Chromium OS on Pixel C

1,446 views
Skip to first unread message

Brandon Golway

unread,
May 30, 2016, 3:13:10 PM5/30/16
to Chromium OS discuss
Myself and a few other guys over at XDA are trying to figure out what is necessary to boot ChromiumOS up on the Pixel C since it was supposed to be a Chromebook anyway and is already setup for it. The boot image for Android is already a ChromeOS boot image and the bootloader shouldn't need to be modified since the primary payload is a ChromeOS boot image, so theoretically the only thing that needs to be modified is the partition table. Our primary kernel dev was told by a Pixel C dev that the "developer switch" is behind the front camera flex and you would need to remove the screen to get access to it. This arose when we were trying to root the Pixel C and flashing SuperSU via TWRP caused the bootloader to relock the partitions as read-only, even though all fastboot commands were still available, we were given a tool by the pixel devs that allowed us to set a flag that would unlock the partitions once again. (link to thread)

Now my question is, is the "developer switch" behind the front camera flex actually the "firmware write protect switch"? From what I've been reading, and from my past experiences, enabling "developer mode" is the ChromeOS equivalent of "rooting" on Android. The symptoms are the same between both: when my Pixel boots up it tells me that it's unlocked and allowed to execute unsigned code, and I have to wait 30 seconds for it to boot, the only difference is that there isn't a way to say "ok" or "lock it back up" as there is with ChromeOS. 

A few years ago when I installed Arch Linux on my HP Pavilion, I first had to access the crosh shell and type a few commands to enable developer mode, which then rebooted my HP and proceeded to wipe the data. When I logged back in it resynced my files and I had full access to Linux. In order to actually boot up a Linux distro I had to flash SeaBIOS since mine didn't come with it pre-loaded, like newer ones do, so I had to rip it apart and remove the firmware write protect screw. After I removed the screw I had complete access to the system and was able to flash the BIOS. Stuff like this is already possible on the Pixel C immediately after you unlock the bootloader, so is this switch even relevant to locking down the system at all since you can flash system, boot, bootloader, data, recovery, vendor and cache directly from fastboot? I did notice that there are a few other partitions outside of the standard ones that I listed before and I have no idea what they contain or what they're used for. Also from the previous example it does seem some stuff may still be locked down but we do have a tool that allows us to change various flags, there's just no help for it so there's no way to know what commands are available.

And now for the ultimate question: How do you recreate the ChromeOS partition table and erase the Android partition table? I'm going to assume you would need to boot from a USB drive or something since you would need to completely get rid of everything, or could this be done from within fastboot? I poked around fastboot and couldn't find anything related to creating partitions, only formatting and erasing them. There is a "recover from USB" option in the Pixel C's bootloader so would it be possible to use/hijack that to load ChromeOS instead of Android (like it currently does) or does the physical switch behind the camera lock the partition table? Would the above mentioned fwtool (provided by pixel devs) allow you to set a flag to boot from USB?

Milosz Derezynski

unread,
May 30, 2016, 9:17:38 PM5/30/16
to brand...@gmail.com, Chromium OS discuss
Since no one is replying, let me take a shot myself.

(I'm rather sure there is a write protect somewhere in or around the camera flex, or is the flex itself.)

The procedure for installing ChromiumOS would go more or less as follows, errors due to my gaps in understanding guaranteed: First, you would need to flash a different EC ROM, as I'm sure, or know, from reading the current EC ROM's code that it's at least partially tailored towards Android. In order to do so you would need to disable the write protect indeed, or modify the GBB flags, but you can only modify those when the write protect is off.

Of course my ryu has fastboot unlocked, but unlocking fastboot only serves the purpose for Android and is not full dev mode on the Pixel C.

Checking the output of "ectool switches", we see that the WP is enabled:

dragon:/su/xbin # ./ectool --interface=dev switches                            
Current switches:   0x00
Lid switch:         CLOSED
Power button:       UP
Write protect:      ENABLED
Dedicated recovery: DISABLED

Once you have the WP off, you can flash the proper EC, which I'm sure exists somewhere at Google but is not readily available in chromium git (either not at all or one would have to do some serious digging).

If you have that working, you could probably piece together a ChromiumOS build for ryu. Then you'd need to repartition the storage. Next step would be flashing the build, and here it's really speculative.

Assuming that the recovery mode is fully functional, one would only need to put the build onto an USB drive, and assuming the Pixel C is in host mode while in recovery, attach the drive to the USB-C port (either directly or via some kind of adapter or somesuch).

From there on out, if the firmware is properly prepared, it should (could? might?) install the ChromiumOS build and would then be capable of booting it.

There are so many ifs and whens though that unless someone from Google backs us up here we'll probably lose a bunch of ryus until we get this working properly. I mean, who wants to pry off their screen to disable the WP?

(PS: An alternate solution would be a Chromium EC ROM that is signed by Google. But alas....)


Milosz


--
--
Chromium OS discuss mailing list: chromium-...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Chromium OS discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-os-dis...@chromium.org.

Brandon Golway

unread,
May 30, 2016, 9:28:40 PM5/30/16
to Milosz Derezynski, Chromium OS discuss
So it's pretty much a giant PITA haha Definitely not something I could easily, thanks for the info!

Alan Sack

unread,
Nov 20, 2018, 3:13:25 PM11/20/18
to Chromium OS Discussion
Pita, yes! But can it be done?

Mike Frysinger

unread,
Nov 20, 2018, 3:18:32 PM11/20/18
to alan...@gmail.com, Chromium OS Discussion
it's all "just software", so of course it's technically possible to run CrOS on a Pixel C tablet. however, the technical skills required tend to be higher than most people can reasonably manage.
-mike

On Tue, Nov 20, 2018, 15:13 Alan Sack <alan...@gmail.com wrote:
Pita, yes! But can it be done?

--
--
Chromium OS Discussion mailing list: chromium-...@chromium.org

View archives, change email options, or unsubscribe:
https://groups.google.com/a/chromium.org/group/chromium-os-discuss

Sean Paul

unread,
Nov 21, 2018, 10:50:21 AM11/21/18
to alan...@gmail.com, chromium-...@chromium.org, Maxime Ripard
On Tue, Nov 20, 2018 at 3:13 PM Alan Sack <alan...@gmail.com> wrote:
>
> Pita, yes! But can it be done?
>

+Maxime who was also interested in this. Perhaps if y'all get enough
people interested you can make progress.

Sean

> --
> --
> Chromium OS Discussion mailing list: chromium-...@chromium.org
> View archives, change email options, or unsubscribe:
> https://groups.google.com/a/chromium.org/group/chromium-os-discuss
> ---
> You received this message because you are subscribed to the Google Groups "Chromium OS Discussion" group.
Reply all
Reply to author
Forward
0 new messages