned kernels.

Quoting:It's just that it's just as possible with other computers.


Sure. However, with a Chromebook there is a cryptographically locked permanent backdoor: Google's key placed in non-writable ROM space. Or at least I believe it's non-writable. Although I seem to remember reading somewhere that 'developers' can install their own keys somehow... Also, if I build my own computer from consumer hardware - I can choose particular components which allow me to install my own keys in the optional TPM.

Quoting:though network traffic will generally give efforts like this away


The network traffic can be hidden from the Guest OS, and activated passively through browsing webpages.

CFWhitman wrote:Most Chromebooks don't support Etherboot because they have no Ethernet


http://www.etherboot.org/wiki/wirelessboot

Quoting:Thanks to some work done during Summer of Code 2009, gPXE supports the 802.11 protocol for accessing Wi-Fi wireless networks.


Of course the Summer of Code is the 'Google' Summer of Code.

Again, I'm not saying that Google does, has, is going to xyz whatever... just that it's possible -- and those who claim it's categorically impossible are just plain wrong.
Jeff91

Mar 11, 2015
6:05 PM EDT
Quoting:those who claim it's categorically impossible are just plain wrong.


Stop speaking in absolutes. Something doesn't have to be "categorically impossible" to be extremely improbable.

Besides, how can Google reset my Chromebook if I have it wrapped in tinfoil?
ljmp

Mar 11, 2015
6:14 PM EDT
@Jeff91:

I didn't bring out my tinfoil hat for this party. I save that the Microsoft rants...

However, improbability is not what you claimed. You claimed impossibility...

Jeff91 wrote:Actually isn't possible.


And I refute that, hopefully well enough to convince even you that it's not impossible that Google has the ability to remotely turn off 'developer mode' regardless of the Guest OS installed.
BernardSwiss

Mar 11, 2015
6:57 PM EDT
Would that flowchart would make an interesting wallpaper?
Jeff91

Mar 11, 2015
7:28 PM EDT
Ljmp just saying that this means ANY bios you don't have full access to you better not be using.

Which is insane.
jdixon

Mar 11, 2015
8:27 PM EDT
> You search specifically for the particular hardware you want to install on.

That's the whole point of a generic search, Jeff. I don't know in advance what hardware it will work on.

I do more specific searches based on the information I find, but those aren't "quick Google searches". They're more detailed and in depth searches. There is no double standard involved.
ljmp

Mar 11, 2015
8:52 PM EDT
@Jeff91:

No, not insane - just Stallman-like freedom loving. However, isn't that one of the reasons coreboot exists to begin with? To provide computing end-users with a FOSS BIOS option?

yup...

coreboot wrote: http://www.coreboot.org/Welcome_to_coreboot

coreboot is an Open Source project aimed at replacing the proprietary BIOS (firmware) found in most computers. coreboot performs a little bit of hardware initialization and then executes additional boot logic, called a payload.


Chrome OS is almost there -- but they foobarred the last step...

I would 'improve' Google's Chromebook security structure by allowing end-users to generate and install their own keys -- sign their own kernels with those keys -- and if the user wishes to use Chrome OS, give those users a pathway by allowing them to present Google with the user's public key... This would reverse the security process, and give end users full control over their own security options. However, this is very improbable [but not impossible]

CFWhitman

Mar 12, 2015
1:19 AM EDT
ljmp wrote:Yes it does. SeaBIOS sits in the dark blue "Load Developer Kernel" box near the center of the chart. The chart is not mine, it's directly from the Chromium website as indicated by the link above the chart. The point of the chart is that SeaBIOS is not 'replacing' the coreboot 'stuff', it's being loaded as a plug-in instead of the default plug-in. This is a significant difference. The only reason SeaBIOS is present is to enable 'developers' to load unsigned kernels.


No, it doesn't. I know where the flowchart came from. You cited the source in the post. The flowchart is a flowchart for the Chromium OS firmware only (From the page: "The boot loader is only designed to load Chromium OS. We can go directly from firmware bootstrap to the kernel in the file system."). SeaBIOS is not a "Developer Kernel" it's a different firmware bootstrap. Coreboot hands off either to the Chromium/Chrome OS bootstrap or to SeaBIOS. There is an 'OS verification is turned off' warning screen before it hands off to either the Chrome OS firmware bootstrap or to the SeaBIOS firmware bootstrap. The "Scary Dev Mode screen" referred to here is another warning, something like 'Your computer is not running Chrome OS.' I've never actually seen it on my Chromebook because I've never tried to boot an alternate Chromium OS kernel.

Edit: Just for the sake of completeness the box that reads "Firmware Boot Stub" could cover everything that happens before this flowchart cares about what's happening. That is, it might include Coreboot setting up hardware (and all that entails), followed by a check to see if OS verification is turned on, including a 'no' branch that checks/waits for a decision about whether to go to SeaBIOS or whether to rejoin this branch and check if it should go into recovery. Regardless, the Chromebook firmware decides whether to boot to SeaBIOS before it decides whether to boot to recovery.

Quoting:The network traffic can be hidden from the Guest OS, and activated passively through browsing webpages.


It can theoretically be hidden from the 'guest OS', but it can't be hidden from other machines on the network.

Wireless booting requires a lot of cooperation from the user under the best of circumstances. There are few supported chipsets (which do not appear in any Chromebook I am familiar with, though I'm not familiar with the wireless hardware of nearly every Chromebook out there) and you need to supply information in real time for it to work at all. There is no practical way it could be used reliably for remote boot from the outside.
ljmp

Mar 12, 2015
10:19 AM EDT
@CFWhitman:

I believe you are incorrect in your understanding of the diagram. The SeaBIOS 'firmware' is loaded as payload from the coreboot system already running. That statement can be found in coreboot's documentation as well as Google's. The coreboot system is unmodified when the SeaBIOS payload is selected versus the U-Boot payload that would boot the ChromeOS kernel. Of course, the precise location is irrelevant beyond the order of loading -- because the coreboot system could still very easily contain code that intercepts packets off the network interface without alerting the Guest OS. There is no requirement to enable etherboot as a whole system -- just the ability to capture network data... The fact that coreboot could enable more capability than is necessary does not mean that the 'extra' code need be included to enable network packet capture and hiding. Again and Again -- I'm definitely *not* saying that Google does this - just that it is possible that Google does this.

By the way, since starting this thread, I become interested again in how it works... and found this guy's website...

https://johnlewis.ie/custom-chromebook-firmware/faq/

You'll find some really interesting reading - if you're interested... in the 'Scary Dev Mode Screen' and other fun things...
CFWhitman

Mar 12, 2015
1:44 PM EDT
ljmp wrote:The SeaBIOS 'firmware' is loaded as payload from the coreboot system already running. That statement can be found in coreboot's documentation as well as Google's. The coreboot system is unmodified when the SeaBIOS payload is selected versus the U-Boot payload that would boot the ChromeOS kernel.


This is all true. However, you seem to be proceeding under the impression that the flowchart is a flowchart for Coreboot. That is not the case. The flowchart is only covering what happens after you pick the Chrome/Chromium OS firmware payload (which is now derived from U-boot for all architectures it seems). The documentation included with the flowchart makes this pretty clear if you read it.

The place in the flowchart where it loads either "Firmware A (Setup + Boot Loader)" or "Firmware B (Setup + Boot Loader)" is it actually loading the firmware bootstrap payload, and the whole center section is the payload executing. Everything that happens before the selection of the Chrome OS firmware bootstrap payload either is not included or is covered by that second box called "Firmware Boot Stub." This flowchart is correct whether you are using a model that includes SeaBIOS or not. In fact, I'm not sure that it wouldn't still be correct for a pre-Coreboot Chromebook (that may even be what it was written for) since the only part of the process it covers is the same either way. In fact, the more I think about it, and as I look back through the documentation, the more likely it seems it was written for the pre-Coreboot models (that would explain a lot, including the lack of a mention of Coreboot anywhere in the document). There would be no pressing need to update it since it's still relevant to Coreboot models because it's only covering what happens after Coreboot chooses the Chromium/Chrome OS firmware bootstrap payload.

Edit: At this point, as I look over the whole document, including the way out of date EEPROM map, I'm convinced that this document only covers the pre-Coreboot plans for firmware, and has never received any adjustments related to the change to Coreboot.

Also, if you actually have a Chromebook/Chromebox and are familiar with what happens during boot when you do certain things, you can see the order of what occurs in this flowchart only fits with what happens after the payload for Coreboot is selected.
ljmp

Mar 12, 2015
1:50 PM EDT
@CFWhitman:

You might be correct... I still claim, that Google could pull back developer mode remotely -- obstinately so...

In any case, my curiosity is getting the better of me and I may need to run out and get a Chromebook to find out who's right.
CFWhitman

Mar 12, 2015
2:18 PM EDT
Well, I think actually removing developer mode would be like shooting themselves in the foot since that is what allows developers to reliably create new Chrome OS applications. However, if they wanted to remove the ability to boot to SeaBIOS instead of the Chrome OS firmware, the most effective way would probably be, first, stop putting this on new models, and second, update all the recovery images that they host so that they update the Chromebook firmware without this feature.

It really is rather flexible of them, and not something they needed to do, to make SeaBIOS an option on these machines. Of course, they know that this makes them much more appealing for developers, and it also makes alternative firmwares from third parties not nearly as necessary, which helps avoid problems with people bricking their Chromebooks.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!