Starting Point

As mentioned in my new year's plan a motivation for my current project is having an End-of-life (EOL) Chromebook and wanting to bring it up to date.

The Hardware

Acer C720, as pulled from the helpful Developer Information for Chrome OS Devices

Field Data
Release September 12, 2013
OEM Acer
Model Acer C720/C70P/C740 Chromebook
Code name Peppy & Pepto
Board name(s) peppy
Base board slippy
User ABI x86_64
Kernel 3.8
Kernel ABI x86_64
Platform Haswell
Form Factor Chromebook
First Release R30
EOL/AUE R76
USB Gadget No
Closed Case Debugging No

Prior to power washing the device it showed:

  • Version: 76.0.3809.136 (Official Build) (64-bit)
  • Platform: 12239.92.0 (Official Build)
  • Channel: stable-channel peppy
  • Firmware: Google_Peppy.4389.117.0
  • Build Date: Tuesday, August 27, 2019
  • Kernel: Linux localhost 3.8.11 #1 SMP Tue Aug 27 16:53:30 PDT 2019 x86_64 Intel(R) Celeron(R) 2955U @ 1.40GHz GenuineIntel GNU/Linux

About Chrome OS Detailed Build Information

Firmware Aside

Interestingly while power washing I was provided an option to “Update firmware for added security”:

Reset Chrome Device Update Chromebook Security

Even more interesting was this did not result in a higher firmware version. After the power wash and logging in as a guest it still reports Google_Peppy.4389.117.0. To cap it all off a second power wash did not prompt for a firmware update???

While looking for more information on this I found the Trusted Platform Module firmware vulnerability: technical documentation (fortunately my machine was properly patched. Helpfully though this referenced chrome://system as a place to get detailed firmware information. It has a ton of great information.

For example the ec_info:

vendor               | ti
name                 | Unknown-10de
fw_version           | peppy_v1.5.133-9078375

This refers to the embedded controller, which how cool is it that all this information is publicly available.

Similarly the tpm_version:

tpm_family 312e3200
spec_level 0000000200000003
vendor 49465800
tpm_model ffffffff
firmware_version 0000000000000422
vendor_specific 042203f20274706d3338ffffff
version_fingerprint 487001745 1d070e91

Note version 0000000000000422 - 4.34 is fixed. Yay.

As a final note the dmesg output had a few interesting lines. The first of which is perhaps the aforementioned firmware update (though oddly it seem to get applied every boot)?

[   12.150597] hda-intel 0000:00:1b.0: Applying patch firmware 'peppy_alsa.fw'

The other of which, is probably an interesting rabbit hole:

[    0.097482] chromeos: tpm attack callbacks: -19

Some quick references are probably Issue 473051: Unexpected error is seen while recovering on peppy and falco and the linked commit. As well as the remark

CHROMIUM: ignore errors when registering tpm attack callbacks.

This feature is only used on some platforms and only for logging purposes, so it is safe to let it not work.

Enough on the firmware rabbit hole, but one final tidbit I found interesting is that even to get to guest mode seemed to required network connectivity and accepting some Terms of Service. A quick search did not immediately reveal a way around this. If would be interesting to log this connection and see what, if any, traffic is actually sent.

On to Developer Mode

Consulting the Debug Button Shortcuts has all kinds of interesting key combinations. The specific one we want is Recovery Mode (Esc + Refresh and press Power) then Developer Mode (Ctrl + D).

It really is that easy.

Meta

I have power washed chromebooks and worked in developer mode a number of times previously, but this all goes to show that you can always dig deeper and learn more, even doing tasks that seem straight forward.

Next

I've actually gone ahead and build a chromiumos image, but I'm going to leave describing that (and testing it to another session).