Skip to content

De-Chroming the Acer c720 Chromebook

(Originally posted 2014-12-01 on the Software Freedom Law Center’s Blog)

What is De-Chroming?

This talk is an instructional companion to the SFLC @ 10 Disposable Computing talk.

De-Chroming is the process of taking a Chromebook laptop, in this case the Acer c720, and replacing the Chrome operating system with a full-featured Debian install.

Why would you De-Chrome a laptop?

Perhaps you want access to all the great programs in Debian, perhaps you want a high security computer for use doing humanitarian work in hostile conditions, or perhaps you just want to tinker with some cool new hardware. There are many reasons you might be interested.

What do you need?

  • A small Philips-head screwdriver
  • A USB flash drive or an SD card with 100 megabytes free
  • A chromebook (this guide is for the Acer c720 model but other models are supported)
  • A wireless network

How to De-Chrome the c720 in 10 simple steps

This series of steps is designed to replace the default coreboot BIOS shipped on the laptop with a community-built version. This process brings a theoretical risk of bricking your device, which would require ~$50 of hardware and some technical knowledge to repair. You should be safe if you read all the instructions carefully but, if you would like to know more, take a look at the community wiki.

  1. Start the computer and log in to the chromebook guest account.
  2. Activate developer mode (note: this will delete all the user data on the machine so if you have been using the laptop you should back up your documents first).
  1. When you are logged in hold down Escape+Refresh(F3) and press the power button to reboot into recovery mode.
  2. Press Ctrl+D at the Recovery screen and then confirm that you would like to activate developer mode.
  1. Wait as it reboots and switches to developer mode, then shut down the machine.
  2. Remove write-protect screw as shown in: this video (available as mp4 or mkv).
  3. Reboot and re-log in as guest.
  4. Press Ctrl+Alt+t to get a Google terminal.
  5. In that terminal type “shell” to gain access to the full set of capabilities.
  6. Plug in your USB thumbdrive or insert your SD card.
  7. Run this command, which will download a script. (enter this as one unbroken line):

    cd; rm -f flash_chromebook_rom.sh; curl -k -L -O https://johnlewis.ie/flash_chromebook_rom.sh; sudo -E bash flash_chromebook_rom.sh

    Press 4 to backup your old BIOS and press 5 to install a community version from John Lewis.

  8. Once that has completed successfully and without errors, reboot. Now you can install Debian or your free software distribution of choice. If you received errors, do not reboot and seek help from the coreboot on chromebooks community.

Installing free software

Once you have replaced the default BIOS you will be able to boot from a USB device and install whatever version of a free software operating system you have handy. Everything on the c720 except for the bluetooth is supported with free software drivers so installation should be straightforward, though you may need to install the most recent kernel from your distribution to enable support for the trackpad. Some tips and tricks for dealing with any hardware issues you may run into are available from Kevin Keijzer’s blog on the FSFE site.

As with all of our SFLC machines, we install Debian and use the Debian installer to encrypt the hard drive. I am happy to report that that works perfectly well here whether you are installing to the internal drive or to an external USB thumb drive or SD card. That is important since, for most people, the only thing to consider when De-Chroming one of these laptops is what to do with the hard drive.

What to do with the hard drive

To keep costs down, Chromebooks are sold with hard drives that may be too small for most people to comfortably use as their only storage, generally 16 or 32 gigabytes. Those of us De-Chroming the laptops have a few general options for how to deal with this potential limitation: use it as is, replace the drive, or add extra storage with a USB drive or an SD card.

Use as is

16 GB is plenty of space for a Debian install, even using some for swap. This is especially true if you want to have your home partition on a separate thumb drive or SD card. This is also the cheapest and most straightforward option so, if cost is a factor or you just want to test out different versions of linux on the laptop, you should have plenty of space and can always expand it later.

Replace the drive

Larger SSDs are available for ~$50-60 online so if you want more space it is simple enough to just get a larger drive. Just make sure the disk you buy is compatible with the c720 laptop since there are a number of different format options available. There are only a couple dozen machines using these disks so far so any website selling them should list which ones are compatible. To replace the drive just open the case the same way you did to remove the write-protect screw and unscrew the one screw holding the drive in.

If I were going to use the laptop as my primary machine this is what I would do.

Expand the storage with USB or SD devices

Since the c720 has both a USB3 port and an SD card slot, it is easy enough to expand your available storage space with removable media. 64gb USB3 drives are available from $30-40 online. If you do not know how much space you will need, 64gb is probably enough space for you.

If you are buying a thumb drive you also have the opportunity to install the whole operating system to the thumb drive and leave no information about you on the laptop. This is particularly useful for people operating in high security situations like those doing humanitarian work in hostile countries, anyone who is worried about bringing a business machine back inside a secure facility, or anyone who is worried about having to decrypt a hard drive when crossing a hostile national boarder. With no information about you or your activities on the device, you can simply leave your laptop at whatever risky location you have traveled to and De-Chrome yourself a new one when you return to safer ground.

Updated July 22, 2015 with options for updated script from John Lewis.

Information in this post may change over time. Check here for updates.

Technological Wizardry

The Washington Post editorial board just suggested that the tension between consumer’s right to encrypt their devices and the government’s legal power to access data with a search warrant could be resolved by magic.

Here is the final paragraph from Friday’s editorial Compromise needed on smartphone encryption:

How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we’d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law.

They also seem to think that Congress could pass a law preventing us from using publicly available encryption technology on computers we own, which seems like a pretty big misunderstanding all be itself. Do you think they also want congress to mandate a secret unlock code for all physical safes sold in the US?

Innovation in practice

(Originally posted 2014-04-11 on the Software Freedom Law Center’s Blog)

In each Supreme Court brief that SFLC has filed over the years we have included a little note on the first page declaring that the brief was made using only free software. This point was particularly important in our most recent brief, for a case named Alice Corporation v. CLS Bank, which was argued in front of the court last week. Our use of free software was particularly important this time because we argue in our brief that free software has been responsible for the major software innovations of the modern era. In partial support of that claim I want to show you our document creation process and tell you about the free software we use to take text from an email and turn it into a camera-ready Supreme Court brief, then a website, then an eBook.

1: Markdown – the drafting tool

The first tool we use, markdown, is a standard way to use keyboard characters like *, #, and [ ] to indicate what parts of a text should be italicized or in bold and which parts are things like headers or footnotes. Using standard characters to indicate these formatting options helps keep the focus on the text and makes it possible to use a variety of collaboration tools during drafting like etherpad, wikis, and version control systems.

While we have all of those tools running at our office, and used many of them to share drafts of the brief, the initial versions of the CLS brief began as simple email messages. Markdown is a great tool for sharing documents via email because you can include the text of the message directly in the body of the message making it easy to make edits or add comments just by replying. Keeping the text of a document inside the email message also keeps every version track-able and search-able with your normal email tools. Contrast that to the common practice of sending documents around as attachments and how hard it is to identify which of the dozen files you may have is the first time a particular piece of text was introduced or a particular change was made.

2: Pandoc – the swiss army knife

Our second tool, pandoc, helps us translate the simple formatting and structure marks from our draft into whatever type of more formal document we need. When it comes to conversion, Pandoc is a swiss army knife that can turn our Markdown document into a webpage, word processor document, Wikipedia article, eBook, or many other formats. The format we want is LaTeX, which is a system for laying out complex documents that require precise formatting. It is commonly used for books, résumés, journal articles, dissertations, and, in our case, Supreme Court briefs.

To convert our “draft.mkdn” document to LaTeX we simply run “pandoc draft.mkdn -o draft.tex” which tells pandoc to look at the markdown file and output a LaTeX version of it. Since “.mkdn” and “.tex” are standard extensions for Markdown and LaTeX formatted documents, Pandoc understands the conversion we want it to do without any other instructions. For now that one command is all we want from pandoc but we will come back to it when building our eBook later on.

3: LaTeX, a personal print shop

Our third tool, LaTeX, is the software version of a professional print shop. It has everything you need to format and lay out documents down to the smallest printing measurement. This is different from a word processor in two important ways. The first is that LaTeX has a professional quality typesetting engine that calculates optimal spacing and line breaks. The result is simply beautiful documents. Take a look at this sample text printed as either a LibreOffice word processor document (pdf) or using the default LaTeX settings (pdf). Try printing that text with whatever tools you normally use and see which one you think is more attractive and pleasant to read.

The second important difference between LaTeX and a word processor is that LaTeX keeps the layout and document formatting information separate from the document contents. Importantly for us, this means we can do the complicated work of specifying all the Supreme Court’s detailed document requirements for briefs just once and then reuse that for each brief we file. We can even share that formatting file with you (brief.cls) so you can study how it works or use it for your own Supreme Court brief.

Once our draft text is in LaTeX format, which we get from pandoc, the final rounds of editing and polishing begin. This is the stage where we make sure that all the citations are correctly formatted and everything looks good on paper. For the CLS brief we made a couple tweaks, adding a page break before the last section so the last page would have more than two lines on it and deciding to indent the subheadings in the table of contents by adding a new option to the formatting “class” file.

When everything looks good, LaTeX creates a PDF that we can send directly to the printer for binding and delivery. Because all of the formatting work is done by LaTeX our document is “camera ready” which means we never have to worry about problems like using a different word processor version from the printer. As soon as the document leaves our hands we have complete confidence about how the document will look when printed. If there were any question about pdf compatibility LaTeX could even output a version in printer-native postscript format. As far as the court is concerned, our work is done once we send the file to be printed but we feel it is important to make the work we do as widely available as possible. To that end we try and share our publications in as many formats as possible that people might want. Our next two steps will take the same LaTeX file and turn it into a webpage and then an eBook.

4: Tex4ht

Turning a LaTeX file into a webpage is greatly helped by a tool called tex4ht which is an entire webpage layout engine built for LaTeX. The resulting website code can be a bit unorthodox when preserving some of the print features not used online, for instance small caps are created by formatting each letter separately and matching up the sizes, but it is very effective at transforming even complicated print documents into websites. It is the natural choice for something like a Supreme Court brief. You can see the results of running tex4ht on our final LaTeX brief at our site, which is basically unchanged from the default output of running “tex4ht alice-cls-amicus.tex” except for adding our standard website header and removing some extra dashes on the cover page.

5: Calibre

Transforming our LaTeX brief into an eBook begins with pandoc, the same tool we used to create our first LaTeX draft out of markdown. In addition to working with markdown, pandoc is able to convert to and from a number of other formats, including translating LaTeX into the “epub” eBook format. This is an important feature for us since, however careful our drafting efforts, some changes always creep in once our brief has moved out of markdown and into the review and proof reading passes. Pandoc’s ability to read as well as create LaTeX documents lets us focus on editing the document rather than worry about which format it is in during a particular editing step.

To get a rough version of the ebook we want we just run “pandoc alice-cls-amicus.tex -o Initial-eBook.epub” and pandoc will figure out what format we want from the file extensions. Because pandoc lacks some of the creative formatting tricks that tex4ht uses, like creating a word in small caps by formatting each letter separately, this initial eBook version is missing some of the elaborately formatted parts of the brief like the cover page.

Once we have this initial eBook we can polish up the rough edges using a free eBook library program called Calibre. Adding our draft to the Calibre library gives us access to a whole editing toolkit. Just select the book and hit the big “edit” button in the main toolbar. Since eBooks are basically websites, this final stage of processing is actually simple HTML editing. Conveniently, this means that we can replace the missing cover page by copying and pasting that portion from our website version. Since pandoc preserved all of the in-text formatting like italics and long dashes, all that is left to do is make sure that the sections and subsections all have appropriate HTML heading numbers, add in the spacing dots on the table of authorities, and tell Calibre to generate a table of contents.

This was actually my first time editing an eBook so that whole process tool me about an hour.

Conclusions

If you have only ever produced documents using commercial word processing software, many of the tools I have described here may seem strange to you. Like so much of Free and Open Source Software, the tools we use for making documents come from a variety of different authors who each produce documents their in own ways. The particular tools we use at SFLC have been chosen over the years as our practice grows and evolves. Whether you are looking to replace your document tools entirely, try out a new way to turn emailed text into word processor documents, or just see what it looks like to take free tools and put them together into a system that fits your office, I hope this has been an informative look at some innovative free software.

Cracking the NSA’s code: Part4. The End

This week we have looked at the three main elements of the NSA’s surveillance system: Bulk data collection and the construction of an index for all communications in the country, use of private companies to store and process the content of our domestic data, and partnerships with other government agencies at home and abroad. We have examined all of these elements to so that we can try and judge the NSA’s surveillance system based on how it is constructed rather than by the motives and ideals of those currently using it. Now that we have examined the components, it is time to look at the bigger picture.

Technology of Power

Wholesale collection of data, use of private companies as data refineries, and partnerships of mutual convenience with other government surveillance agencies. Those are the functional components of the NSA system, the bits of code out of which it is built. What does that tell us about the system as a whole? We know that tapping into fiber optic lines naturally leads to wholesale data collection. We know that during wholesale data collection it is difficult or impossible to tell just whose data is being collected. We know that possessing all of the data turns what were once external checks and balances, like the prohibition on the NSA collecting US citizen data, into matters of self-policing and internal procedure design. We also know that, given all of this for a decade, the NSA has sought to increase how much data on US citizens they can search, radically increase how long they can keep data, and expand partnerships with groups that can volunteer information for the system that is free of any regulations. Now that we know that, we can ask the real question: is this going to be the kind of system we use to police democratic societies for the rest of our lives?

Before you decide, take a minute and watch this talk. The speaker, Malte Spitz, is a member of the German Parliament and used the German freedom of information laws to get a copy of all the “metadata” that his phone company stored about him. You can watch six months of his life reconstructed on that video. Everywhere he went, everyone he talked to, and all the groups he spoke with are captured in that metadata. There is power in being able to reconstruct someone’s life like that. Being able to reconstruct everyone’s lives at once is not just powerful, it is the kind of technology that could keep a government in power. Whether the NSA system was built to chase down terrorists or to disrupt political dissent does not matter. The power of the system matters and how much power we are comfortable giving to the secret operators of such a system matters.

In our names the US government is building a new kind of surveillance system, one that upends all the laws meant to regulate such activity and that is tied directly into the internet connections that will be the primary communication infrastructure for the rest of our lives. We have perhaps the best opportunity we will ever get to examine the actions taken in our names and set new rules for how a democratic society governs itself in this area. Our deliberations and decisions will have wide ranging repercussions. As the price of technology continues to fall there will be many others capable of building similar systems and the choices we make now will set the standard of behavior when that happens.

If we push back and we decide that this kind of monitoring is incompatible with a democratic society, our position as the central hub of the global internet means that we can hold that line for the next generation. If we move in the other direction and commit the center of the network to constant monitoring and recording, what will we say when those same tools are used to prop up the next “Axis of Evil” or suppress the next Arab Spring?

In the technology community “code is law” is said as a reminder that our technologies are governed not by our intentions but by the way they are put together. It is also sometimes spoken in a hopeful note because, while code may be law, we write the code. We determine how our technology is built. It can be hard and it can be complicated, but we need to do it because, if we don’t do it right, someone else will do it wrong.

Cracking the NSA’s Code: Part 3

So far this week we have looked at two of the three main components of the NSA’s surveillance system: how the NSA collects raw data from fiber optic cables and uses that to build an index of “metadata” that maps nearly all communications in the country going back to 2001 and how they enlist private companies as data distilleries holding and processing the contents of our domestic data. Today we will finish looking at the functional elements of the NSA system with a look at how government agencies at home and abroad partner with the NSA, skirting all effective data protection regulations as a result.

Sharing is caring

The NSA is a single government agency. It may be the "largest, most covert, and potentially most intrusive intelligence agency ever" and it may sit at the center of the global communications network, but it is still just one agency and it has limits. They are still somewhat prohibited from directly targeting US citizens, which is the only factor limiting which domestic fiber optic cables they can tap into with splitter prisms. They also lack domestic access to the 7.25% of global internet traffic that does not pass through the US during transmission. The essential allies for overcoming these obstacles are other government agencies, both those at home and abroad.

At home the NSA cooperates directly with numerous government agencies, most importantly the CIA, FBI, and the little known National Counter Terrorism Center (NCTC). In addition to sharing expertise, connections, and personnel resources, when these agencies work together they also benefit by skirting around laws designed to control just where they can operate. The NSA’s intelligence gathering is limited by law to foreign communications. In order to collect and store the phone records of purely domestic phone calls, as we can now confirm they are doing, someone other than the NSA must do the collection. In the case of phone records, the FBI is the one actually requesting records from the phone companies. The same is true of PRISM requests for internet communications. In all cases the NSA is the one who stores and analyzes the data; the intermediary agencies are used as legal cover. The reason for this game of digital hot potato is that data that is lawfully obtained by the government becomes fair game for other parts of the government to search. So, once the FBI has obtained everyone’s phone records the NSA no longer feels that the legal prohibitions on collecting data about US citizens apply.

Making it easier for different government agencies to exchange information was one of the main reasons for creating the NCTC in 2003. Initially this information was limited. Information about US citizens who were not suspected of any crime could be included but could not be kept for longer than 180 days. Then in press release last march the Attorney General changed that from 180 days to five full years. Perhaps unsurprisingly this is the same length of time the NSA keeps such data on citizens. This one government partnership alone is a significant expansion of the NSA’s surveillance system. The NCTC brings access to all Federal databases including flight records, financial forms submitted by people seeking federally backed mortgages, the health records of people who sought treatment at Veterans Administration hospitals and many others. The only restriction on what databases the NCTC may keep is that they must be “reasonably believed” to contain “terrorism information.” With databases this large it seems reasonable to believe they contain everything.

When foreign governments cooperate in surveillance even these trivial restrictions fade away. Just as we place no restrictions on what the NSA may do with information about non-US citizens, other governments place no restrictions on what their spy agencies can do with information about US citizens. Theoretically then it would be possible for two nations to spy on each other and then exchange information, much like strangers on a train. By accident or by design, this is much what happens with the British intelligence agency GCHQ, who we help access more than 200 fiber optic cables. In return we gain access to the processed metadata they collect. Any data we wish to share with them can be done through the NCTC. The only difference between our two programs is how long we each keep data. While we keep information on our citizens for up to five years the UK government only stores information on their subjects for a maximum of 30 days.

Tomorrow we will put all these pieces into context and draw some conclusions about what these components mean for the surveillance system as a whole: Part 4 – The End.

Update July 8: We learned over the weekend more details about the GCHQ cable tapping and have now have information about how the Australian and other close international partners operate their own social monitoring stations. The geographical diversity of these partner nations means that nearly all of the undersea fiber optic cables that tie the internet together are open to unregulated monitoring by one of our partners. As other nations build their communication storage capacities to match our own this means it will be legally and architecturally possible for this small group of democratic governments to access complete records of all internet communications. As long as nations only store information about each other’s citizens, no domestic surveillance laws will be triggered. As long as the records are complete, each nation will know that any information about their own citizens they wish to access at a later date can be simply requested from a partner.