TLDR We will remove WP Screw, read and backup a rom image of flash chip "GD25Q32 on board chromebase mini veyron-tiger variant using an EC programmer via flashrom, use vpd to 0 out the devices serial number and a few other modifications to the rom, and write new rom image via flashrom for successfull bypass of enterprise enrollment.
WP Screw is in center of main board, to right of rk3288 chip. Unscrew for successfull flashing.
HOWEVER, IT WOULD BEHOOVE YOU TO:
Unscrew all screws from main board when flashing, disconnect everything, considering even the daughter board (3 USB 2.0 port gpio expansion header). For the sake of not shorting out or pulling up resistors on hardware switches we D/C/ everything from main board.
I used a chromebook in devmode (your linux box can work, and almost any dev machine will work with vpd and flashrom commands and physical programmer if directly flashing GigaDevice flash chip "GD25Q32 on board chromebase mini veyron-tiger variant,
If flashing from host other than a chromeos OS (ie, darwin, ubuntu or mint, pc/mac or whatever, see mr chromebox unbricking below with sources to get your flashrom and vpd software built for proper google crosstools
Googles chromeos version of flashrom help states:
-p | --programmer <name>[:<param>] specify the programmer device. One of
internal, dummy, raiden_debug_spi, atavia, it8212, ft2232_spi, serprog,
buspirate_spi, developerbox, pony_spi, nicintel_eeprom, linux_mtd,
linux_spi, lspcon_i2c_spi, realtek_mst_i2c_spi, usbblaster_spi, pickit2_spi,
ch341a_spi, digilent_spi, stlinkv3_spi, ec, host.
See troubleshooting below for original instructions from sodface; Otherwise with your programmer connected to host and chip soic8 chip clip properly connected to the
Read the flash contents off to a file:
# flashrom -p ch341a_spi -r chromebase.orig.bin
The above command will take a minute or so to complete, the yellow run light will come on steady and the command should finish with SUCCESS
You should now see a 4.0M chromebase.orig.bin file:
# ls -alh
Copy the file to chromebase.new.bin so we can edit the new one and leave the original alone:
# cp chromebase.orig.bin chromebase.new.bin
Use the vpd utility to list the values in the file:
# vpd -l -i "RO_VPD" -f chromebase.new.bin
We'll leave the following values alone:
customization_id
ethernet_mac0
region
rlz_brand_code
We'll change "serial_number" to all zeroes
We'll delete the following keys completely:
"mlb_serial_number"
"stable_device_secret_DO_NOT_SHARE"
# vpd -f chromebase.new.bin -i "RO_VPD" -s "serial_number"="00000000000000000000000"
# vpd -f chromebase.new.bin -i "RO_VPD" -d "stable_device_secret_DO_NOT_SHARE"
# vpd -f chromebase.new.bin -i "RO_VPD" -d "mlb_serial_number"
Now take a look at the RW VPD values:
# vpd -l -i "RW_VPD" -f chromebase.new.bin
I'm less sure about when/if to change these. At this point, I _think_ you could write the new flash back,
restore a stock chromeos from a recovery USB, and go through registration with your google account, the enterprise enrollment
block should be fixed now with zeroing out the serial number. The you'll just need to pick up over at the Alpine wiki I made to go to dev
mode, enable USB boot, install Alpine etc. Or stay with Chromeos if you want (though not sure how you'd use it with LMS)
I can tell you that I _think_ it doesn't hurt to change a couple of more settings and may actually help you avoid having to restore the stock
chromeos and go through the registration steps / dev mode stuff at all but I don't really have a good way to easily test since mine are done already,
and I went through the long way on those.
My RW_VPD settings of interest are set to:
"block_devmode"="0"
"check_enrollment"="0"
Yours are probably set to "1"? Change yours to match with:
# vpd -f chromebase.new.bin -i "RW_VPD" -s "check_enrollment"="0"
# vpd -f chromebase.new.bin -i "RW_VPD" -s "block_devmode"="0"
Write the new flash file back to the chromebase:
# flashrom -p ch341a_spi -w chromebase.new.bin
Same as the read step, this will take a minute or so and the Run light will be on steady, the command should indicate SUCCESS
At this point, you can uplug the USB programmer, disconnect the chip clip, and pickup with the steps of restoring a recovery image, registration and enabling dev mode and usb boot.
localhost /home/chronos/u-6e7a9efdb382eb8208a7afd5d22c899ad1423f7c/Downloads/temp # cp chromebase.orig.bin chromebase.new.bin
localhost /home/chronos/u-6e7a9efdb382eb8208a7afd5d22c899ad1423f7c/Downloads/temp # vpd -l -i "RO_VPD" -f chromebase.new.bin
"customization_id"="AOPEN-TIGER"
"ethernet_mac0"="(My MAC)"
"region"="us"
"rlz_brand_code"="AOPD"
"serial_number"="(My Serial)"
"mlb_serial_number"="(My Serial)"
"stable_device_secret_DO_NOT_SHARE"="0508627d320d645e71ac09c85f98efd01040fc90d4d8237b931fc4398b025f05"
localhost /home/chronos/u-6e7a9efdb382eb8208a7afd5d22c899ad1423f7c/Downloads/temp # vpd -f chromebase.new.bin -i "RO_VPD" -s "serial_number"="00000000000000000000000"
localhost /home/chronos/u-6e7a9efdb382eb8208a7afd5d22c899ad1423f7c/Downloads/temp # vpd -f chromebase.new.bin -i "RO_VPD" -d "stable_device_secret_DO_NOT_SHARE"
localhost /home/chronos/u-6e7a9efdb382eb8208a7afd5d22c899ad1423f7c/Downloads/temp # vpd -f chromebase.new.bin -i "RO_VPD" -d "mlb_serial_number"
localhost /home/chronos/u-6e7a9efdb382eb8208a7afd5d22c899ad1423f7c/Downloads/temp # vpd -f chromebase.new.bin -i "RW_VPD" -s "check_enrollment"="0"
localhost /home/chronos/u-6e7a9efdb382eb8208a7afd5d22c899ad1423f7c/Downloads/temp # vpd -f chromebase.new.bin -i "RW_VPD" -s "block_devmode"="0"
localhost /home/chronos/u-6e7a9efdb382eb8208a7afd5d22c899ad1423f7c/Downloads/temp # flashrom -p buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M -w chromebase.new.bin
flashrom 997da582-dirty on Linux 4.19.190-11780-g9abe9eac8155 (aarch64)
flashrom is free software, get the source code at https://flashrom.org
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Found GigaDevice flash chip "GD25Q32(B)" (4096 kB, SPI) on buspirate_spi.
Reading old flash chip contents... done.
Erasing and writing flash chip... Verifying flash... VERIFIED.
SUCCESS
localhost /home/chronos/u-6e7a9efdb382eb8208a7afd5d22c899ad1423f7c/Downloads/temp #
This step was necessary for me to remove forced enterprise enrollment:
chromebase-mini rk3288-c rk3288 veyron for alpine https://wiki.alpinelinux.org/wiki/Alpine_on_the_Aopen_Chromebase_or_Chromebox_Mini_with_Mainline_Kernel
Themistocles, I haven't read your whole post yet, I'm sitting here with a chromebase mini opened up on the bench and I'm halfway through writing up the procedure using Alpine booted from USB (or CD), so far so good. Will update in a few minutes.
Here's the first bit I have that covers booting and getting utilities ready, formatting is rough but:
Boot Alpine 3.14 extended .iso from USB Login as root with no password
setup-interfaces
Answer the questions - in my case I used my wlan0 interface restart networking with:
# rc-service networking restart
You should get an IP address and be able to ping www.google.com add the main alpine repo:
# echo "http://dl-cdn.alpinelinux.org/alpine/latest-stable/main" >> /etc/apk/repositories
add my repository:
# echo "http://www.sodface.com/repo" >> /etc/apk/repositories
download and extract my public key:
# wget http://www.sodface.com/repo/sodface-pub-key.tar.gz
extract to /etc/apk/keys:
# tar xzvf sodface-pub-key.tar.gz -C /etc/apk/keys
run apk update and you should see the main and my sodface repo in the output and not see any errors
# apk update
Now add my packages for flashrom and vpd:
# apk add flashrom-chromium vpd
You should now have the flashrom and vpd commands available, check:
# flashrom --help
# vpd --help
If you run flashrom now, prior to plugging in the ch341a you'll note an error saying "Programmer initialization failed"
# flashrom -p ch341a_spi
Plug in the ch341a usb programmer which should then have a solid red light
Run dmesg | tail and check the last output and you should reference to ch341
# dmesg | tail
Run flashrom again and the error above should be gone and it will just say No EEPROM/flash device found
Unplug the ch341a again and connect the chip clip to chromebase mini, red lead matched to the dimple on the chip
Plug back in the ch341a and run flashrom again and now you should see that it's found a GigaDevice flash chip
# flashrom -p ch341a_spi
Read the flash contents off to a file:
#
https://wiki.mrchromebox.tech/Unbricking