Chromebook

Enable developper mode

  • restart in recovery mode (ESC + REFRESH + POWER), then when it boots, CTRL + D to enter the developer mode.
  • Hit enter to turn off OS verification. It will then restart.
  • It will then wipe the chromebook and reinstall a fresh Chrome OS version.

Now and everytime after, you’ll need to do a CTRL + D to boot.

Reduce nagscreen display time

alt text

On the HP Chromebook x360 G1 the write protected switch is disabled by unplung the battery.

alt text alt text

Access Shell Console

CTRL+ALT+T
shell

Making changes to the filesystem / Mount root partition as RW

# sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification
make_dev_ssd.sh: INFO: Kernel A: no kernel boot information, ignored.
make_dev_ssd.sh: INFO: Kernel B: Disabled rootfs verification.
make_dev_ssd.sh: INFO: Backup of Kernel B is stored in: /mnt/stateful_partition/backups/kernel_B_20190214_231653.bin
make_dev_ssd.sh: INFO: Kernel B: Re-signed with developer keys successfully.
make_dev_ssd.sh: INFO: Successfully re-signed 1 of 2 kernel(s)  on device /dev/mmcblk1.
# mount |grep root
/opt/google/containers/android/system.raw.img on /opt/google/containers/android/rootfs/root type squashfs (ro,nosuid,nodev,noexec,relatime,seclabel)
/usr/share/mount-passthrough/rootfs.squashfs on /opt/google/containers/arc-removable-media/mountpoints/container-root type squashfs (ro,nosuid,noexec,relatime,seclabel)
/opt/google/containers/arc-sdcard/rootfs.squashfs on /opt/google/containers/arc-sdcard/mountpoints/container-root type squashfs (ro,nosuid,noexec,relatime,seclabel)
/opt/google/containers/arc-obb-mounter/rootfs.squashfs on /opt/google/containers/arc-obb-mounter/mountpoints/container-root type squashfs (ro,nosuid,noexec,relatime,seclabel)
/dev/mmcblk1p1 on /home/root/fb677ca1e148f1a08fb1d144f3b9891bceea247f type ext4 (rw,nosuid,nodev,noexec,noatime,seclabel,commit=600,data=ordered)
/dev/mmcblk1p1 on /opt/google/containers/android/rootfs/android-data type ext4 (rw,nosuid,nodev,noexec,noatime,seclabel,commit=600,data=ordered)

Enable SSH

Generate Server key (on chromebook side):

$ mkdir -p /mnt/stateful_partition/etc/ssh
$ ssh-keygen -f /mnt/stateful_partition/etc/ssh/ssh_host_dsa_key -N '' -t dsa
$ ssh-keygen -f /mnt/stateful_partition/etc/ssh/ssh_host_rsa_key -N '' -t rsa
$ ssh-keygen -f /mnt/stateful_partition/etc/ssh/ssh_host_ed25519_key -N '' -t rsa

Generate Client key:

~/.ssh# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/me/.ssh/id_rsa): chromebookRSA
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in chromebookRSA.
Your public key has been saved in chromebookRSA.pub.
The key fingerprint is:
SHA256:AAAAAAAABYhzRvs57F3S++8fGBZTx1cX71iUg5B/fbU me@you
The key's randomart image is:
+---[RSA 2048]----+
|   oooo.   .o .+O|
+----[SHA256]-----+

Install client public key on chromebook

Enable HTTP Server on client :

~/.ssh# sudo python -m SimpleHTTPServer 80
Serving HTTP on 0.0.0.0 port 80 ...

Install key on chromebook:

/usr/share/chromeos-ssh-config/keys# curl -LO http://x.x.x.x/chromebookRSA.pub
/usr/share/chromeos-ssh-config/keys# cat chromebookRSA.pub >>authorized_keys

Open firewall and start sshd (must be done on every boot).

$ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
$ /usr/sbin/sshd \
    -oAuthorizedKeysFile=/usr/share/chromeos-ssh-config/keys/authorized_keys

The SSH service will not start on boot to make life easier, create runSSH.sh in /root (invoke via bash runSSH.sh)

#!/bin/bash
#
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
/usr/sbin/sshd   -oAuthorizedKeysFile=/usr/share/chromeos-ssh-config/keys/authorized_keys

Remote debugging via ADB

# adb connect 192.168.2.41
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
connected to 192.168.2.41:5555

# adb devices
List of devices attached
192.168.2.41:5555 device

# adb shell

127|snappy_cheets:/ $ logcat
--------- beginning of main
02-14 23:22:08.433     4     4 W auditd  : type=2000 audit(0.0:1): initialized

Enabling Managed Profile in Android in Chrome OS

(needed to install island)

Remove the word “unavailable” from following lines in :

/opt/google/containers/android/rootfs/root/system/etc/permissions/cheets.xml

<unavailable-feature name="android.software.device_admin" />
<unavailable-feature name="android.software.managed_users" />

becomes

<feature name="android.software.device_admin" />
<feature name="android.software.managed_users" />