Production Chrome OS devices that are shipped from the factory are locked down and will not let you make changes to the software. This page describes how to enable developer mode and get root access to your system.
Modern Chrome OS devices can be put into developer mode by pressing specific keys while Chrome OS is booting:
Caution: Modifications you make to the system are not supported by Google, may cause hardware, software or security issues and may void warranty.
NOTE: Putting your device into developer mode inherently makes it a little less secure. Specifically, it makes the “verified boot” that's built-in to your hardware a little bit more lax, allowing your hardware to run custom (non-Google-signed) images. It also gives you access to a “root” shell.
You can tell that you're in Developer Mode if you see one of these screens when you turn the device on:
To restore your device to Normal Mode (i.e., disable Developer Mode), reboot your device and perform the following action:
Spacebarat the firmware screen.
Volume-Downkeys to select the
Enable OS Verificationoption. Press the
Powerbutton to confirm.
NOTE: If you‘ve made changes to the rootfs filesystem while in developer mode, you may have to use the recovery process to restore your device to its factory condition. However, as long as you don’t crack open the case, you shouldn‘t be able to do anything that can’t be undone by recovery (software).
If you‘re a Linux hacker, you probably know that Google Chrome OS is built on top of Linux and you’re wondering how you can jailbreak your device so you can get to a command prompt. It turns out: there's no need. The command prompt is built in to your device!
NOTE: Before following these instructions, remember to put your device into Developer Mode.
One way to get the login prompt is through something called
VT-2, or “virtual terminal 2”. If you're a Linux user, this is probably familiar. You can get to
VT-2 by pressing:
[ Ctrl ] [ Alt ] [ → ]
[ → ] key is the right-arrow key just above the number
3 on your keyboard.
Once you have the login prompt, you should see a set of instructions telling you about command-line access. By default, you can login as the
chronos user with no password. This includes the ability to do password-less
sudo. The instructions on the screen will tell you how you can set a password. They also tell you how to disable screen dimming.
In order to get back to the browser press:
[ Ctrl ] [ Alt ] [ ← ]
[ ← ] key is the left-arrow key just above the number
1 on your keyboard.
NOTE: The top-rows of the keyboard on a Chrome OS device are actually treated by Linux as the keys
F10. Thus, the
[ → ] key is actually
F2 and the
[ ← ] key is actually
NOTE: Kernel messages show up on
An alternate way to get to a terminal prompt is to use [
[ Ctrl ] [ Alt ] [ T ]to get the [
If you want to get back to the browser without killing the shell, you can use
[ Alt ] [ Tab ].
NOTE: You can create as many shells as you want with
[ Ctrl ] [ Alt ] [ T ] again and another shell will be opened. You can
[ Alt ] [ Tab ] between them.
The Chromium OS rootfs is mounted read-only. In developer mode you can disable the rootfs verification, enabling it to be modified.
NOTE: If you mount the root filesystem in writeable mode, even if you make no changes, it will no longer be verifiable and you'll have to use a recovery image to restore your system when you switch back to normal mode. Auto updates may also fail until a full payload is downloaded.
To make your rootfs writable, run the following command from a shell on the device:
(dut) $ sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification
Then reboot. Your rootfs will be mounted read/write.
/etc/chrome_dev.conf (read the comments in the file for more details).
Restart the UI with:
(dut) $ sudo restart ui
Starting in 2019 some Chromebooks support selecting different firmware at the developer screen. Press a number to choose the firmware.
Available options are:
This firmware is stored in the RW_LEGACY section of the SPI flash, which is a read-write section; you can update it if you like. See the
chromeos-bootimage ebuild for the
altfw feature and how this CBFS region is populated.