“Buying a Chromebook? Don’t forget to install a real (GNU/)Linux”
Has this experience gotten any better? The last time I installed debian on a chromebook (last year with some Asus thing that came out last year), I had to build my own coreboot and flash it on the board, after jumping through a few hoops to disable ‘security’ features (e.g. removing a magical screw). After that, you’re left with a system that has extremely limited storage (64GB, lol), so you have to be super mindful about rootfs size at all times lest you find you run out of space and bad things happen.
If that’s still pretty much what is required, then I recommend using something else to run real (GNU/)Linux.
Edit: here are the notes I took the show what I had to go through to install debian on the chromebook
I’ve used https://mrchromebox.tech with a few Chromebooks and a Chromebox and it worked really well.
I considered that, but I didn’t really want to flash random binaries on the internet.
Do your research, and discover that is the canonical community place. Random here means “random for craftyguy” – look, I’m not trying to be a hater, but it’s true. Pretty sure he has SHA hashes to check against.
Does this person work for Google? If not, why are they trustworthy? Some might say XDA forums are the ‘canonical community place’ for Android development, but you’d have to be rather ignorant to dive right into XDA forums and start flashing stuff from any rando that posts there.
He’s not working for Google, but he’s active in the coreboot community and apparently works on coreboot for other platforms (the Purism laptops, I think).
Whatever dude, I don’t know how to flag comments but you’re shutting me down for nothing. You’d have to be a little reckless to remove the magic screw. You’d have to be a little reckless to void your warranty. Also there’s a chance the iOS bootROM exploit will brick your device. Does that stop people from freeing their BIOS? Does it make them worry that checkm8 is not canonical? No. Nobody cares at all. Because guess what, it’s a machine. If you want the binaries open source, uh, go to flipping coreboot dot org or whatever. I’m telling the truth, but hey, I don’t work for Google, I could be a malicious rando hahahaaa
I last set up a chromebook for flashing in 2012 so I don’t know if anything’s changed, I imagine you still have to remove the screw. The coreboot flash afaik is optional; some guy provided a prebuilt ROM for my machine. It’s a C720 running Void Linux, with a 32GB M.2 drive. None of these steps were complicated. Note my post didn’t say “Buy a chromebook and install linux”, I wouldn’t recommend anyone buy a Chromebook, but it isn’t that bad.
64GB, extremely limited? Surely you jest?
No screws in devices from 2017 and after, now you buy or solder your own debug cable, and “assert physical presence” by pressing the power button a bunch of times over a several-minute period. That cable gives you access to an incredible close-case debugging experience. Serial consoles for the security chip itself, the EC and the AP (main processor), plus flashing AP and EC firmware (via a flashrom fork).
MrChromebox’s ROM builds are great for 99.9% of people, but if you are interested in hacking on firmware, building your own is easy and fun :)
UPD: also, you don’t need any of the debug stuff if you just want to run another OS. Just unlock developer mode, setup a root password, run crossystem dev_boot_legacy=1 as root, you have a SeaBIOS pre-installed already, Ctrl+L on the dev mode screen to boot. You can replace SeaBIOS with any coreboot payload like TianoCore EDK2 very easily by flashing directly from Chrome OS!
(via a flashrom fork)
(via a flashrom fork)
There’s an active effort on the Chromium OS side to merge the forks. From there, I hope we can establish a model like with coreboot where CrOS firmware work happens upstream first and is moved back into CrOS once it landed upstream.
That would be amazing. I’ve tried building the chromium flashrom on FreeBSD… gave up, built an Arch package and started just using that from SystemRescueCD haha
(btw, is there any way to make raiden_spi faster?)
Which is why I don’t bother with those at all and discourage everyone from buying Google-stuff you expect to last more than 3 years.
Just buy a regular laptop, install some Linux distribution with long-term-support and run that.
The article’s tone makes me think I’m supposed to be outraged, but this practice is pretty standard. Look at Microsoft dropping support for old Windows versions, or older iPhones no longer receiving iOS updates. I admire Google for being this transparent about the actual support dates.
This would be like EOLing the iPhone 7 at the same time as the 6 because it “uses the same hardware platform.” Other companies tend to pair releases with EOL dates so that every product gets a full arc, whereas here google is claiming a 6.5-year support arc and delivering a shorter one on a technicality.
Based on the reporting, it seems that they’re not being very transparent as end-users are being surprised by the issue, and you have to visit a specific builtin chrome web page to see the info. Now, that reporting could be wrong, but that’s a separate discussion which you didn’t raise.
Microsoft isn’t intentionally making new Windows versions incompatible with slightly older hardware. People weren’t outraged by locked-in phones because they have seen them as evolution of dumbphones that weren’t “real computers”. Now we ended up with locked-in “real computers”.
Less than three years of support for new hardware is objectively pretty poor, especially for something that’s effectively a laptop. For comparison I recently rejuvenated somebody’s mid-2011 iMac with an SSD and extra RAM. They’re limited to High Sierra but are likely to continue getting security updates for nearly 2 more years. That’s approximately a decade. (I told them all this and they went ahead - they really dislike e-waste.)
Surprised it sounds like a strictly enforced “no updates after” date rather than an “updates not guaranteed after” date. In particular, the user-space Chrome browser is out there on super-old non-Chrome-OS machines anyway. You can imagine trying to update the browser/renderer longer–it could help users (bugs there are the front door for many security issues), and at least seems like a lower lift than 100% maintenance (which’d include e.g. maintaining a patched kernel that works with the specific h/w forever). Eventually, of course, the browser will require some new kernel feature and, combined with not updating the kernel forever, that limits how long you can update userspace as well.
(Of course, the other thing is that things besides support often make devices unusable before 6.5y anyway, sadly.)