|author||Cheng-Han Yang <firstname.lastname@example.org>||Mon Jan 14 07:22:10 2019|
|committer||chrome-bot <email@example.com>||Wed Jan 16 13:25:50 2019|
factory_install: Update README. Add descriptions about install shim menu and default actions. BUG=chromium:907384 TEST=None CQ-DEPEND=CL:1408679 Change-Id: Id058dfd2b2f3f137b817e2b0ad9f976589d5db53 Reviewed-on: https://chromium-review.googlesource.com/1408678 Commit-Ready: Cheng-Han Yang <firstname.lastname@example.org> Tested-by: Cheng-Han Yang <email@example.com> Reviewed-by: Yong Hong <firstname.lastname@example.org> Reviewed-by: Wei-Han Chen <email@example.com>
This folder contains the major scripts for the “Chrome OS factory shim”. The shim is used for installing a Chrome OS image (kernel, rootfs and firmware) to a device. It's also known as “(factory) install shim”, “RMA shim”, or “Reset shim”.
The factory shim is designed to allow operators removing USB stick once it's booted, so the boot process is slightly different. The shim relies on
initramfs technology to bootstrap and load all contents into memory, then start an upstart service to display the menu.
Inside chroot, do:
build_packages --board $BOARD build_image --board $BOARD factory_install
The output disk image is in
If you have local changes in
src/platform/factory_installer, please remember to do
cros_workon --board $BOARD start factory_installer emerge-$BOARD factory_installer
If you have local changes in
src/platform/initramfs, please remember to do
cros_workon --board $BOARD start chromeos-initramfs
There‘s no need to emerge
chromeos-initramfs because it’s always re-built in
Factory shims are signed in a special way for security reasons. It needs to boot with “developer switch turned on” and “boot in recovery mode”.
ESC + F3(REFRESH) + POWERto enter recovery mode
CTRL + Dto turn on developer switch
ESC + F3(REFRESH) + POWERto enter recovery mode again (no need to wait for wiping)
POWER + VOL_UP + VOL_DOWNfor at least 10 seconds, and release them to enter recovery mode
VOL_UP + VOL_DOWNto show recovery menu
VOL_DOWNto move the cursor to “Confirm Disabling OS Verification”, and press
POWERto select it
POWER + VOL_UP + VOL_DOWNfor at least 10 seconds, and release them to enter recovery mode again (no need to wait for wiping)
If you boot factory shim in developer mode (
Ctrl-U), some functions won't work, such as recovering TPM.
If you boot into a factory shim successfully, you will see a shim menu, followed by a prompt to select an action.
Please select an action and press Enter. I Install Performs a network or USB install R Reset Performs a factory reset; finalized devices only S Shell Opens bash; available only with developer firmware V View configuration Shows crossystem, VPD, etc. D Debug info and logs Shows useful debugging information and kernel/firmware logs Z Zero (wipe) storage Makes device completely unusable C SeCure erase Performs full storage erase, write a verification pattern Y VerifY erase Verifies the storage has been erased with option C T Reset TPM Call chromeos-tpm-recovery F Update TPM Firmware Call tpm-firmware-update-factory U Update Cr50 Update Cr50 fw from ROOTFS_PARTITION/opt/google/cr50/firmware/cr50.bin.prod E Reset Cr50 Perform a Cr50 reset M Cr50 factory mode Enable Cr50 factory mode action>
The install shim also checks
/etc/lsb-factory for flags that decides the default action of the shim menu (listed from high priority to low priority).
NETBOOT_RAMFS=1: This flag is automatically set when using netboot firmware. The install shim will set the default action to (I) Install.
RMA_AUTORUN=true: This flag is set by
image_toolwhen creating an RMA shim. Please see RMA shim README for the behavior of this parameter.
DEFAULT_ACTION=<action>: This flag directly sets the default action to . For instance,
DEFAULT_ACTION=isets the default action to (I) Install.
Factory shims do not provide shells by default for security reason. If you can still see virtual terminal consoles, try VT0, VT1, VT2, VT3 - there are lots of debug messages there.
If you do need a shell to debug, add
cros_debug to kernel command line. You can do this in
build_image --board $BOARD --boot_args cros_debug factory_install
For an existing image, you can use
make_dev_ssd.sh to change kernel command line easily:
# inside chroot cd ~/trunk/src/platform/vboot_reference/scripts/image_signing ./make_dev_ssd.sh -i $PATH_TO_IMAGE_OR_USB_DEVICE \ --partitions 2 --recovery --edit_config
This will bring an editor to allow editing command line.
make_dev_ssd.sh is also available on all Chrome OS image (even factory shim) - try
If you boot a factory shim with
cros_debug, then you should have one shell in VT2 or VT3. Moreover, if you can enter the menu, ‘S’ will give you the full shell.
frecon-lite) provides text-based console. If you can't see anything on screen, redirect the console to another device, for example Servo consoles so you can check why
frecon failed. To do this, add
console=ttyS0,115200n8 to kernel command line (use the
make_dev_ssd.sh or add
--boot_args as explained in previous section). Some devices may need different TTY name for example
ttyS1. Please check the care-and-feed doc of your device.
If the menu or frecon will die and adding
cros_debug does not help, you probably want to attach serial console (for example SuzyQ) and get everything except factory shim UI (menu) there. To do that:
/usr/sbin/factory_tty.sh and find the
TTY_CONSOLE= line. If it already has valid serial console (for example
ttyS0), move to step 3.
TTY_CONSOLEand build image.
make.conf in board overlay, to find or add one setting (assume serial console is
Then,then re-build the
factory_installer package and factory shim:
emerge-$BOARD factory_installer build_image --board $BOARD factory_install
Mount the rootfs and rename
/etc/init/console-ttyS0.conf to something that does not start as
# First enable RW for rootfs. Assume the USB is in /dev/sdX. cd ~/trunk/src/platform/vboot_reference/scripts/image_signing sudo ./make_dev_ssd.sh -i /dev/sdX --recovery \ --remove_rootfs_verification --partitions 2 # Mount (assume your shim is in /dev/sdX) sudo mount /dev/sdX /media cd /media/etc/init sudo mv console-ttyS0.confg debug-ttyS0.conf cd - # To leave /media folder so we can unmount. sudo umount /media