Category: FSF

Coreboot installation on Chromebook ASUS C201PA

Goal

In this manual I will try to explain how to install Coreboot (2018 year version) on the Chromebook ASUS C201PA (later referred in the manual simply as C201) with the Paper build system. At the time of writing up this manual (Q1 2018), Libreboot didn’t have any updated sources for this laptop, so I decided it would be better to use Coreboot.

Introduction

There exists a Libreboot Chromebook ASUS C201 installation guide, and I would suggest you to read that first for easier understanding and detailed insight about what we’ll be trying to achieve through this manual. The steps are not identical, you will actually be installing Coreboot, which is a different project, but it might give you some ideas first about similar hardware and software being used here. I suggest that you read more about the Coreboot project, before proceeding with the installation. First of all before proceeding with anything you should already have a working GNU/Linux operating system on the C201. This manual does not explain how to install a GNU/Linux distribution on the C201, so you will need to find this information elsewhere. At the time of trying out this Coreboot installation I had a working GNU/Linux Debian 9 Stretch operating system on the SD card and Chrome operating system on the eMMC internal flash drive. This is my review of the summary by Paul Kocialkowski’s sets of instructions. Paul is a Libreboot and Coreboot developer who was willing to assist me getting this properly installed on my computer. The summary of all performed commands is written into a text file, so make sure to double check that, because this website wrongly renders and displays some of the characters.

Requirements

  • Secondary laptop (the same laptop could also be used)
  • USB key
  • Thin piece of plastic (guitar pick) for laptop disassembly
  • Installation of additional programs “apt-get install flashrom gnupg”

Laptop disassembly instructions

First step that you need to do is removing the write protect screw, which is inside the laptop. Refer to the similar Libreboot manual to read more about it. First you need to unscrew 8 screws which are holding the laptop together. Two of them are below the plastic caps/stands. Use something like a sharp piece of plastic to slide below them and remove them. You will need to open up the chasis of the C201. Best thing that can help you with that is by using some very thin piece of plastic, something like a guitar pick would be good. I did not have that and have used a credit card which was already a bit too thick to slide inside. You need to divide the shiny silver upper part and the lower blue part of the C201 by placing a piece of plastic in between and sliding it all around the lower part of the laptop. Beware that inside the laptop are the plastic clips which are holding the two parts together so don’t go too deep with the piece of plastic, not to break those clips. When you manage to divide the bottom and upper part of the laptop you need to beware not to divide those two parts up completelly, because inside there are two striped connectors (one black wider one for keyboard and one white thin one for touchpad), so be carefull when detaching those straps not to tear them apart (you don’t really need to detach them, you can also line up the parts). When you have opened up the laptop put it into such position. Then you unscrew the inner screw which is being marked inside of the white circle on the photo. That screw is the write protection screw for Coreboot, so without it you will be able to install Coreboot. When that is done, just assemble the laptop back together by pushing both parts (shiny silver upper part and bottom blue part) and save the screw.

Installation

Boot into Chrome OS. You will need some storage to transfer the files from Chrome OS to your other computer, an USB key is fine. You need to be in Chrome OS developer mode. Log in as root user into Chrome OS. This is done with Ctrl + Alt + F1 (top right arrow). Sometimes the root doesn’t have the password set, so just use the enter key to bypass password. You should see a visible # as a prompt. Insert the USB key. It will probably automatically mount itself, in my case it has mounted under /media/removable/USBDRIVE . If the USB key doesn’t automatically mount, you will need to perform the mounting commands. You need to put a file (flash.img) on the USB key. Go to the USB key directory.

  • # cd /media/removable/USBDRIVE
  • # flashrom -p host -r flash.img

Copy file flash.img to USB key. Power off the computer and stick the USB key into another computer. Boot into your favourite GNU/Linux distribution. Install Paul Kocialkowski’s gnupg public key (fingerprint 01B7 0C5D 940C B63D 5FA6 12C2 84FD C1EA 8FEE 950C) for verifying the installer. Create a directory on the PC and copy file flash.img from USB key there. Run the following commands as normal user (non-root) on another computer:

  • gpg –recv-keys 8FEE950C
  • export DOWNLOAD_URL=http://jp.si/C201/paper-release-20180102/
  • wget “$DOWNLOAD_URL/tools/x86_64/libreboot-release/libreboot-release”
  • chmod a+x libreboot-release
  • ./libreboot-release prepare cros-scripts vboot-tools coreboot-depthcharge-veyron-speedy

You should see an output similar to this. Then continue with the following commands:

  • VBOOT_TOOLS_PATH=tools/x86_64/vboot/vboot-tools tools/x86_64/cros-scripts/cros-scripts/cros-firmware-prepare vpd flash.img extract vpd.bin
  • VBOOT_TOOLS_PATH=tools/x86_64/vboot/vboot-tools tools/x86_64/cros-scripts/cros-scripts/cros-firmware-prepare vpd images/coreboot/coreboot-depthcharge-veyron-speedy/coreboot.rom replace vpd.bin
  • cp images/coreboot/coreboot-depthcharge-veyron-speedy/coreboot.rom .

You should see an output similar to this. Copy coreboot.rom file to the USB key. Power up C201 again and boot into Chrome OS. Insert the USB key and go into USB key directory, then type as root:

  • # flashrom -p host -w coreboot.rom

You should see a message like this:

erasing and writing flash chip…..Verifying flash….VERIFIED

SUCCESS

Then check the output of the crossystem command

  • # crossystem | grep dev_boot

If you see:

dev_boot_usb=1 , dev_boot_legacy=0 , dev_boot_signed_only=0

Then it is OK to reboot the C201. And that’s it. Commands that can be used during the Coreboot boot menu are:

  • Ctrl+h = Pauses the screen
  • Ctrl+u = Boots the GNU/Linux distribution (default is ChromeOS)

Disclaimer

Be sure to read the disclaimer before proceeding with the installation.

Libreboot with Debian on Chromebook C201

libreboot logo
Libreboot logo made by Marcus Moeller (2014) – Creative Commons license CC0 1.0 Universal

A few months back I obtained a Google Chromebook Asus C201. It arrived preinstalled with Chrome OS as default operating system. This laptop was listed as one of the possible laptop models that can use Libreboot. Free Software developer Paul Kocialkowski has ported Libreboot to this Chromebook. Libreboot is a free BIOS or UEFI replacement (free as in freedom); libre boot firmware that initializes the hardware and starts a bootloader for your operating system. It’s also an open source BIOS, but open source fails to promote freedom; please call libreboot free software. Since I know Paul K. from the Internet, he helped me with the guidelines about creating bootable Debian image to be used on this laptop. In my next blog post I plan to describe how to successfully create these bootable Debian images. This laptop has three possibilities about using a secondary operating system.

  • First possibility is to install the system on internal storage and replace the default Chrome OS.
  • Second possibility is to use an external USB key and have it stored there and the
  • third possibility (which I have chosen) was to install Debian on the Micro-SD card.

With my current setup I prefer to keep Chrome OS on internal storage and I can select secondary booting method to boot up Debian from Micro-SD card. I used Debian stable (Jessie) image and afterwards I have upgraded to Debian testing (stretch) to use more recent Debian packages. Just a short info for people that don’t know about Debian. Debian has one of the best designed release methods amongst GNU/Linux distributions, and their “main” software pool contains only free software. The “main” pool is also the only software pool that I will use on this laptop. Currently there are no other suitable FSF authorised distributions that would run on this laptop, next possible ports will include the Guix system distribution and Paul Kocialkowski is working on porting the Parabola GNU/Linux-libre distribution. My goal is to use only free software on this laptop, but there are some limitations. First the BIOS needs to be replaced with Libreboot, and the integrated Wi-Fi chipset would only work with proprietary software. Therefore for this purpose I have purchased a free hardware replacement – Qualcomm Atheros external USB Wi-Fi card, that uses AR9271 chipset, which is known to operate with free software. The model of this access point card is Sophos AP 5 Rev. 1. More about the recommended steps will follow up soon …

GNU is 33 years old

heckert_gnu-small
GNU logo made by Aurelio A. Hackert – Creative Commons Attribution-ShareAlike 2.0 license

GNU is an operating system and an extensive collection of computer software. GNU is composed wholly of free software, most of which is licensed under GNU’s own GPL.

GNU is a recursive acronym for “GNU’s Not Unix!”, chosen because GNU’s design is Unix-like, but differs from Unix by being free software and containing no Unix code. The GNU project includes an operating system kernel, GNU HURD, which was the original focus of the Free Software Foundation (FSF). However, non-GNU kernels, most famously Linux, can also be used with GNU software; and since the kernel is the least mature part of GNU, this is how it is usually used. The combination of GNU software and the Linux kernel is commonly known as Linux (or less frequently GNU/Linux; see GNU/Linux naming controversy).

Development of the GNU operating system was initiated by Richard Stallman at the Massachusetts Institute of Technology (MIT) Artificial Intelligence Laboratory as a project called the GNU Project which was publicly announced on September 27, 1983, on the net.unix-wizards and net.usoft newsgroups by Richard Stallman.

More about GNU in the links below:

I will buy a Lemote Yeeloong laptop

Yeeloong2Chinese company by the name Lemote produced a few batches of FSF endorsed laptops called Lemote Yeeloong back in 2010 – 2012. First Yeeloong was the model 8089B with a 8.9″ screen, followed by 8101B with a 10.1″ screen size. These laptops are now out of sale and only obtainable on a second hand market. If you happen to know the information where these laptops would still be obtainable from or you have one available from second hand yourself and are willing to sell it, please contact me on my e-mail (or just use the comment section in the blog form). I would be interested to order one for my personal use. Regarding the shipping, I live in Slovenia, Europe. Regarding the payment we could discuss various possibilities. Thank you !

Free hardware designs

Yeeloong2In the recent years the Free Software Foundation has encouraged (computer) hardware manufacturers to start producing free (free as in freedom) hardware. Most hardware produced and sold today has proprietary design (Apple, Intel, etc.) and is therefore restricted/encrypted and hard to use with free software, requiring programmers to use reverse engineering methods and write the code to free up parts of the hardware and optimize it for the use with free software. Free Software Foundation maintains a list of the high priority reverse engineering projects. Free hardware would be optimized for the use with free user respecting GNU+Linux software and should be released under the GNU General Public License (GPL), version 3 or later. Currently there are few alternatives around free hardware designs. In 2012 the Free Software Foundation started a project with the Chinese manufacturer Jiangsu Lemote Technology Corporation Limited for the production of the Lemote Yeeloong netbook. Yeeloong’s used the early Loongson 2F, a single core MIPS3-compatible 64-bit CPU with some custom ISA extensions (not all used in software), therefore a lot of customized software still had to be written for it. For that purpose a special customized GNU+Linux distribution gNewSense has seen the light of day. Since then we have seen other alternatives to free up parts of the hardware. The project Libreboot has written replacements for the standard BIOS using reverse engineering on Lenovo Thinkpad models, such as X60, T60 and X200 which are all obtainable from the U.K. store Gluglug. Another crowd funding initiative called Purism has raised funds and started with the production of the free modern laptops. Michał Tomasz Masłowski has written about Laptops and free software in 2013. There are also Replicant, a free operating system that works as a replacement for Android based devices and libreCMC a free replacement operating system for wireless routers. There are videos (with Slovene translations) from the Libreplanet 2013 conference, where Dr. Richard Stallman talks about the free hardware designs (video part 1) (video part 2) and also explains the idea in his recent articles “Why we need free digital hardware designs” and “How to make hardware designs free“.

Related articles

International Human Rights Day reminds us about Free Software

Free_Software4The Free Software Foundation (FSF) is a nonprofit organisation with a worldwide mission to promote computer user freedom and to defend the rights of all free software users.

As our society grows more dependent on computers, the software we run is of critical importance to securing the future of a free society. Free software is about having control over the technology we use in our homes, schools and businesses, where computers work for our individual and communal benefit, not for proprietary software companies who might seek to restrict us.

The Free Software Foundation is working to secure freedom for computer users by promoting the development and use of free (as in freedom) software and documentation — particularly the GNU operating system — and by campaigning against threats to computer user freedom like Digital Restrictions Management (DRM) and software patents.

FSF has sister organisations in Europe , France , Latin America and India.

Do a good thing TODAY ! Help the FSFE reach their 2015 budget goal of €420,000 by donating until December 31.

 

 

libreCMC on TP-LINK TL-WR741ND

I was lucky that I already had TP-LINK TL-WR741ND ( version 1.8 ) previously installed with OpenWRT (libreCMC strips down OpenWRT to remove non-free software and binary blobs from the code) so that I could test out the libreCMC. At this stage the router seems to be (fully) functional with wired and wireless networking enabled. Here are the instructions how to install libreCMC on this router :

First check if your router version is compatible with libreCMC.

  • Versions supported : v1 – v2, v4.20 – 4.27
  • Version not supported : v2.1 – v3.1 + v4.0

If you still have default TP-LINK firmware, there are several methods to flash it into OpenWRT. I did use the “mtd write” procedure to get it from a functional OpenWRT to libreCMC, so I would recommend that you do that first in order to avoid mistakes. Default OpenWRT IP of the router will become 192.168.1.1 and you can telnet there without the password. Once you have a functional OpenWRT you can proceeed with “mtd flashing” over telnet.

Download the pre-built libreCMC ( version 1.2.1 ) firmware image to the wireless router

  • # cd /tmp/
  • # wget http://downloads.librecmc.org/snapshot/v1.2.1/ar71xx/librecmc-ar71xx-generic-tl-wr741nd-v1-squashfs-factory.bin

Download and compare md5sum

  • # wget http://downloads.librecmc.org/snapshot/v1.2.1/ar71xx/md5sums
  • # grep “librecmc-ar71xx-generic-tl-wr741nd-v1-squashfs-factory.bin” md5sums

If you did it right you should see the md5sum result which is 3933e76b3da872bcc0773965c9ad2e72

Check the md5sum of your image (should be identical)

  • # md5sum librecmc-ar71xx-generic-tl-wr741nd-v1-squashfs-factory.bin

Rename the image to TP-LINK compatible file

  • # cd /tmp/
  • # mv librecmc-ar71xx-generic-tl-wr741nd-v1-squashfs-factory.bin tplink.bin

Go back into the root directory

  • # cd /

Now you are ready to proceed with flashing.

  • # mtd -r write /tmp/tplink.bin firmware

When this is done, your router should automatically reboot and default into 192.168.1.1 with telnet access. You can also access it through “Luci” (GUI) with your web server on http://192.168.1.1

Happy hacking ! 🙂

 

 

 

libreCMC

libreCMC is a FSF endorsed embedded GNU/Linux distribution replacement for your wireless router which does not contain non-free software or binary blobs. The project’s goal is to provide an embedded distro that respects user freedoms and allows users to control what their hardware does. Since libreCMC is 100% free software, it allows the user to use supported platforms as a way to host their own services, like email, chat or file sharing; learn about how the device works. libreCMC is designed for users who would like to run 100% free software on their embedded device (routers) or would like to have more control over what their embedded device does. Future uses will expand to servers and HPC applications in a few years.

Currently supported (wireless) devices are :

  • TP-LINK TL-MR3010 v1
  • TP-LINK TL-WR741ND
  • TP-LINK TL-WR841ND
  • NETGEAR WNDR3800
  • XBURST BEN NANONOTE

Two-step verification from Google

Google offers Two-step verification for some time now, but I have only discovered it recently, when my Gmail account notified me with the warning :

  • State-sponsored attackers may be attempting to compromise your account

The warning doesn’t say “which” state attackers and there don’t seem to be any information or logs from break-in attempts in the account, or if this is just a Google integrated default warning for many users to enable their Two-step verification. But a Two-step verification is usefull in many ways. Let me explain you why : It gives another layer on protecting your password and doesn’t compromise your account if that password gets stolen or revealed. Here is just a basic example – many of you have probably used a public computer on some occassion to log into Gmail to read your E-mails either on a journey or while being at some public place, where you can never tell if your password was captured or not. There are different methods for capturing your password, most basic ones would be with a keylogger device or software. You can never be secure enough in a public place if your computer is protected. With Two-step verification from Google, you add another layer of protection by enabling SMS text code or voice message to your mobile phone number, which is always different and unique. Just a warning that with this method your phone number will be verified and linked to your existing Google/Gmail account ! Here is an article explaining how to make it work:

iPhone handcuffs

apple-live-2Apple has launched a new model in their iPhone line called iPhone 5S on 20th of September 2013. The newly implemented functions of 5S are:

  • Touch ID, a fingerprint recognition system built directly into the home button which can be used to unlock the phone and authenticate App Store and iTunes Store purchases, and an updated camera with a larger aperture and a dual-LED flash optimized for different color temperatures. It also introduced the 64-bit A7 processor (which Apple claimed was the first 64-bit processor to be used on a smartphone), accompanied by the M7 “motion co-processor”, a dedicated processor for processing motion data from its accelerometer and gyroscopes without requiring the attention of the main processor.

Now think twice before buying this product.

Previous models of iPhones already introduced a non-removable battery. A simple understanding of electronics will reveal you that a mobile phone software controls the phone hardware, and while iOS mobile operating system is a proprietary one, none of the users really knows how it operates. For example, you can power off your phone in the software, but you cannot remove the battery, so in theory it would mean that the phone is still under power and allows “someone” to trigger remote surveillance. Now look at the new “handcuffs” implemented with 5S. While it might sound convenient not having to type in the PIN code each time you use your phone, it can also have negative consequences. Imagine you have your iPhone 5S or whatever similar “Touch ID” device in your pocket and it has your Apple account and fingerprint lock, so obviously the hash of your fingerprint is stored. Then you play with the iPad Air in the store and it sends you a notification in your pocket giving you an offer to get 10% off if you buy an USB charger with it. And don’t forget the integrated GPS system that allows remote tracking.

So what can you do to avoid this type of tracking methods is to simply avoid using these type of devices. Or at least avoid using a smartphone that has all possible add-ons and use a “plain” mobile phone instead that can only be used for making and receiving calls. If you cannot avoid the need for a smartphone, you can use Replicant which is a fully free Android distribution and runs on several smartphone and tablet devices. You can read more about the iBad and anti-DRM campaign on Defective by Design website . Please also consider making a monetary donation to support freedom to the Replicant campaign or the Free Software Foundation.

 

 

Related articles