A weirdo from Turkey who likes to learn things thoroughly and to do things "the right way". Got an arm64 chromebook for the prospect of it being the next mostly-blob-free Linux-friendly laptop, and trying to make it so for the last few years. In pursuit of doing it "the right way", ended up being an occasional contributor to Debian and a few other software projects (even became a U-Boot maintainer recently); but still has a lot of work to do on that front.
Accepted Talks:
Solving "How Can I Run Debian on My Chromebook?" For Good
Chromebooks are purpose-built computers that run Chrome OS, Google’s Linux-based operating system. Although they are locked-down by default, there’s a convenient ‘Developer Mode’ that fully unlocks them and lets owners run other OSes like Debian. Google publishes most of the software on them as FOSS, including the boot firmware (based on coreboot) and even the embedded controller, which makes them interesting computers to work on from a free-software standpoint.
However, the Chrome OS firmware does not support ordinary boot methods like UEFI, but instead implements a custom verified boot flow due to their focus on security and speed. As a result, the usual strategy of writing Debian Installer to a USB drive and booting from it does not always work (for example on ARM chromebooks). There are a lot of guides on how to manually install Debian and shape it into a format this verified boot mechanism accepts, but even then some steps have to be repeated after every kernel and initramfs update.
I got annoyed by the current situation, decided to automate it all, generalize it to all chromebooks and integrate it with Debian such that everything “just works” to the point where we actually can write Debian Installer to a USB drive, go through it and get a working system that will handle the Chrome OS firmware automatically. Along the way, I also discovered ways to run U-Boot from my chromebook’s firmware, and ultimately managed to replace it entirely with U-Boot.
In this talk I’ll try to explain the things I had to learn and do, to the best of my abilities. Ideally, including these topics to some extent:
- Details on the Chrome OS verified boot mechanism
- Making it chainload into a secondary bootloader like U-Boot
- Making it boot a Debian kernel, initramfs, device-tree etc.
- Supporting A/B updates and rollbacks like Chrome OS does
- Automating everything necessary to manage the verified boot firmware
- Integration with kernel and initramfs-tools upgrade hooks
- Debian Installer (partman) integration for special Chrome OS partitions
- Adding a new Debian Installer step to setup things for verified boot
- How to make Debian kernel/initramfs/installer support new hardware
- Getting U-Boot to support my rk3399-gru-kevin chromebook