Create a gist now

Instantly share code, notes, and snippets.

Script to create Ubuntu kernel packages for an Acer C7 Chromebook running ChrUbuntu
#!/bin/bash
set -x
#
# Grab verified boot utilities from ChromeOS.
#
mkdir -p /usr/share/vboot
mount -o ro /dev/sda3 /mnt
cp /mnt/usr/bin/vbutil_* /usr/bin
cp /mnt/usr/bin/dump_kernel_config /usr/bin
rsync -avz /mnt/usr/share/vboot/ /usr/share/vboot/
umount /mnt
#
# On the Acer C7, ChromeOS is 32-bit, so the verified boot binaries need a
# few 32-bit shared libraries to run under ChrUbuntu, which is 64-bit.
#
apt-get install libc6:i386 libssl1.0.0:i386
#
# Fetch ChromeOS kernel sources from the Git repo.
#
apt-get install git-core
cd /usr/src
git clone https://git.chromium.org/git/chromiumos/third_party/kernel.git
cd kernel
git checkout origin/chromeos-3.4
#
# Configure the kernel
#
# First we patch ``base.config`` to set ``CONFIG_SECURITY_CHROMIUMOS``
# to ``n`` ...
cp ./chromeos/config/base.config ./chromeos/config/base.config.orig
sed -e \
's/CONFIG_SECURITY_CHROMIUMOS=y/CONFIG_SECURITY_CHROMIUMOS=n/' \
./chromeos/config/base.config.orig > ./chromeos/config/base.config
./chromeos/scripts/prepareconfig chromeos-intel-pineview
#
# ... and then we proceed as per Olaf's instructions
#
yes "" | make oldconfig
#
# Build the Ubuntu kernel packages
#
apt-get install kernel-package
make-kpkg kernel_image kernel_headers
#
# Backup current kernel and kernel modules
#
tstamp=$(date +%Y-%m-%d-%H%M)
dd if=/dev/sda6 of=/kernel-backup-$tstamp
cp -Rp /lib/modules/3.4.0 /lib/modules/3.4.0-backup-$tstamp
#
# Install kernel image and modules from the Ubuntu kernel packages we
# just created.
#
dpkg -i /usr/src/linux-*.deb
#
# Extract old kernel config
#
vbutil_kernel --verify /dev/sda6 --verbose | tail -1 > /config-$tstamp-orig.txt
#
# Add ``disablevmx=off`` to the command line, so that VMX is enabled (for VirtualBox & Co)
#
sed -e 's/$/ disablevmx=off/' \
/config-$tstamp-orig.txt > /config-$tstamp.txt
#
# Wrap the new kernel with the verified block and with the new config.
#
vbutil_kernel --pack /newkernel \
--keyblock /usr/share/vboot/devkeys/kernel.keyblock \
--version 1 \
--signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk \
--config=/config-$tstamp.txt \
--vmlinuz /boot/vmlinuz-3.4.0 \
--arch x86_64
#
# Make sure the new kernel verifies OK.
#
vbutil_kernel --verify /newkernel
#
# Copy the new kernel to the KERN-C partition.
#
dd if=/newkernel of=/dev/sda6
@MonicaNetworks

I updated the scipt for kernel 3.8 running on Acer C7 Chrubuntu 13.04

!/bin/bash

set -x

Grab verified boot utilities from ChromeOS.

mkdir -p /usr/share/vboot
mount -o ro /dev/sda3 /mnt
cp /mnt/usr/bin/vbutil_* /usr/bin
cp /mnt/usr/bin/dump_kernel_config /usr/bin
rsync -avz /mnt/usr/share/vboot/ /usr/share/vboot/
umount /mnt

On the Acer C7, ChromeOS is 32-bit, so the verified boot binaries need a

few 32-bit shared libraries to run under ChrUbuntu, which is 64-bit.

apt-get install libc6:i386 libssl1.0.0:i386

Fetch ChromeOS kernel sources from the Git repo.

apt-get install git-core
cd /usr/src
git clone https://git.chromium.org/git/chromiumos/third_party/kernel-next.git
cd kernel-next
git checkout origin/chromeos-3.8

Configure the kernel

First we patch base.config to set CONFIG_SECURITY_CHROMIUMOS

to n ...

cp ./chromeos/config/base.config ./chromeos/config/base.config.orig
sed -e
's/CONFIG_SECURITY_CHROMIUMOS=y/CONFIG_SECURITY_CHROMIUMOS=n/'
./chromeos/config/base.config.orig > ./chromeos/config/base.config
./chromeos/scripts/prepareconfig chromeos-intel-pineview

... and then we proceed as per Olaf's instructions

yes "" | make oldconfig

Build the Ubuntu kernel packages

apt-get install kernel-package
make-kpkg kernel_image kernel_headers

Backup current kernel and kernel modules

tstamp=$(date +%Y-%m-%d-%H%M)
dd if=/dev/sda6 of=/kernel-backup-$tstamp
cp -Rp /lib/modules/3.4.0 /lib/modules/3.4.0-backup-$tstamp

Install kernel image and modules from the Ubuntu kernel packages we

just created.

dpkg -i /usr/src/linux-*.deb

Extract old kernel config

vbutil_kernel --verify /dev/sda6 --verbose | tail -1 > /config-$tstamp-orig.txt

Add disablevmx=off to the command line, so that VMX is enabled (for VirtualBox & Co)

sed -e 's/$/ disablevmx=off/'
/config-$tstamp-orig.txt > /config-$tstamp.txt

Wrap the new kernel with the verified block and with the new config.

vbutil_kernel --pack /newkernel
--keyblock /usr/share/vboot/devkeys/kernel.keyblock
--version 1
--signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk
--config=/config-$tstamp.txt
--vmlinuz /boot/vmlinuz-3.8.0
--arch x86_64

Make sure the new kernel verifies OK.

vbutil_kernel --verify /newkernel

Copy the new kernel to the KERN-C partition.

dd if=/newkernel of=/dev/sda6

@drejohnson

When I run this script I get these errors. Any suggestions?

 + dpkg -i '/usr/src/linux-*.deb'
 dpkg: error processing /usr/src/linux-*.deb (--install):
 cannot access archive: No such file or directory
 Errors were encountered while processing:
 /usr/src/linux-*.deb
 + tail -1
 + vbutil_kernel --verify /dev/sda6 --verbose
 futility failed to exec /usr/bin/old_bins/vbutil_kernel: No such file or directory
 + sed -e 's/$/ disablevmx=off/' /config-2013-06-04-1433-orig.txt
 + vbutil_kernel --pack /newkernel --keyblock /usr/share/vboot/devkeys/kernel.keyblock --version 1 --signprivate          /usr/share/vboot/devkeys/kernel_data_key.vbprivk --config=/config-2013-06-04-1433.txt --vmlinuz /boot/vmlinuz-3.4.0 --arch x86_64
 futility failed to exec /usr/bin/old_bins/vbutil_kernel: No such file or directory
 + vbutil_kernel --verify /newkernel
 futility failed to exec /usr/bin/old_bins/vbutil_kernel: No such file or directory
 + dd if=/newkernel of=/dev/sda6
 dd: opening ‘/newkernel’: No such file or directory
@parkerlreed

There is an error towards the very end.

vbutil_kernel --pack /newkernel
--keyblock /usr/share/vboot/devkeys/kernel.keyblock
--version 1
--signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk
--config=/config-$tstamp.txt
--vmlinuz /boot/vmlinuz-3.8.0
--arch x86_64

--vmlinuz /boot/vmlinuz-3.8.0 \ should be --vmlinuz /boot/vmlinuz-3.8.11 \

@rpasta42

Why clone the who repo?

git clone --depth 1 -b chromeos-3.4 https://git.chromium.org/git/chromiumos/third_party/kernel.git

@gdm85
gdm85 commented May 29, 2015

vbutil_kernel of the Chromebook version I am using (3.10.18) requires a --bootloader option, however official documentation is not clear about what to give to this parameter. Any tip?

@bgiacone12

echo blah > dummy.txt

vbutil_kernel --pack kernelpart.bin
--keyblock /usr/share/vboot/devkeys/kernel.keyblock
--signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk
--version 1
--vmlinuz ${MY_BINARY}
--bootloader dummy.txt
--config dummy.txt
--arch arm

KPART=$(pwd)/kernelpart.bin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment