*

Quick hack: Removing the Chromebook Write-Protect screw

Posted on 08/03/2017 by Robert Foss

Before being able to write firmware data to any production Chromebook device, the Write-Protect screw has to be removed.

This post will look specifically at removing the WP screw from a Chell (HP Chromebook 13 G1) device, and verifying that it has been successfully removed.

To actually flash firmware to Chromebook machines, a device called a Servo is needed. While these devices aren't available publicly, they can be produced freely or possibly requested from Google if you are contributing code to the ChromiumOS project.

Removing the Write-Protect screw

WP screw on Chell Chromebook

So this is what the WP screw looks like on a Chell Chromebook. This may or may not be what you will find in other devices. But if you take a close look, you will notice that the copper pad that the the screw attaches against is split into parts that are bridged by a screw being inserted.

Disable Write-Protect

So this is the part that requires a Servo device. And a ChromiumOS checkout, for some help setting one up, have a look at my previous post.

# Go to your ChromiumOS checkout
cd /opt/chromiumos

# Enter dev environment
cros_sdk

# Set device variable
export BOARD=chell

# Connect to Chromebook using a Servo device
sudo servod -b $BOARD &

# Disable WP
# This step may vary depending on the hardware of your actual Chromebook
dut-control fw_wp:off
sudo /usr/sbin/flashrom -p ft2232_spi:type=servo-v2 --wp-disable
sudo /usr/sbin/flashrom -p ec --wp-disable

 

References

ChromiumOS Servo
Setting up a ChromiumOS dev environment

 

Thanks!

This post has been a part of work undertaken by my employer Collabora.

 

Original post

Comments (3)

  1. Michael A Hall:
    Jan 15, 2018 at 09:33 PM

    Can you replace the screw after flashing?

    Reply to this comment

    Reply to this comment

    1. Robert Foss:
      Jan 16, 2018 at 03:16 PM

      Hi Michael,

      Yes you can! As far as my experience has been, the screw only protects against writes.
      If there write have already happened, you're good.


      Rob.

      Reply to this comment

      Reply to this comment

  2. Conundrum:
    Feb 14, 2018 at 09:28 AM

    Hi, yes this is by design to prevent malware messing with the unit.
    Unfortunately it also makes repairs harder, if the uEFI gets corrupted the unit is bricked until opened, screw removed and re-flashed.
    I did look into using a "magic" SD card as a workaround, as some netbooks can be jigged using a BIOS update that enables the missing function, essentially it stores the boot sector in high memory > 2MB and provides a "boot SD" option.

    Reply to this comment

    Reply to this comment


Add a Comment





Allowed tags: <b><i><br>Add a new comment:


Latest Blog Posts

FOSDEM - Links to recorded presentations (videos)

21/02/2018

From an introduction to Flatpak, to managing build infrastructure of a Debian derivative, to modern tools to debug GStreamer, Collaborans…

SRT, typical examples

20/02/2018

Released earlier this month, the latest version of VLC, the free & open source multimedia player (which also uses the GStreamer framework)…

SRT in GStreamer

16/02/2018

Transmitting low delay, high quality video over the Internet is hard. The trade-off is normally between video quality and transmission delay…

LVEE Winter Edition 2018

13/02/2018

Following a great weekend in Brussels for FOSDEM, Collaborans headed east to Belarus to attend & speak at the winter session of the international…

Virtualizing GPU Access

12/02/2018

For the past few years a clear trend of containerization of applications and services has emerged. Having processes containerized is beneficial…

Kernelci.org automated bisection

16/01/2018

The kernelci.org project aims at continuously testing the mainline Linux kernel, from stable branches to linux-next on a variety of platforms.…

Open Since 2005

We use cookies on this website to ensure that you get the best experience. By continuing to use this website you are consenting to the use of these cookies. To find out more please follow this link.

Collabora Ltd © 2005-2018. All rights reserved. Website sitemap.