Sometimes you have to stick a screwdriver in it (or how to liberate a Chromebook in ten easy steps)
Over the holidays, I found a Chromebook that Samsung had given me to evaluate about six years ago and which had been gathering dust ever since. Coincidentally, Laura’s sister Annie had just told me that she needed a laptop. Hmm… Well, there was no way I was going to give her a Google spy device, so I decided to liberate the Chromebook from Google’s surveillance-based operating system (ChromeOS) and gift it to her.
Now, you would think given how people just love to harp on about how damn open Google is, that this would be easy to do. Just install a lightweight Linux distribution and be done with it, right?
Oh, you poor, naïve, dear. No, not even close.
Instead, what you have to do1 is to physically open up the computer, short a pair of jumpers to disable the write protection and flash the firmware with something that isn’t designed to stop you from protecting yourself from Google’s surveillance machine.
Google is closed
Google is anything but open2 and Chromebooks are not computers; they are corporate surveillance devices. A Chromebook is an inexpensive data milking device and you are the cow.
It’s no coincidence, for example, that they have tiny hard drives. Why do you need local storage when you can just put all your data on Google’s machines and use Google’s services for everything? And what if you decide to foil Google’s cunning plan and install a larger hard drive? Computer says, “no!” You can’t. Why? Because “security”, of course. Wink, wink!
Similarly, you cannot install a different operating system. And if you have the gall to try and dual boot, you are greeted with a nag screen on every boot. Why? Because “security”, of course. Nudge, nudge!
Giving the owner of a computer control over who can and cannot update the hardware or operating system is a valid security concern. Giving the manufacturer such control and making it as difficult as possible for the owner isn’t.
If Google really cared about people’s security, they’d have designed Chromebooks to ship with hardware keys which, when inserted, would enable the hardware or software to be updated. Boom! Problem solved. And they wouldn’t have designed a malicious firmware that tries to get you to revert to factory defaults on every boot once you’ve modifed your own system. This is one of the most owner-hostile features I’ve seen yet in a piece of consumer technology3. But then again, you never really own a Google Chromebook… it owns you.
How to liberate a Chromebook
Here are the instructions for liberating a Samsung Series 5 550 Chromebook (lumpy) and installing GalliumOS on it:
Push the developer switch to the right. This is a small switch at the back of the laptop on the right-hand side.
Place the laptop on its lid and disconnect the battery by sticking a paperclip into the battery disconnect hole.
Remove all eight screws using a Phillips screwdriver. Four of the screws are hidden under the pads for the feet, so you will have to remove those first by gently prying them loose using a small flat-head screwdriver.
Pry open the lid by sticking a small flat-head screwdriver in and gently moving it all around the edges. You will hear clicks as the plastic clamps come loose.
Locate the write protect jumper and short it. The way I did this was to find a small flat-head screwdriver and stick it into the plastic head of the jumper. I put non-conductive tape under and above the screwdriver to make sure it didn’t short anything else.
Put the cover back on (but don’t clamp it shut) and start up the machine. You will see a scary warning screen. Press CTRL+D. Once ChromeOS boots, press CTRL+ALT+T to get to Crosh and type
shellto drop into a terminal running Bash.
sudo -s, followed by
flashrom --wp-disable. You should see a success message. If you don’t check that you’ve disconnected the battery and that your screwdriver is properly shorting the right jumper.
Install SeaBIOS (Full ROM):
cd;bash <(curl https://johnlewis.ie/flash_cb_fw.sh)
Reboot. If you see the SeaBIOS screen, then you can turn the computer off, remove the screwdriver, and close the computer up.
Prepare a USB key with GalliumOS on it. Insert it into your USB slot and reboot. You will need to download the Sandy / Ivy Bridge version of Gallium OS. You can burn it to a USB key using a tool like Etcher.
Your computer should boot into the GalliumOS installer. Follow the instructions to set up your free and open operating system and you should find yourself the proud owner of a fully-liberated Unchromedbook.
Enjoy having the freedom to do what you want with your own machine without being tracked and profiled by Google.
On the machine I prepared for Annie, I ended up covering up the corporate branding with some colourful unicorn and cloud stickers I found at the local stationary store4.
This is true for the Samsung Chromebook 550 model, at least. On other models, apparently you can open up the machine and remove a screw from the motherboard, etc. On all models, you have to flash the firmware to stop Google from nagging you on every boot. ↩︎
To prove me wrong, please just email me a link to the source code for Google Search, Google Mail, Google Docs, Google Play Services, and all of their proprietary, surveillance-based services as well as the free/open source licenses for all of the above. Thanks! ↩︎
Apple is engaged in similar shenanigans with its latest T2 chip. But then again no one ever accused Apple of being open. Still, at least they make their money by selling products to people instead of selling people to corporations like Google does. ↩︎
I was originally going to write something like “unchromedbook” or “liberated” on the case using some scrabble letters but ended ruining the tiles when the superglue exploded out of the tube, ruining the tiles and almost sticking my fingers together. That was fun (wasn’t fun). ↩︎