Coreboot installation on Chromebook ASUS C201PA


In this manual I will try to explain how to install Coreboot (2018 year version) on the Chromebook ASUS C201PA (later referred in the manual simply as C201) with the Paper build system. At the time of writing up this manual (Q1 2018), Libreboot didn’t have any updated sources for this laptop, so I decided it would be better to use Coreboot.


There exists a Libreboot Chromebook ASUS C201 installation guide, and I would suggest you to read that first for easier understanding and detailed insight about what we’ll be trying to achieve through this manual. The steps are not identical, you will actually be installing Coreboot, which is a different project, but it might give you some ideas first about similar hardware and software being used here. I suggest that you read more about the Coreboot project, before proceeding with the installation. First of all before proceeding with anything you should already have a working GNU/Linux operating system on the C201. This manual does not explain how to install a GNU/Linux distribution on the C201, so you will need to find this information elsewhere. At the time of trying out this Coreboot installation I had a working GNU/Linux Debian 9 Stretch operating system on the SD card and Chrome operating system on the eMMC internal flash drive. This is my review of the summary by Paul Kocialkowski’s sets of instructions. Paul is a Libreboot and Coreboot developer who was willing to assist me getting this properly installed on my computer. The summary of all performed commands is written into a text file, so make sure to double check that, because this website wrongly renders and displays some of the characters.


  • Secondary laptop (the same laptop could also be used)
  • USB key
  • Thin piece of plastic (guitar pick) for laptop disassembly
  • Installation of additional programs “apt-get install flashrom gnupg”

Laptop disassembly instructions

First step that you need to do is removing the write protect screw, which is inside the laptop. Refer to the similar Libreboot manual to read more about it. First you need to unscrew 8 screws which are holding the laptop together. Two of them are below the plastic caps/stands. Use something like a sharp piece of plastic to slide below them and remove them. You will need to open up the chasis of the C201. Best thing that can help you with that is by using some very thin piece of plastic, something like a guitar pick would be good. I did not have that and have used a credit card which was already a bit too thick to slide inside. You need to divide the shiny silver upper part and the lower blue part of the C201 by placing a piece of plastic in between and sliding it all around the lower part of the laptop. Beware that inside the laptop are the plastic clips which are holding the two parts together so don’t go too deep with the piece of plastic, not to break those clips. When you manage to divide the bottom and upper part of the laptop you need to beware not to divide those two parts up completelly, because inside there are two striped connectors (one black wider one for keyboard and one white thin one for touchpad), so be carefull when detaching those straps not to tear them apart (you don’t really need to detach them, you can also line up the parts). When you have opened up the laptop put it into such position. Then you unscrew the inner screw which is being marked inside of the white circle on the photo. That screw is the write protection screw for Coreboot, so without it you will be able to install Coreboot. When that is done, just assemble the laptop back together by pushing both parts (shiny silver upper part and bottom blue part) and save the screw.


Boot into Chrome OS. You will need some storage to transfer the files from Chrome OS to your other computer, an USB key is fine. You need to be in Chrome OS developer mode. Log in as root user into Chrome OS. This is done with Ctrl + Alt + F1 (top right arrow). Sometimes the root doesn’t have the password set, so just use the enter key to bypass password. You should see a visible # as a prompt. Insert the USB key. It will probably automatically mount itself, in my case it has mounted under /media/removable/USBDRIVE . If the USB key doesn’t automatically mount, you will need to perform the mounting commands. You need to put a file (flash.img) on the USB key. Go to the USB key directory.

  • # cd /media/removable/USBDRIVE
  • # flashrom -p host -r flash.img

Copy file flash.img to USB key. Power off the computer and stick the USB key into another computer. Boot into your favourite GNU/Linux distribution. Install Paul Kocialkowski’s gnupg public key (fingerprint 01B7 0C5D 940C B63D 5FA6 12C2 84FD C1EA 8FEE 950C) for verifying the installer. Create a directory on the PC and copy file flash.img from USB key there. Run the following commands as normal user (non-root) on another computer:

  • gpg –recv-keys 8FEE950C
  • export DOWNLOAD_URL=
  • wget “$DOWNLOAD_URL/tools/x86_64/libreboot-release/libreboot-release”
  • chmod a+x libreboot-release
  • ./libreboot-release prepare cros-scripts vboot-tools coreboot-depthcharge-veyron-speedy

You should see an output similar to this. Then continue with the following commands:

  • VBOOT_TOOLS_PATH=tools/x86_64/vboot/vboot-tools tools/x86_64/cros-scripts/cros-scripts/cros-firmware-prepare vpd flash.img extract vpd.bin
  • VBOOT_TOOLS_PATH=tools/x86_64/vboot/vboot-tools tools/x86_64/cros-scripts/cros-scripts/cros-firmware-prepare vpd images/coreboot/coreboot-depthcharge-veyron-speedy/coreboot.rom replace vpd.bin
  • cp images/coreboot/coreboot-depthcharge-veyron-speedy/coreboot.rom .

You should see an output similar to this. Copy coreboot.rom file to the USB key. Power up C201 again and boot into Chrome OS. Insert the USB key and go into USB key directory, then type as root:

  • # flashrom -p host -w coreboot.rom

You should see a message like this:

erasing and writing flash chip…..Verifying flash….VERIFIED


Then check the output of the crossystem command

  • # crossystem | grep dev_boot

If you see:

dev_boot_usb=1 , dev_boot_legacy=0 , dev_boot_signed_only=0

Then it is OK to reboot the C201. And that’s it. Commands that can be used during the Coreboot boot menu are:

  • Ctrl+h = Pauses the screen
  • Ctrl+u = Boots the GNU/Linux distribution (default is ChromeOS)


Be sure to read the disclaimer before proceeding with the installation.

Setting up ALSA on Chromebook Asus C201 Debian

ALSA – Advanced Linux Sound Architecture

After initial preparation of the bootable Debian images, I managed to boot into Debian from the SD card and run system upgrade and migrate the Operating System from Debian Jessie to Debian Stretch (current Debian testing release). The migration was successful. There are a few things that still require tuning on this laptop, one of them is the ALSA (Advanced Linux Sound Architecture) system. Before proceeding with ALSA settings, there are a few things worth mentioning. The default installation doesn’t provide the working ALSA subsystem, and it can be “unsafe” (see disclaimer on the bottom of this article) if you try using the sound system without the correct system configuration, as you might even damage or ruin the speakers. So to begin with the settings:

First we will install the base of the ALSA packages, alsamixer for tuning the settings and pavucontrol monitor for setting additonal pulseaudio values:

  • aptitude install alsa-utils alsamixergui pulseaudio pulseaudio-utils pavucontrol

We start with configuration of the ALSA values by using the “amixer” entries. It’s advisable to copy all these values inside the script, so they can be executed after reboot in case of configuration loss. We will be using program “amixer” with “-Dhw” parameter and “ROCKCHIPI2S” is the device name we’re setting up. You can ignore the error “shared memfd open() failed: Function not implemented” if it appears. It is something related to the Linux kernel settings, which cannot be alternated inside the current running kernel. Apply the settings below as root or use “sudo” from the user account.

amixer -Dhw:ROCKCHIPI2S cset name=’Left Speaker Mixer Left DAC Switch’ on
amixer -Dhw:ROCKCHIPI2S cset name=’Right Speaker Mixer Right DAC Switch’ on
amixer -Dhw:ROCKCHIPI2S cset name=’Headphone Left Switch’ off
amixer -Dhw:ROCKCHIPI2S cset name=’Headphone Right Switch’ off
amixer -Dhw:ROCKCHIPI2S cset name=’Digital EQ 3 Band Switch’ off
amixer -Dhw:ROCKCHIPI2S cset name=’Digital EQ 5 Band Switch’ off
amixer -Dhw:ROCKCHIPI2S cset name=’Digital EQ 7 Band Switch’ off
amixer -Dhw:ROCKCHIPI2S cset name=’Biquad Switch’ off
amixer -Dhw:ROCKCHIPI2S cset name=’Filter Mode’ Music
amixer -Dhw:ROCKCHIPI2S cset name=’ADC Oversampling Rate’ 0
amixer -Dhw:ROCKCHIPI2S cset name=’DMIC Mux’ DMIC
amixer -Dhw:ROCKCHIPI2S cset name=’MIC2 Mux’ IN34
amixer -Dhw:ROCKCHIPI2S cset name=’Right ADC Mixer MIC2 Switch’ on
amixer -Dhw:ROCKCHIPI2S cset name=’Left ADC Mixer MIC2 Switch’ on
amixer -Dhw:ROCKCHIPI2S cset name=’MIC2 Volume’ 20
amixer -Dhw:ROCKCHIPI2S cset name=’Headset Mic Switch’ off
amixer -Dhw:ROCKCHIPI2S cset name=’Int Mic Switch’ on
amixer -Dhw:ROCKCHIPI2S cset name=’ADCR Boost Volume’ 4
amixer -Dhw:ROCKCHIPI2S cset name=’ADCL Boost Volume’ 4
amixer -Dhw:ROCKCHIPI2S cset name=’ADCR Volume’ 11
amixer -Dhw:ROCKCHIPI2S cset name=’ADCL Volume’ 11
amixer -Dhw:ROCKCHIPI2S cset name=’Left Speaker Mixer Left DAC Switch’ on
amixer -Dhw:ROCKCHIPI2S cset name=’Right Speaker Mixer Right DAC Switch’ on
amixer -Dhw:ROCKCHIPI2S cset name=’Speaker Left Mixer Volume’ 2
amixer -Dhw:ROCKCHIPI2S cset name=’Speaker Right Mixer Volume’ 2
amixer -Dhw:ROCKCHIPI2S cset name=’Record Path DC Blocking’ on
amixer -Dhw:ROCKCHIPI2S cset name=’Playback Path DC Blocking’ on
amixer -Dhw:ROCKCHIPI2S cset name=’Speaker Left Switch’ on
amixer -Dhw:ROCKCHIPI2S cset name=’Speaker Right Switch’ on
amixer -Dhw:ROCKCHIPI2S cset name=’Speaker Switch’ on

After implementing these values, the sound system should be ready. Test if there is any sound coming from the speakers by playing a .wav file on your computer. You can do this with the program “aplay”. There is a short manual for soundcard testing.

  • aplay -vv soundfile.wav

If this command gives you a visualisation of playing graphics inside the terminal but not producing the actual sound from the speakers, you can continue with sound test outside of “pulseaudio” mode with:

  • pasuspender — speaker-test -c2 -twav -l3 -Dhw:ROCKCHIPI2S

This should produce the sound in your speakers by a voice saying “Front left (on the left speaker) and front right (on the right speaker)”. You should probably hear this. This means that the hardware itself works and it could also mean that the pulseaudio is doing something strange not to hear the sound by using “aplay”. Next thing you could try is using pavucontrol GUI, which is the main pulseaudio configuration tool. Look at the picture below and match your settings similar to it, focus on the “Output devices” section and make sure the output device is selected as your fallback device and that it is not muted. Start “pavucontrol” as root and a GUI will open a similar image like the one below:

Select the bottom output device where it says “ROCKCHIP-I2S Analog Stereo” click on the speaker button to mute it and then again to unmute the device (just to be sure) and click the green button on the right side where is the setting for setting default output device. This worked for me and I was able to hear the sound coming out from the speakers.

The last thing which you need to apply is storing the ALSA values permanently into the system which will also work after reboot.

You can do this as root just type:

  • alsactl store

Alternative thing if “alsactl store” doesn’t save the values for you, you can still save the settings for ALSA inside the script with:

  • alsactl –file ~/.config/asound.state store

Which you reload after reboot with:

  • alsactl –file ~/.config/asound.state restore

That’s about it.


Be sure to read the disclaimer before proceeding with the installation.

Libreboot with Debian on Chromebook C201

libreboot logo
Libreboot logo made by Marcus Moeller (2014) – Creative Commons license CC0 1.0 Universal

A few months back I obtained a Google Chromebook Asus C201. It arrived preinstalled with Chrome OS as default operating system. This laptop was listed as one of the possible laptop models that can use Libreboot. Free Software developer Paul Kocialkowski has ported Libreboot to this Chromebook. Libreboot is a free BIOS or UEFI replacement (free as in freedom); libre boot firmware that initializes the hardware and starts a bootloader for your operating system. It’s also an open source BIOS, but open source fails to promote freedom; please call libreboot free software. Since I know Paul K. from the Internet, he helped me with the guidelines about creating bootable Debian image to be used on this laptop. In my next blog post I plan to describe how to successfully create these bootable Debian images. This laptop has three possibilities about using a secondary operating system.

  • First possibility is to install the system on internal storage and replace the default Chrome OS.
  • Second possibility is to use an external USB key and have it stored there and the
  • third possibility (which I have chosen) was to install Debian on the Micro-SD card.

With my current setup I prefer to keep Chrome OS on internal storage and I can select secondary booting method to boot up Debian from Micro-SD card. I used Debian stable (Jessie) image and afterwards I have upgraded to Debian testing (stretch) to use more recent Debian packages. Just a short info for people that don’t know about Debian. Debian has one of the best designed release methods amongst GNU/Linux distributions, and their “main” software pool contains only free software. The “main” pool is also the only software pool that I will use on this laptop. Currently there are no other suitable FSF authorised distributions that would run on this laptop, next possible ports will include the Guix system distribution and Paul Kocialkowski is working on porting the Parabola GNU/Linux-libre distribution. My goal is to use only free software on this laptop, but there are some limitations. First the BIOS needs to be replaced with Libreboot, and the integrated Wi-Fi chipset would only work with proprietary software. Therefore for this purpose I have purchased a free hardware replacement – Qualcomm Atheros external USB Wi-Fi card, that uses AR9271 chipset, which is known to operate with free software. The model of this access point card is Sophos AP 5 Rev. 1. More about the recommended steps will follow up soon …

GNU is 33 years old

GNU logo made by Aurelio A. Hackert – Creative Commons Attribution-ShareAlike 2.0 license

GNU is an operating system and an extensive collection of computer software. GNU is composed wholly of free software, most of which is licensed under GNU’s own GPL.

GNU is a recursive acronym for “GNU’s Not Unix!”, chosen because GNU’s design is Unix-like, but differs from Unix by being free software and containing no Unix code. The GNU project includes an operating system kernel, GNU HURD, which was the original focus of the Free Software Foundation (FSF). However, non-GNU kernels, most famously Linux, can also be used with GNU software; and since the kernel is the least mature part of GNU, this is how it is usually used. The combination of GNU software and the Linux kernel is commonly known as Linux (or less frequently GNU/Linux; see GNU/Linux naming controversy).

Development of the GNU operating system was initiated by Richard Stallman at the Massachusetts Institute of Technology (MIT) Artificial Intelligence Laboratory as a project called the GNU Project which was publicly announced on September 27, 1983, on the net.unix-wizards and net.usoft newsgroups by Richard Stallman.

More about GNU in the links below:

Compulab Utilite image with Ubuntu 14.04 LTS (Trusty Tahr)

Utilitie-introA new image for Utilite devices is available. Default Utilite images were based on Ubuntu 12.04 LTS (Precise Pangolin) now there is a new image with Ubuntu 14.04 LTS (Trusty Tahr). You can download it from here or from alternative download location. Once you have it on your hard drive, you can extract it to the Micro SD card. This is a 5 GB bootable image with lots of desktop applications, make sure you have at least 6 GB of available space on your Micro SD card. You can use this command to put the content of the file on your Micro SD card (be aware that it will erase all existing content on your SD card).

# xz -dc armhf-trusty-vpu-gpu.img.5G.xz | sudo dd of=/dev/<sdcard device node> bs=1M

After you are done, insert the Micro SD card into Utilite SD card slot and boot the device.

How to monitor Bind with Munin on Debian Jessie

Munin is a networked resource monitoring tool for monitoring your servers. Bind is most widely used open source software that implements the Domain Name System (DNS) protocols for the Internet. This manual doesn’t cover Munin or Bind installation, only the manual how to sync those two together to display queries from Bind inside Munin, here is how you do it :

1. Set some logging permissions for bind

# mkdir /var/log/bind9
# chown bind:bind /var/log/bind9
# service bind9 restart

2. Edit /etc/bind/named.conf.options and add these settings:
logging {
         channel b_log {
                 file "/var/log/bind9/bind.log" versions 30 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         channel b_debug {
                 file "/var/log/bind9/debug.log" versions 2 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity dynamic;
         channel b_query {
                 file "/var/log/bind9/query.log" versions 2 size 1m;
                 print-time yes;
                 severity info;
         category default { b_log; b_debug; };
         category config { b_log; b_debug; };
         category queries { b_query; };

3. Restart bind
# service bind9 restart

4. Configure munin-node plugin
# ln -s /usr/share/munin/plugins/bind9 /etc/munin/plugins/bind9

5. In /etc/munin/plugin-conf.d/munin-node make sure you have declared bind9 plugin: 
user root

6. Restart munin-node
# service munin-node restart

7. Enable rndc statistics in bind. Add a context inside /etc/bind/named.conf.options
statistics-file "/etc/bind/zones/statistics";
zone-statistics yes;

8. Create zones directory and statistics file
# mkdir /etc/bind/zones
# chown bind.bind /etc/bind/zones
# touch /etc/bind/zones/statistics
# chown bind.bind /etc/bind/zones/statistics

9. Restart bind
# service bind9 restart

10. Run rndc statistics
# rndc stats

11. Enable bind9_rndc plugin in munin
# ln -s /usr/share/munin/plugins/bind9_rndc /etc/munin/plugins/bind9_rndc

12. In /etc/munin/plugin-conf.d/munin-node make sure you have declared bind9_rndc plugin
user root
env.querystats /etc/bind/zones/statistics

13. Restart munin-node
# service munin-node restart

This should be all. Wait about 10 minutes that Munin 
graphs become visible and they will look like this:


I will buy a Lemote Yeeloong laptop

Yeeloong2Chinese company by the name Lemote produced a few batches of FSF endorsed laptops called Lemote Yeeloong back in 2010 – 2012. First Yeeloong was the model 8089B with a 8.9″ screen, followed by 8101B with a 10.1″ screen size. These laptops are now out of sale and only obtainable on a second hand market. If you happen to know the information where these laptops would still be obtainable from or you have one available from second hand yourself and are willing to sell it, please contact me on my e-mail (or just use the comment section in the blog form). I would be interested to order one for my personal use. Regarding the shipping, I live in Slovenia, Europe. Regarding the payment we could discuss various possibilities. Thank you !

Free hardware designs

Yeeloong2In the recent years the Free Software Foundation has encouraged (computer) hardware manufacturers to start producing free (free as in freedom) hardware. Most hardware produced and sold today has proprietary design (Apple, Intel, etc.) and is therefore restricted/encrypted and hard to use with free software, requiring programmers to use reverse engineering methods and write the code to free up parts of the hardware and optimize it for the use with free software. Free Software Foundation maintains a list of the high priority reverse engineering projects. Free hardware would be optimized for the use with free user respecting GNU+Linux software and should be released under the GNU General Public License (GPL), version 3 or later. Currently there are few alternatives around free hardware designs. In 2012 the Free Software Foundation started a project with the Chinese manufacturer Jiangsu Lemote Technology Corporation Limited for the production of the Lemote Yeeloong netbook. Yeeloong’s used the early Loongson 2F, a single core MIPS3-compatible 64-bit CPU with some custom ISA extensions (not all used in software), therefore a lot of customized software still had to be written for it. For that purpose a special customized GNU+Linux distribution gNewSense has seen the light of day. Since then we have seen other alternatives to free up parts of the hardware. The project Libreboot has written replacements for the standard BIOS using reverse engineering on Lenovo Thinkpad models, such as X60, T60 and X200 which are all obtainable from the U.K. store Gluglug. Another crowd funding initiative called Purism has raised funds and started with the production of the free modern laptops. Michał Tomasz Masłowski has written about Laptops and free software in 2013. There are also Replicant, a free operating system that works as a replacement for Android based devices and libreCMC a free replacement operating system for wireless routers. There are videos (with Slovene translations) from the Libreplanet 2013 conference, where Dr. Richard Stallman talks about the free hardware designs (video part 1) (video part 2) and also explains the idea in his recent articles “Why we need free digital hardware designs” and “How to make hardware designs free“.

Utilite computer 3.10.17 Linux kernel upgrade

Utilitie-introThis is the manual about how to (properly) compile Utilite-developed Linux kernel for the Utilite computer (Utilite Pro) running “Ubuntu 12.04 LTS (Precise Pangolin)”. It’s mostly written for my own reference in case of possible future upgrades, but some might find it useful, as otherwise the information seems to be scattered around the Internet. We will do the start in user-mode and finish it in superuser (root) mode. The commands in bold are those which you need to type on the command line. However, I am not responsible for any damage that you might experience trying out this manual on your Utilite Pro. These are unofficial instructions, if you want official instructions read information on the Utilite Forum and Wiki. So here we go …

1. First we are going to pull the kernel sources with git ( there is an online manual on how to use git ). This is a one-string command, so write all in one line.

$ git clone -b 'utilite/devel' --depth 1

2. Lets move inside the kernel tree.

$ cd linux-kernel

3. Let’s make default kernel .config

$ make cm_fx6_defconfig

4. Let’s define other settings with menuconfig. Beside of concatenating kernel image and DTB you need to make sure that the following kernel options are present in your .config :


$ make menuconfig

5. Clean before compiling.

$ make clean

6. Let’s compile. Option “-j8” means that we’ll be using 8 jobs on all 4 cores ( x 2 for SMP) on Utilite Pro for compiling ( it’s faster ). Approx. build time is 24 minutes.

$ make -j8 zImage

7. If you enabled DTB settings in the kernel .config, DTB should be made successfully. Approx. build time is 1 minute.

$ make -j8 imx6q-sbc-fx6m.dtb

8. Let’s make the modules. Approx. build time is 4 minutes.

$ make -j8 modules

9. Until this step everything can be done in user-mode. From here on you will need to perform all the additional steps as root or with “sudo” command. Let’s install the modules.

# make modules_install

10. Let’s install the firmware.

# make firmware_install

11. Let’s install the kernel headers.

# make headers_install

12. Now with all things in place and no errors, we are going to mount the boot partition on Utilite Pro ( this is a one-string command, so copy the whole string ).

# boot_partition=`cat /proc/cmdline | awk ‘{ for (i=1;i<=NF;i++) { if($i~/root=/) { print substr($i,6,length($i)-6)”1″ } } }’`

# mount $boot_partition /boot

13. DO NOT FORGET to backup your existing working kernel !

# cp /boot/uImage-cm-fx6 /boot/uImage-cm-fx6.bak

14. Move the newly built Linux kernel image into /boot .

# cat arch/arm/boot/zImage arch/arm/boot/dts/imx6q-sbc-fx6m.dtb > /boot/zImage-cm-fx6

15. Perform the last step to fit everything in place ( this is one-string long command, write everything together ).

# cd /boot; mkimage -A arm -O linux -T kernel -C none -a 0x10008000 -e 0x10008000 -n 3.10.17-cm-fx6-1-beta2-aufs -d zImage-cm-fx6 uImage-cm-fx6; rm -f zImage-cm-fx6

16. The result should be similar to this if all went well …

Image Name: 3.10.17-cm-fx6-1-beta2-aufs
Created: Tue Feb 17 13:53:34 2015
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 5460160 Bytes = 5332.19 kB = 5.21 MB
Load Address: 10008000
Entry Point: 10008000

17. un-mount the /boot partition.

# umount /boot

18. Reboot and pray !

# reboot


If all went well, you should have a new workable 3.10.17 kernel on Utilite Pro.

If you are unable to boot to the new kernel or if something was faulty, there are several things you can try for the rescue. Most information can be asked or found on the Utilite support forum. This is the best place to ask questions. You should enable serial console ( I won’t describe how you do this, you can find the information on the forum or wiki ). So after being connected with the serial console, the first thing you see starting is U-boot. There will be a similar output, compared to this one :

U-Boot 2009.08-cm-fx6-0.98+tools (Mar 10 2014 – 16:17:49)

CPU: Freescale i.MX6 family TO6.4 at 792 MHz
Temperature: 34 C, calibration data 0x59d4f769
mx6q pll1: 792MHz
mx6q pll2: 528MHz
mx6q pll3: 480MHz
mx6q pll8: 50MHz
ipg clock : 66000000Hz
ipg per clock : 66000000Hz
uart clock : 80000000Hz
cspi clock : 60000000Hz
ahb clock : 132000000Hz
axi clock : 264000000Hz
emi_slow clock: 29333333Hz
ddr clock : 528000000Hz
usdhc1 clock : 198000000Hz
usdhc2 clock : 198000000Hz
usdhc3 clock : 198000000Hz
usdhc4 clock : 198000000Hz
nfc clock : 11000000Hz
Board: CM-FX6:[ POR ]
Boot Device: SD
I2C: ready
RAM Configuration:
Bank #0: 10000000 1 GB
Bank #1: 80000000 1 GB
NAND: No NAND device found!!!
0 MiB
JEDEC ID: 0xbf:0x25:0x41
Reading SPI NOR flash 0xc0000 [0x2000 bytes] -> ram 0x17e030c0

In: serial
Out: serial
Err: serial
Net: got MAC address from IIM: 00:00:00:00:00:00
Hit any key to stop autoboot:

Here you have 3 seconds of time to hit any key and enter into the U-boot interface, where you can perform additional steps.

1. First step would be to boot the previous kernel. Define the previous kernel with “setenv”.

$ setenv kernel uImage-cm-fx6.bak

$ run bootcmd

This should at least bring you back to the previous kernel.

2. If you forgot what your previous kernel name was ( if you selected a different name ), you can try these commands :

$ sata init
$ fatls sata 0:1

This should list all available kernels in the /boot partition, so just select another name with “setenv”.

Good luck !

P. S. If you have tried this procedure and found any errors or know about the improvements, you are welcome to comment on the post and I will be glad to fix the article !

Encrypting external USB drive in GNU/Linux

I recently bought an external USB drive and while setting it up with an encrypted filesystem I thought I could blog about it. The procedure that I will use involves Logical Volume Manager (LVM) and luks0pen encryption. The procedure is being done with Trisquel GNU/Linux, but it will also work for Ubuntu Linux and other GNU/Linux systems.

  1. First you will need to open a terminal (xterm) and log in as a root user, use “su” and enter your root password.
  2. You can open another terminal and watch the system log with “tail -f /var/log/messages
  3. Then you will need some programs to make it work with encryption, you will need to install Logical Volume Manager tools (LVM) with “aptitude install lvm2 e2fsprogs cryptsetup“.
  4. Attach the USB drive into the computer’s USB slot, you can check “/var/log/messages” or type “dmesg” to see how the drive appears up in your computer. Mine shows up as “/dev/sdb“. Keep in mind that your drive might show up differently as “/dev/sdc” or “/dev/sdd” depending on your setup, so I will continue with the manual as the drive being set up for “/dev/sdX“, please consider changing X to another letter which matches your drive.
  5. Check the drive for bad blocks (takes a couple of hours): “badblocks -c 10240 -s -w -t random -v /dev/sdX“. For a 3 Terabyte drive it took a bit over 5 hours to finish.
  6. Write random data to the entire drive. This step took less than 12 hours to finish, but it ensures that never-written drive space can’t be differentiated from encrypted data if someone ever tries to crack the drive. (If you’re going to do this, you might as well do it right). Use “shred -v -n 1 /dev/sdX
  7. Create one big LVM partition on the drive using fdisk. Set up one big primary partition /dev/sdX1, set the tag to system id “8e” LVM, and write the changes to disk:
    fdisk /dev/sdX
    Note: sector size is 4096 (not 512)
    Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
    Building a new DOS disklabel with disk identifier 0x4a8d1c8d.
    Changes will remain in memory only, until you decide to write them.
    After that, of course, the previous content won't be recoverable.
    Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
    Command (m for help): p
    Disk /dev/sdb: 3000.6 GB, 3000592982016 bytes
    255 heads, 63 sectors/track, 45600 cylinders, total 732566646 sectors
    Units = sectors of 1 * 4096 = 4096 bytes
    Sector size (logical/physical): 4096 bytes / 4096 bytes
    I/O size (minimum/optimal): 4096 bytes / 4096 bytes
    Disk identifier: 0x4a8d1c8d
       Device Boot      Start         End      Blocks   Id  System
    Command (m for help): n
    Partition type:
       p   primary (0 primary, 0 extended, 4 free)
       e   extended
    Select (default p): p
    Partition number (1-4, default 1): 1
    First sector (256-732566645, default 256): [ENTER]
    Using default value 256
    Last sector, +sectors or +size{K,M,G} (256-732566645, default 732566645): [ENTER]
    Using default value 732566645
    Command (m for help): t
    Selected partition 1
    Hex code (type L to list codes): 8e
    Changed system type of partition 1 to 8e (Linux LVM)
    Command (m for help): p
    Disk /dev/sdb: 3000.6 GB, 3000592982016 bytes
    255 heads, 63 sectors/track, 45600 cylinders, total 732566646 sectors
    Units = sectors of 1 * 4096 = 4096 bytes
    Sector size (logical/physical): 4096 bytes / 4096 bytes
    I/O size (minimum/optimal): 4096 bytes / 4096 bytes
    Disk identifier: 0x4a8d1c8d
       Device Boot      Start         End      Blocks   Id  System
    /dev/sdb1             256   732566645  2930265560   8e  Linux LVM
    Command (m for help): w
    The partition table has been altered!
    Calling ioctl() to re-read partition table.
    Syncing disks.
  8. Use cryptsetup to encrypt the drive: 
    "cryptsetup --verbose --verify-passphrase luksFormat /dev/sdX1"
    This will overwrite data on /dev/sdX1 irrevocably.Are you sure? (Type uppercase yes): YES
    Enter LUKS passphrase: <Your password here>
    Verify passphrase: <Repeat your password>
    Command successful.
  10. Unlock the drive: (We will call this drive backupexternal, but you can choose a different name)
  11. “cryptsetup luksOpen /dev/sdX1 backupexternal” . Enter passphrase for /dev/sdX1: <Enter your password here>
  12. Create the LVM physical volume: “pvcreate /dev/mapper/backupexternal” , Physical volume “/dev/mapper/backupexternal” successfully created
  13. Create the LVM volume group: (We will call it usbbackup, but you can choose a different name) “vgcreate usbbackup /dev/mapper/backupexternal” , Volume group “usbbackup” successfully created.
  14. Create a logical volume within the volume group: “lvcreate -L 900G -n backupvol /dev/usbbackup“, Logical volume “backupvol” created.
  15. At this point you have a device named /dev/usbbackup/backupvol, so create a filesystem on the logical volume: “mkfs.ext4 /dev/usbbackup/backupvol”
  16. mke2fs 1.42 (29-Nov-2011)
    Filesystem label=
    OS type: Linux
    Block size=4096 (log=2)
    Fragment size=4096 (log=2)
    Stride=0 blocks, Stripe width=0 blocks
    58982400 inodes, 235929600 blocks
    11796480 blocks (5.00%) reserved for the super user
    First data block=0
    Maximum filesystem blocks=4294967296
    7200 block groups
    32768 blocks per group, 32768 fragments per group
    8192 inodes per group
    Superblock backups stored on blocks:
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
    4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
    102400000, 214990848Allocating group tables: done
    Writing inode tables: done
    Creating journal (32768 blocks): done
    Writing superblocks and filesystem accounting information: done
  17. Create a mount directory on computer drive “mkdir /mnt/backup
  18. Mount the volume: “mount /dev/usbbackup/backupvol /mnt/backup
  19. To get the volume to mount automatically at boot time add this line to your /etc/fstab file:
    "/dev/usbbackup/backupvol      /mnt/backup     ext4    defaults        0 5"
  20. To be prompted for the decryption key / passphrase at boot time first get the drive’s UUID: “ls -l /dev/disk/by-uuid” (In my example I use the UUID for /dev/sdb1)
  21. Then add this line to the /etc/cryptab file: “ext_drive /dev/disk/by-uuid/[the UUID of the drive] none luks

That’s it. You now have an external, encrypted hard drive with LVM installed. You’ve created one 900GB volume that uses half the disk, leaving 2100GB free for other volumes, or for expanding the first volume.

Hope you find this useful.

P. S. If you have tried this procedure and found any errors or know about the improvements, you are welcome to comment on the post and I will be glad to fix the article !