Chromebook Kip recovering with dev image
1,721 views
Skip to first unread message
Alexandre Croteau
Mar 9, 2016, 9:07:37 PM3/9/16
to Chromium OS dev
Hello,
I have a HP 11 G/ Kip chromebook on which chrome os is removed. I first installed Lubuntu on it, but now that I've flashed stock firmware, it simply refuses any USB I plug on it! I've tried a few USBs (not sandisk), not working on either stock or custom dev signed builds. Any idea?
Here are the flags on TAB at boot:
HWID: KIP C5L-G4M-T3I-A25 DEV039recovery_reason: 0x5b No bootable kernel found on diskVbSD.flags: 0x00000c50ogle_Kip.5216.227.25VbNv.raw: 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20dev_boot_usb: 0dev_boot_legacy: 0dev_boot_signed_only: 0TPM: fwver=0x00190002 kernver = 0x00020001gbb.flags: 0x00000039gbb_rootkey: c14bd720b70d97394257e3e826bd8f43de48d4edread-only firmware id: Google_Kip.5216.227.25active firmware id: Google_Kip.5216.227.25
Sonny Rao
Mar 9, 2016, 10:13:45 PM3/9/16
to Alexandre Croteau, Chromium OS dev
you need to recover it and then set dev_boot_usb to 1
> --
> --
> Chromium OS Developers mailing list: chromiu...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-dev?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups
> "Chromium OS dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to chromium-os-d...@chromium.org.
> --
> Chromium OS Developers mailing list: chromiu...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-dev?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups
> "Chromium OS dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to chromium-os-d...@chromium.org.
Sonny Rao
Mar 10, 2016, 1:34:00 PM3/10/16
to Alexandre Croteau, Chromium OS dev
Did you change your firmware to use developer keys instead of the
pre-existing keys? That would cause this problem.
If you did then you just need to make (or obtain) a developer key
signed image of any sort (doesn't need to be recovery) and it should
boot.
Also, I wonder if recovery fails because the TPM version isn't
matching what we expect:
TPM: fwver=0x00190002
I would need to look at another Kip system to know what it should be.
On Thu, Mar 10, 2016 at 4:18 AM, Alexandre Croteau <280...@etude.ca> wrote:
> That's the problem. I simply can't recover it with any chrome os recovery
> USB, it simply says: This device does not contain Chrome OS when I plug in a
> USB (tried five different and downloaded three times to be sure)!
pre-existing keys? That would cause this problem.
If you did then you just need to make (or obtain) a developer key
signed image of any sort (doesn't need to be recovery) and it should
boot.
Also, I wonder if recovery fails because the TPM version isn't
matching what we expect:
TPM: fwver=0x00190002
I would need to look at another Kip system to know what it should be.
On Thu, Mar 10, 2016 at 4:18 AM, Alexandre Croteau <280...@etude.ca> wrote:
> That's the problem. I simply can't recover it with any chrome os recovery
> USB, it simply says: This device does not contain Chrome OS when I plug in a
> USB (tried five different and downloaded three times to be sure)!
Vincent Palatin
Mar 10, 2016, 1:49:02 PM3/10/16
to Sonny Rao, Alexandre Croteau, Chromium OS dev
On Thu, Mar 10, 2016 at 10:33 AM, Sonny Rao <sonn...@chromium.org> wrote:
Did you change your firmware to use developer keys instead of the
pre-existing keys? That would cause this problem.
the GBB flags have the factory default value rather than the normal 0
gbb.flags: 0x00000039
So the machine has probably been un-Write-protected and maybe the RO firmware has been re-flashed.
Alexandre Croteau
Mar 10, 2016, 2:49:19 PM3/10/16
to Chromium OS dev
Yes I removed write protection screw and I did use a custom firmware. But What I can't figure out is if I can use a prebuilt Chromium OS as source is taking forever to download on my network...
Julius Werner
Mar 10, 2016, 9:49:50 PM3/10/16
to Alexandre Croteau, Chromium OS dev
> HWID: KIP C5L-G4M-T3I-A25 DEV039
> recovery_reason: 0x5b No bootable kernel found on disk
> VbSD.flags: 0x00000c50ogle_Kip.5216.227.25
> VbNv.raw: 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20
> dev_boot_usb: 0
> dev_boot_legacy: 0
> dev_boot_signed_only: 0
> TPM: fwver=0x00190002 kernver = 0x00020001
> gbb.flags: 0x00000039
> gbb_rootkey: c14bd720b70d97394257e3e826bd8f43de48d4ed
> read-only firmware id: Google_Kip.5216.227.25
> active firmware id: Google_Kip.5216.227.25
This is missing a line, there should also be a gbb.recovery_key. I
> recovery_reason: 0x5b No bootable kernel found on disk
> VbSD.flags: 0x00000c50ogle_Kip.5216.227.25
> VbNv.raw: 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20
> dev_boot_usb: 0
> dev_boot_legacy: 0
> dev_boot_signed_only: 0
> TPM: fwver=0x00190002 kernver = 0x00020001
> gbb.flags: 0x00000039
> gbb_rootkey: c14bd720b70d97394257e3e826bd8f43de48d4ed
> read-only firmware id: Google_Kip.5216.227.25
> active firmware id: Google_Kip.5216.227.25
guess you missed that when copying? It also looks like you slipped in
the line, because that is actually the recovery key (not root key) for
our developer firmware keyset.
So, the good news is that you can recover your system by just
resigning an official Kip recovery image with developer keys. It's a
little complicated so I just did that for you. Download the official
recovery image from
https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_7647.84.0_kip_recovery_stable-channel_mp-v2.bin.zip
unzip it, then unzip the attached file and overwrite the right
partition in the image with it by doing
dd if=kip_recovery_devsigned_kern.A.bin
of=chromeos_7647.84.0_kip_recovery_stable-channel_mp-v2.bin seek=20480
count=32768 conv=notrunc
Then put that image on a USB stick and try booting it. It should run
the recovery, and since your write-protect screw is out it should
reflash RO+RW firmware back to the official Kip image. (Of course the
usual disclaimer: I think this will work, I didn't test it, use at
your own risk, removing the write-protect screw always puts your
device at risk, yada yada.)
Charlie Huang
Oct 20, 2017, 7:51:23 AM10/20/17
to Chromium OS dev, 280...@etude.ca
Hi,Julius
I'm having exactly the same situation for my Lenovo N23 yoga chromebook( code name: hana)
I've tried many ways to find the right recovery image for the situation, but failed.
Now I may need the recovery image to be dev signed, could you please make the same file for me?
I've downloaded the offical image, but don't know how to modify it.
Julius Werner
Oct 20, 2017, 7:24:14 PM10/20/17
to Charlie Huang, Chromium OS dev, Alexandre Croteau
Hi Charlie,
Sorry, I'm sure you understand that I can't be the guy signing
everyone's images by hand. But I can write down how to do it:
1. Use the Chrome OS recovery tool to create an official recovery USB
stick for your board (e.g. Hana).
2. Insert it into a Linux machine that has the Chromium OS SDK
installed. I'm going to assume you have the USB stick under /dev/sdc,
if not adjust the command line below.
3. Enter the Chromium OS SDK (with cros_sdk). This should put you in a
chroot where /usr/share/vboot/devkeys is available. (You may need to
run 'sudo emerge vboot_reference' once to make sure it's there.)
4. Run: sudo vbutil_kernel --repack /dev/sdc2 --keyblock
/usr/share/vboot/devkeys/recovery_kernel.keyblock --signprivate
/usr/share/vboot/devkeys/recovery_kernel_data_key.vbprivk --oldblob
/dev/sdc2
5. Unplug the USB stick, plug it into your Chromebook, and press
Esc+Refresh+Power to start recovery.
Sorry, I'm sure you understand that I can't be the guy signing
everyone's images by hand. But I can write down how to do it:
1. Use the Chrome OS recovery tool to create an official recovery USB
stick for your board (e.g. Hana).
2. Insert it into a Linux machine that has the Chromium OS SDK
installed. I'm going to assume you have the USB stick under /dev/sdc,
if not adjust the command line below.
3. Enter the Chromium OS SDK (with cros_sdk). This should put you in a
chroot where /usr/share/vboot/devkeys is available. (You may need to
run 'sudo emerge vboot_reference' once to make sure it's there.)
4. Run: sudo vbutil_kernel --repack /dev/sdc2 --keyblock
/usr/share/vboot/devkeys/recovery_kernel.keyblock --signprivate
/usr/share/vboot/devkeys/recovery_kernel_data_key.vbprivk --oldblob
/dev/sdc2
5. Unplug the USB stick, plug it into your Chromebook, and press
Esc+Refresh+Power to start recovery.
Julius Werner
Oct 25, 2017, 7:28:44 PM10/25/17
to Charlie Huang, Chromium OS dev
On Wed, Oct 25, 2017 at 12:02 PM, Charlie Huang <huan....@gmail.com> wrote:
> Hi,Julius.
>
> I've done the re sign as you instructed, but still not working. Do I have to
> at least build once the firmware for my board inside chroot? Or I just
> deploy the crotsdk, and then re sign the recovery image. And Hana is one of
> the latest board, does it still use the same boot loader as before?
> Thanks a lot for ur help.
You are resigning the official recovery image to use developer keys.
You don't need to build any code for this, just resign the official
image you can download. (In fact, your main problem is that you can't
update the firmware directly because you can't boot anything at the
moment... right?) Hana uses newer firmware than Kip, but the basics
about how recovery images are signed have never changed in Chrome OS
history and still apply just as well.
If this doesn't work, confirm that the problem you're seeing is
actually the same as the one from the thread you originally responded
to. When you boot in recovery mode and press TAB, you should see a
line "gbb.recovery_key: c14bd720b70d97394257e3e826bd8f43de48d4ed". Do
you see that (with exactly that hash)? Also, what exactly do you mean
when you say "not working"... when you put your modified recovery
image into the Chromebook does it say "this device does not contain
Chrome OS"?
You can double-check that you did all the resigning correctly by
pasting the output of:
sudo futility show /dev/sdc2 -k /usr/share/vboot/devkeys/recovery_key.vbpubk
(It should say things like "Signature: valid", "Body verification
succeeded" and show a whole kernel command line.)
> Hi,Julius.
>
> I've done the re sign as you instructed, but still not working. Do I have to
> at least build once the firmware for my board inside chroot? Or I just
> deploy the crotsdk, and then re sign the recovery image. And Hana is one of
> the latest board, does it still use the same boot loader as before?
> Thanks a lot for ur help.
You are resigning the official recovery image to use developer keys.
You don't need to build any code for this, just resign the official
image you can download. (In fact, your main problem is that you can't
update the firmware directly because you can't boot anything at the
moment... right?) Hana uses newer firmware than Kip, but the basics
about how recovery images are signed have never changed in Chrome OS
history and still apply just as well.
If this doesn't work, confirm that the problem you're seeing is
actually the same as the one from the thread you originally responded
to. When you boot in recovery mode and press TAB, you should see a
line "gbb.recovery_key: c14bd720b70d97394257e3e826bd8f43de48d4ed". Do
you see that (with exactly that hash)? Also, what exactly do you mean
when you say "not working"... when you put your modified recovery
image into the Chromebook does it say "this device does not contain
Chrome OS"?
You can double-check that you did all the resigning correctly by
pasting the output of:
sudo futility show /dev/sdc2 -k /usr/share/vboot/devkeys/recovery_key.vbpubk
(It should say things like "Signature: valid", "Body verification
succeeded" and show a whole kernel command line.)
Julius Werner
Oct 26, 2017, 3:58:13 PM10/26/17
to Charlie Huang, Chromium OS dev
This is a pre-release key that should not have made its way to
customers. Where did you get this device? What did you install on it
and where did you get the binaries for that from? (I can also see that
your device is not write protected. Have you opened it up and removed
the write-protect screw or did you get it like that?)
On Wed, Oct 25, 2017 at 11:19 PM, Charlie Huang <huan....@gmail.com> wrote:
> Thank you so much for your time! :)
> the hash is different,
> the TAB is showing the following:
> HWID: HANA C2A-C2F-A6A-A2Q-A9X
> VbSD.flags: 0x0003dc14
> VbNv.raw: 60 10 00 00 00 02 00 00 00 00 00 00 00 00 00 eb
> dev_boot_usb: 0
> dev_boot_legacy: 0
> dev_default_boot: 0
> dev_boot_signed_only: 0
> dev_boot_fastboot_full_cap: 0
> TPM: fwver=0x00010001 kerver=0x00010001
> gbb.flags: 0x00000000
> gbb.rootkey: 7c20360d63e82265753e2d3c962737036ef78fdb
> gbb.recovery_key: 357cdf1ea9e4982bac51db79c41be73235d2f469
> read-only firmware id: Google_Hana.8438.47.0
> active firmware id: Google_Hana.8438.47.0
>
> it's still showing "this device does not contain Chrome OS"
>
> i'm pretty sure it was in dev firmware somehow
>
> Thanks again for your help :)
customers. Where did you get this device? What did you install on it
and where did you get the binaries for that from? (I can also see that
your device is not write protected. Have you opened it up and removed
the write-protect screw or did you get it like that?)
On Wed, Oct 25, 2017 at 11:19 PM, Charlie Huang <huan....@gmail.com> wrote:
> Thank you so much for your time! :)
> the hash is different,
> the TAB is showing the following:
> HWID: HANA C2A-C2F-A6A-A2Q-A9X
> VbSD.flags: 0x0003dc14
> VbNv.raw: 60 10 00 00 00 02 00 00 00 00 00 00 00 00 00 eb
> dev_boot_usb: 0
> dev_boot_legacy: 0
> dev_default_boot: 0
> dev_boot_signed_only: 0
> dev_boot_fastboot_full_cap: 0
> TPM: fwver=0x00010001 kerver=0x00010001
> gbb.flags: 0x00000000
> gbb.rootkey: 7c20360d63e82265753e2d3c962737036ef78fdb
> gbb.recovery_key: 357cdf1ea9e4982bac51db79c41be73235d2f469
> read-only firmware id: Google_Hana.8438.47.0
> active firmware id: Google_Hana.8438.47.0
>
> it's still showing "this device does not contain Chrome OS"
>
> i'm pretty sure it was in dev firmware somehow
>
> Thanks again for your help :)
Mario
Nov 30, 2017, 7:40:04 AM11/30/17
to Chromium OS dev, 280...@etude.ca
Hi!
I have nearly the same problem. I`m able to boot from recovery stick, but after the first successfull reboot i stuck in the "chrome os missing or damaged" screen. That happens on 5 Systems [Chromebook Pixel -- LINK]. That is curioius. I have wiped [ wiped with erasure software under linux ] the ssd, maybe there is the problem?
I have nearly the same problem. I`m able to boot from recovery stick, but after the first successfull reboot i stuck in the "chrome os missing or damaged" screen. That happens on 5 Systems [Chromebook Pixel -- LINK]. That is curioius. I have wiped [ wiped with erasure software under linux ] the ssd, maybe there is the problem?
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages