Skip to content

Add Google kano (Mr Chromebox) support#2133

Draft
cwiggs wants to merge 20 commits into
linuxboot:masterfrom
cwiggs:google_kano
Draft

Add Google kano (Mr Chromebox) support#2133
cwiggs wants to merge 20 commits into
linuxboot:masterfrom
cwiggs:google_kano

Conversation

@cwiggs

@cwiggs cwiggs commented Jun 24, 2026

Copy link
Copy Markdown

No description provided.

Comment thread modules/coreboot Outdated
Comment thread modules/coreboot Outdated

@tlaurion tlaurion left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

first review as I was there and saw work on this PR :)

@tlaurion

Copy link
Copy Markdown
Collaborator

I suggest you tart a thread under Matrix Heads channel. You must rebase the old PR on linuxboot/heads master, an dthen adapt coreboot config to your board. Following https://osresearch.net/Porting/ @cwiggs otherwise your experience might be really frustrating.

@cwiggs

cwiggs commented Jun 24, 2026

Copy link
Copy Markdown
Author

I suggest you tart a thread under Matrix Heads channel. You must rebase the old PR on linuxboot/heads master, an dthen adapt coreboot config to your board. Following https://osresearch.net/Porting/ @cwiggs otherwise your experience might be really frustrating.

Started a thread here: https://matrix.to/#/!eMLMv62wAMCW1V-ufL_bJ_JDngDhrpSOSEQBLzX8aTg/$eepAush4kVo93Zxqtw59P6NX9g6AG7FZFplc2Fu6tyo?via=matrix.org&via=tchncs.de&via=unredacted.org

@tlaurion

Copy link
Copy Markdown
Collaborator

@cwiggs I saw you left the room?

Comment thread boards/kano/kano.config Outdated

# Since the TPM 2.0 implementation in the CR50 is not complete
# we are disabling TPM Disk Unlock
CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y

@tlaurion tlaurion Jun 24, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that is not true anymore hypothetically; cr50 implementation should support this since #2055 was merged

Comment thread boards/kano/kano.config Outdated
@cwiggs

cwiggs commented Jun 24, 2026

Copy link
Copy Markdown
Author

@cwiggs I saw you left the room?

Looks like the Matrix homeserver decided to delete my account for some reason, I'll look into getting it reactivated.

@tlaurion

Copy link
Copy Markdown
Collaborator

@cwiggs check https://github.com/tlaurion/heads/tree/cwiggs-google_kano which now builds locally with blobs paths corrected and blobs submodules synced per mrchromebox gitsubmodules sync override in modules/coreboot

@cwiggs

cwiggs commented Jun 26, 2026

Copy link
Copy Markdown
Author

@cwiggs check https://github.com/tlaurion/heads/tree/cwiggs-google_kano which now builds locally with blobs paths corrected and blobs submodules synced per mrchromebox gitsubmodules sync override in modules/coreboot

Okay, great, should I rebase this branch off that one then?

@tlaurion

tlaurion commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator

@cwiggs check https://github.com/tlaurion/heads/tree/cwiggs-google_kano which now builds locally with blobs paths corrected and blobs submodules synced per mrchromebox gitsubmodules sync override in modules/coreboot

Okay, great, should I rebase this branch off that one then?

Absolutely. It builds from CI. I pushed progress forward since the last base (coreboot 4.22) was old and not trivial to adapt. Let me know how the testing goes. Feel free to cherry pick all commits or if you agree i can push the changes here but that would make us both co-authors of the port.

CircleCI builds at https://app.circleci.com/pipelines/github/tlaurion/heads/4040/workflows/d7699b2f-feca-423f-b0f5-187ebf94e886

@tlaurion

Copy link
Copy Markdown
Collaborator

@cwiggs check https://github.com/tlaurion/heads/tree/cwiggs-google_kano which now builds locally with blobs paths corrected and blobs submodules synced per mrchromebox gitsubmodules sync override in modules/coreboot

Okay, great, should I rebase this branch off that one then?

Absolutely. It builds from CI. I pushed progress forward since the last base (coreboot 4.22) was old and not trivial to adapt. Let me know how the testing goes. Feel free to cherry pick all commits or if you agree i can push the changes here but that would make us both co-authors of the port.

CircleCI builds at https://app.circleci.com/pipelines/github/tlaurion/heads/4040/workflows/d7699b2f-feca-423f-b0f5-187ebf94e886

https://output.circle-artifacts.com/output/job/6e1574dc-9faa-487d-8bfe-1b108383a89a/artifacts/0/build/x86/kano/heads-kano-20260626-131058-cwiggs-google_kano_-v0.2.1-3072-gb54796f.rom

@cwiggs

cwiggs commented Jun 27, 2026

Copy link
Copy Markdown
Author

@cwiggs check https://github.com/tlaurion/heads/tree/cwiggs-google_kano which now builds locally with blobs paths corrected and blobs submodules synced per mrchromebox gitsubmodules sync override in modules/coreboot

Okay, great, should I rebase this branch off that one then?

Absolutely. It builds from CI. I pushed progress forward since the last base (coreboot 4.22) was old and not trivial to adapt. Let me know how the testing goes. Feel free to cherry pick all commits or if you agree i can push the changes here but that would make us both co-authors of the port.
CircleCI builds at https://app.circleci.com/pipelines/github/tlaurion/heads/4040/workflows/d7699b2f-feca-423f-b0f5-187ebf94e886

https://output.circle-artifacts.com/output/job/6e1574dc-9faa-487d-8bfe-1b108383a89a/artifacts/0/build/x86/kano/heads-kano-20260626-131058-cwiggs-google_kano_-v0.2.1-3072-gb54796f.rom

Thanks! I got it downloaded. The suzyq cable should arrive this weekend or Monday and I'll give it a try. I also rebased off your branch here.

@tlaurion

tlaurion commented Jun 27, 2026

Copy link
Copy Markdown
Collaborator

@cwiggs check https://github.com/tlaurion/heads/tree/cwiggs-google_kano which now builds locally with blobs paths corrected and blobs submodules synced per mrchromebox gitsubmodules sync override in modules/coreboot

Okay, great, should I rebase this branch off that one then?

Absolutely. It builds from CI. I pushed progress forward since the last base (coreboot 4.22) was old and not trivial to adapt. Let me know how the testing goes. Feel free to cherry pick all commits or if you agree i can push the changes here but that would make us both co-authors of the port.
CircleCI builds at https://app.circleci.com/pipelines/github/tlaurion/heads/4040/workflows/d7699b2f-feca-423f-b0f5-187ebf94e886

https://output.circle-artifacts.com/output/job/6e1574dc-9faa-487d-8bfe-1b108383a89a/artifacts/0/build/x86/kano/heads-kano-20260626-131058-cwiggs-google_kano_-v0.2.1-3072-gb54796f.rom

Thanks! I got it downloaded. The suzyq cable should arrive this weekend or Monday and I'll give it a try. I also rebased off your branch here.

@cwiggs : This branch doesn't include all the needed changes, nor CircleCI config.
I cleaned up the commit trail in my branch at https://github.com/tlaurion/heads/tree/cwiggs-google_kano
(There is 19 commits atop origin/master there; not 9 as here)

I can push here too, if needed. Let me know.

@cwiggs

cwiggs commented Jul 4, 2026

Copy link
Copy Markdown
Author

@cwiggs check https://github.com/tlaurion/heads/tree/cwiggs-google_kano which now builds locally with blobs paths corrected and blobs submodules synced per mrchromebox gitsubmodules sync override in modules/coreboot

Okay, great, should I rebase this branch off that one then?

Absolutely. It builds from CI. I pushed progress forward since the last base (coreboot 4.22) was old and not trivial to adapt. Let me know how the testing goes. Feel free to cherry pick all commits or if you agree i can push the changes here but that would make us both co-authors of the port.
CircleCI builds at https://app.circleci.com/pipelines/github/tlaurion/heads/4040/workflows/d7699b2f-feca-423f-b0f5-187ebf94e886

https://output.circle-artifacts.com/output/job/6e1574dc-9faa-487d-8bfe-1b108383a89a/artifacts/0/build/x86/kano/heads-kano-20260626-131058-cwiggs-google_kano_-v0.2.1-3072-gb54796f.rom

Thanks! I got it downloaded. The suzyq cable should arrive this weekend or Monday and I'll give it a try. I also rebased off your branch here.

@cwiggs : This branch doesn't include all the needed changes, nor CircleCI config. I cleaned up the commit trail in my branch at https://github.com/tlaurion/heads/tree/cwiggs-google_kano (There is 19 commits atop origin/master there; not 9 as here)

I can push here too, if needed. Let me know.

I just rebased off your branch, let me know if it looks good from that point of view. Looks like I also will need to rebase off main.

As far as flashing goes: I got the Suzy-Q "cable" (It's really just a small board with a male and female usb-c, you then use your own usb-c cable). And I have some good news and some bad news (I think?). I was able to get the suzy-q cable to read the rom, but verifying the backup seems to fail.

I've been using this mrchromebox guide to get the suzy-q device working with flashrom and then this heads wiki as well. Below are some notes I put together while I was attempting the flash:

Use Suzy-Q cable for flashing

  1. Connect the USB-C end of the Suzy-Q cable to the CCD port on your ChromeOS device
    (usually left USB-C port) and the USB-A end to your Linux device
    Verify the cable is properly connected:

    • ls /dev/ttyUSB*
    • This command should return 3 items: ttyUSB0, ttyUSB1, and ttyUSB2.
    • If not, then your cable is connected to the wrong port or is upside down.
      Adjust and repeat command until output is as expected.
  2. Set the CCD state to open:

    • echo "ccd open" | sudo tee -a /dev/ttyUSB0 > /dev/null
  3. Test Connection and detect chip. raiden_debug_spi used from mrchromebox doc

    • sudo flashrom -p raiden_debug_spi
      ╚═ $ sudo flashrom -p raiden_debug_spi
      flashrom v1.6.0 on Linux 7.0.10+deb14-amd64 (x86_64)
      flashrom is free software, get the source code at https://flashrom.org
      
      FISK: (null)
      Raiden target: 0,0
      Raiden: Target SPI bridge is disabled (is WP enabled?)
      Raiden: Error configuring protocol
          protocol       = 2
          status         = 0x00005
      Error: Programmer initialization failed.
      
    • sudo flashrom -p raiden_debug_spi:target=AP casued a reboot.
       ╚═ $ sudo flashrom -p raiden_debug_spi:target=AP
      flashrom v1.6.0 on Linux 7.0.10+deb14-amd64 (x86_64)
      flashrom is free software, get the source code at https://flashrom.org
      
      FISK: AP
      Raiden target: 2,0
      Found Winbond flash chip "W25Q256JV_M" (32768 kB, SPI) on raiden_debug_spi.
      No operations were specified.
      
  4. Create backup, and verify.

    • sudo flashrom -p raiden_debug_spi:target=AP -r badflash.rom
    • hexdump -C badflash.rom | head -20
        00000000  11 00 00 9c 90 02 00 d6  00 00 00 05 ff ff ff ff  |................|
        00000010  5a a5 f0 0f 03 00 04 00  08 02 10 46 b0 01 14 00  |Z..........F....|
        00000020  00 00 00 00 ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
        00000030  f6 30 30 09 21 42 60 ad  b7 b9 c4 c7 ff ff ff ff  |.00.!B`.........|
        00000040  00 00 00 00 00 05 ff 1f  01 00 ff 04 ff 7f 00 00  |................|
        00000050  ff 7f 00 00 ff 7f 00 00  ff 7f 00 00 ff 7f 00 00  |................|
        *
        00000080  00 07 20 00 00 05 40 00  00 00 00 00 00 00 00 00  |.. ...@.........|
        00000090  00 00 00 00 00 00 00 00  ff ff ff ff ff ff ff ff  |................|
        000000a0  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
        *
        00000100  00 00 00 00 01 00 00 00  09 00 04 00 00 ce 3d 03  |..............=.|
        00000110  7f 00 38 00 00 00 00 00  10 00 00 00 02 00 20 60  |..8........... `|
        00000120  08 30 03 48 00 00 00 00  01 00 7f 0f 82 0b c0 04  |.0.H............|
        00000130  00 00 00 00 00 00 0e 00  22 42 22 42 22 22 42 22  |........"B"B""B"|
        00000140  00 00 00 00 00 00 00 00  00 00 ff 00 60 00 80 c8  |............`...|
        00000150  45 86 00 36 01 00 a6 81  20 0e 58 00 01 00 40 00  |E..6.... .X...@.|
        00000160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
        00000170  00 1c 00 00 00 00 00 00  54 b3 04 a0 30 00 00 41  |........T...0..A|
        00000180  8f 03 08 c6 00 01 00 00  00 00 00 00 00 00 00 00  |................|
      
    • sudo flashrom -p raiden_debug_spi:target=AP --verify badflash.rom
        flashrom v1.6.0 on Linux 7.0.10+deb14-amd64 (x86_64)
        flashrom is free software, get the source code at https://flashrom.org
      
        FISK: AP
        Raiden target: 2,0
        Found Winbond flash chip "W25Q256JV_M" (32768 kB, SPI) on raiden_debug_spi.
        Verifying flash... FAILED at 0x01bbeadb! Expected=0x94, Found=0xb4, failed byte count from 0x00000000-0x01ffffff: 0x3f
      
  5. Created a backup and verify it using heads wiki guide.

    • sudo flashrom -p raiden_debug_spi:target=AP --read backup.bin --chip "W25Q256JV_M"
    • sudo flashrom -p raiden_debug_spi:target=AP --verify backup.bin --chip "W25Q256JV_M"
      ╚═ $ sudo flashrom -p raiden_debug_spi:target=AP --verify backup.bin --chip "W25Q256JV_M"
      flashrom v1.6.0 on Linux 7.0.10+deb14-amd64 (x86_64)
      flashrom is free software, get the source code at https://flashrom.org
      
      FISK: AP
      Raiden target: 2,0
      Found Winbond flash chip "W25Q256JV_M" (32768 kB, SPI) on raiden_debug_spi.
      Verifying flash... FAILED at 0x01bc9254! Expected=0xb7, Found=0xb8, failed byte count from 0x00000000-0x01ffffff: 0x3e
      

Questions:

  1. When I run sudo flashrom -p raiden_debug_spi I'm getting a "Error: Programmer initialization failed" and "Target SPI bridge is disabled (is WP enabled?)". The mrchromebox guide does talk about disabling write-protection, but it seems to only be possible to do via a tool in ChromeOS (gsctool), or by disconnecting the laptops battery. Seems very likely write-protection is still on.
  2. Looks like I was able to create a backup, but then when I verify it I get: "Verifying flash... FAILED at 0x01bc9254! Expected=0xb7, Found=0xb8, failed byte count from 0x00000000-0x01ffffff: 0x3e" Why is it not working?

Anyway I think next steps are to disconnect the battery and try these flashrom commands again. I don't want to proceed until the verify step works without error.

@cwiggs

cwiggs commented Jul 4, 2026

Copy link
Copy Markdown
Author

Well I disconnected the battery and am getting the same response from flashrom. Should I just continue with flashing heads?

Here are my notes:

  1. Disconnect Battery to disable write-protection.
  • Remove The 9 screws.
image * Use a smudger to take the back cover off. * Disconnect battery cable. image
  • Put laptop back together.
  1. Disable write-protection. mrchromebox guide
  • Plug laptop into power.
  • Plug in suzy-q cable.
  • echo "wp false" > /dev/ttyUSB0
  • echo "wp false atboot" > /dev/ttyUSB0
  • echo "ccd reset factory" > /dev/ttyUSB0
  1. Tried the same flashrom commands to backup and verify above and got the same result of "Error: Programmer initialization failed" and "Verifying flash... FAILED at 0x0003e1c0! Expected=0x28, Found=0x68, failed byte count from 0x00000000-0x01ffffff: 0xe99" when verifying.

mdrobnak and others added 7 commits July 4, 2026 18:22
Signed-off-by: Matthew Drobnak <matthew@drobnak.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Matthew Drobnak <matthew@drobnak.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Chris Wiggins <chris@cwiggs.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…t/linux helpers to modify and save in oldconfig

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…-musl-compat.patch: fix build error against musl

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…place to put in defconfig to remove irrelevant omnigul things

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
tlaurion and others added 13 commits July 4, 2026 18:22
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…onfig_in_place to put in oldconfig

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
The MrChromebox blobs repository nests IFD and ME blobs under
baseboard/variant subdirectories and uses flashdescriptor.bin
instead of descriptor.bin.  Update CONFIG_IFD_BIN_PATH and
CONFIG_ME_BIN_PATH to match the actual file locations.

- Add CONFIG_BASEBOARD_DIR/CONFIG_VARIANT_DIR directory nesting
- Rename descriptor.bin -> flashdescriptor.bin

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
The MrChromebox coreboot fork sets update=none in .gitmodules for
3rdparty/blobs, which causes git submodule update to skip populating
the working tree.  Coreboot's own Makefile.mk tries to init the
submodule but update=none blocks it silently.

Add a .blobs-init target for mrchromebox boards that overrides the
local config and runs git reset --hard in the submodule to force
the checkout.  The commit is pinned by the coreboot fork's tree
entry for 3rdparty/blobs.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Add kano as the first x86_coreboot seed for the MrChromebox coreboot
fork (coreboot-mrchromebox).  Future Chromebook boards using the same
fork can be added as downstream build jobs.

Update the seed list comment in the x86_coreboot job definition and
document the new seed in doc/circleci.md.

Closes #XXX

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Backported from:
  patches/coreboot-25.09/0003-soc-intel-lockdown-Allow-locking-down-SPI-and-LPC-in.patch
  (gerrit 85278, adapted for MrChromebox 26.03)

Config generated via:
  make BOARD=kano coreboot.save_in_oldconfig_format_in_place

Board config:
- CONFIG_IO386=y (for SMI-based PR0 lockdown before kexec)
- CONFIG_FINALIZE_PLATFORM_LOCKING=y

Coreboot config:
- BOOTMEDIA_LOCK_NONE -> BOOTMEDIA_LOCK_CONTROLLER + WHOLE_RO
- SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM=y

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Update with frequency counts from all config/coreboot-*.config_defconfig
files.  Add Chromebook defconfig section and Heads-common options section.
Remove kano-specific references.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Replace Make variable references ($(MAINBOARDDIR), $(CONFIG_BASEBOARD_DIR),
$(CONFIG_VARIANT_DIR)) with fixed paths to avoid shell expansion conflicts
in validation scripts.

Resolved paths:
  3rdparty/blobs/mainboard/google/brya/brya/kano/flashdescriptor.bin
  3rdparty/blobs/mainboard/google/brya/brya/kano/me.bin

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
- Expand CBFS from 0xBE0000 (12160 KiB) to 0x1000000 (16384 KiB)
  to utilize available IFD BIOS region space while respecting the
  Intel 16 MiB SPI decode window limit
- Fix hex comparison bug in validate_cbfs_ifd_fit.sh that bypassed
  the 16 MiB cap (POSIX test doesn't handle 0x prefix)
- Expand blob paths from Make variable references to real paths
  so validation scripts can resolve IFD_BIN_PATH

Config regenerated via:
  make BOARD=kano coreboot.save_in_oldconfig_format_in_place
  make BOARD=kano coreboot.save_in_defconfig_format_backup

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…omebox fork

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…-musl-compat.patch: place include at same position as working coreboot-25.09 fix

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Clone with full history so git describe --tags can find version tags
for artifact filenames.  Repair shallow clones with:
  git fetch --unshallow origin
  git fetch --tags origin

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Chris Wiggins <chris@cwiggs.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants