df47933f4c | ||
---|---|---|
bootloader/bin | ||
rootfs | ||
.gitignore | ||
LICENSE | ||
README.md | ||
build.sh | ||
build_image.sh | ||
build_rootfs.sh | ||
patch_initramfs.sh | ||
patch_rootfs.sh |
README.md
Chrome OS RMA Shim Bootloader
This is a set of scripts for patching a Chrome OS RMA shim to serve as a bootloader for a standard Linux disto.
About:
Chrome OS RMA shims are disk images which are bootable from Chromebooks, and they'll work even if the device is enterprise enrolled. Unfortunately for Google, there exists a security flaw where the root filesystem of the RMA shim is not verfied. This lets us replace the rootfs with anything we want, including a full Linux distribution.
Simply replacing the shim's rootfs doesn't work, as it boots in an environment friendly to the RMA shim, not regular Linux distros. To get around this, a seperate bootloader is required to transition from the shim environment to the main rootfs. This bootloader then does pivot_root
to enter the rootfs, where it then starts the init system.
Another problem is encountered at this stage: the Chrome OS kernel will complain about systemd's mounts, and the boot process will hang. A simple workaroudn is to apply a patch to systemd, and then it can be recompiled and hosted at a repo somewhere.
After copying all the firmware from the recovery image and shim to the rootfs, we're able to boot to a mostly working XFCE desktop.
Partition Layout:
- 1MB dummy stateful partition
- 32MB Chrome OS kernel
- 20MB bootloader
- The rootfs partitions fill the rest of the disk
Note that rootfs partitions have to be named shimboot_rootfs:<partname>
for the bootloader to recognize them.
Current Development Roadmap:
build the image automaticallyboot to a shellswitch_root into an actual rootfsstart X11 in the actual rootfsui improvements in the bootloaderload all needed driversautostart X11host repo for patched systemd packagesuse debootstrap to install debianprompt user for hostname and account when creating the rootfsauto load iwlmvm- get wifi fully working
- host prebuilt images
write detailed documentation
Long Term Goals:
- get zram to work
- eliminate binwalk dependency
- get audio to work
Usage:
Prerequisites:
- A separate Linux PC for the build process (preferably something Debian-based)
- A USB that is at least 8GB in size
- At least 20GB of free disk space
- An x86-based Chromebook
Instructions:
- Grab a Chrome OS RMA Shim from somewhere. Most of them have already been leaked and aren't too difficult to find.
- Download a Chrome OS recovery image for your board.
- Clone this repository and cd into it.
- Run
mkdir -p data/rootfs
to make a directory for the rootfs. - Run
sudo ./build_rootfs.sh data/rootfs bookworm
to build the base rootfs. - Run
sudo ./patch_rootfs.sh path_to_shim path_to_reco data/rootfs
to patch the base rootfs and add any needed drivers. - Run
sudo ./build.sh image.bin path_to_shim data/rootfs
to generate a disk image atimage.bin
. - Flash the generated image to a USB drive or SD card.
- Plug the USB into your Chromebook and enter recovery mode. It should detect the USB and enter the shimboot bootloader.
Note that these instructions are currently incomplete.
License:
ading2210/shimboot: Boot desktop Linux from a Chrome OS RMA shim.
Copyright (C) 2023 ading2210
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.