MrChromebox's coreboot

From Gentoo Wiki
Jump to:navigation Jump to:search
This article is a stub. Please help out by expanding it - how to get started.

The MrChromebox's coreboot is a coreboot fork maintained by one of the coreboot leaders [1], Matt DeVillier (MrChromebox) [2]. The fork targets Chrome OS devices based on x86 architecture. ARM is not supported [3].

Firmware Utility Script

Even though the scripts are stored on GitHub, the blob files will be downloaded from the MrChromebox's website [4]. In the case of firmware blobs, only md5 and sha1 checksum verification is implemented, but the checksums are also stored on the website, which breaks all security. [5] [6] [7] In addition, the script downloads binary tools from the website without any verification and runs them as root. [8] [9] [10] Therefore, there is no way to know if the blobs or tools have been compomised. The instructions provided on the website demonstrate launching by downloading the script directly from the site, not from GitHub. [11] The script on the website is a variation of the original script hosted on GitHub (as of 2024-04-17 these scripts are not the same). The script on the website has the same statement as the original script, saying that "the stuff" is stored on GitHub, which, as shown above, is partially true. It is unknown whether this was done intentionally.

MrChromebox provides a script that automatically detects the motherboard, downloads the compiled coreboot as a blob, injects the VPD into that blob, disables write protection, and flashes it to the device. The script can be executed as follows:

user $cd scripts
root #./

Manual installation


Clone the repository:

user $git clone --recurse-submodules
user $cd coreboot

Select a version (all versions can be seen by executing git tag):

user $git switch --detach MrChromebox-4.22.4

Compile the cross-compiler:

user $make crossgcc-i386 CPUS=$(nproc)

Detect the name of the motherboard:

root #dmidecode --string system-product-name

Starting with version 4.22.0, there is a script in the repository to simplify the build [12]:

The compilation may fail due to concurrency, just run the command again until the compilation completes successfully.

To see the compiled binary file, run the command:

user $ls ../roms/*.rom
The binary is not yet ready for flashing as it requires VPD to be injected.

See also

  • Coreboot — a free and opensource hardware initializing firmware which supports multiple boot ROM payloads.
  • Chromebook — installing Gentoo on a Chromebook