Using a Chromebox as a Linux server

The Asus M004U Chromebox is reasonably priced at $ 167-ish. It only has 2 GB RAM and 16 GB SSD, but for a small Linux server that's plenty. And it's a tiny little thing. I think it's fanless, or at least it's silent. It has an Intel Celeron i86_64 processor. Also, it has an SD card slot, or you can plug a USB-3 hard drive into it, so storage isn't really an issue. And both Ethernet and Wi-Fi. I think the Ethernet is gigabit, even.

The first time I used it I just booted it up normally. It's fast and seems to work well. If all you need to do is web browsing, email, watch YouTube videos, maybe some stuff in Google Docs, it really does seem like this is all you'd need. Or a Chromebook if you wanted a laptop form-factor instead. But anyway, I wanted a Linux server.

Chrome OS appears to be a variant of Linux, but I wouldn't call the Chrome OS a Linux installation, mainly because you can't modify it. It's completely locked down, and even in developer mode there are limitations of what you can modify.

There are three ways of running actual Linux:

1. chroot Linux under Chrome OS - very little danger of breaking anything, but you're basically running Linux under Chrome OS.
2. Dual boot, so you can boot into either.
3. Replace Chrome OS with Linux.

Since I was unlikely to use the device as a Chrome OS device again, and you can recover it easily if you need to by downloading a restore image onto an SD card or USB flash drive, I went with completely replacement (#3) so I could reclaim all of the space in the SSD used by Chrome OS.

I was going to do Linux installation from an SD card, and I downloaded the Ubuntu LTS server iso file, but I was doing it from a Mac. Here are instructions for making a bootable SD card or USB stick on the Mac from an iso file:

The short version:
hdiutil convert -format UDRW -o ubuntu.img ubuntu-14.04.1-server-amd64.iso
diskutil list
diskutil unmountDisk /dev/disk6 # replace with the disk number of the volume you want to write to
sudo dd if=ubuntu.img.dmg of=/dev/rdisk6 bs=1m

I copied to a class 10 SDHC card, and it only took 52 seconds to copy the image. Note that it won't be readable by OS X, so if prompted about that, just Ignore or Eject.

This post had everything I needed to get started. It was for Fedora and I'm installing Ubuntu, but the process is pretty much the same.

I'll briefly repeat the steps from that post here, but you should go there and read the details.

The reset button is the little circle above the Kensington lock port, next to the SD card slot, on the left side. Insert a paperclip into the hole to gently press the button.

With the unit powered down, press and hold the reset button while powering on to boot into recovery mode. This will erase any data that you have on the box!

Hit Ctrl-D to turn off OS verification.

Hit the reset button again to enable developer mode. Let it sit for a while, I think it will reboot.

I was unable to enter a shell by using a Mac keyboard and neither Ctrl-Alt-F2 or Ctrl-Alt-Right Arrow worked. (I used Option instead of Alt, since it was a Mac keyboard. That usually works.)

However from the Chrome desktop I was able to enter the "crosh" shell by hitting Ctrl-Alt-T. From there, use the "shell" command to get a normal bash shell.

The booting into legacy OS command in the page above was wrong for me. It's chromeos-firmwareupdate not upgrade.

sudo -s
/usr/sbin/chromeos-firmwareupdate --mode=todev
crossystem dev_boot_usb=1
crossystem dev_boot_legacy=1

Install the patched SeaBIOS binary with USB-3 support:

cd /tmp
wget md5sum asus-chromebox-SeaBIOS-new.bin
flashrom -w -i RW_LEGACY:asus-chromebox-SeaBIOS-new.bin

Note that doing a full Chrome OS restore appears to also overwrite the legacy boot slot, so even if you completely screw up this step you can still recover from it.

The next step is optional, but if you're going to make a dedicated Linux box I highly recommend it. It will require opening up the box. One page I read said this doesn't void the warranty unless you break something, but don't quote me on that. If you decide not to do this, scroll down and continue below.

The problem is that once you're in developer mode, you get the "white screen" during boot that warns you that OS protection is off, if you let it sit for a while (or hit Ctrl-D) it proceeds to boot Chrome OS. In order to run Linux, we use the legacy mode, which requires that you hit Ctrl-L during the white screen. If you remotely reboot Linux, it will then be stuck at the white screen forever. These steps make legacy boot the default, so after the white screen it defaults to booting Linux. 

Also, make sure you do these steps before you install Linux, especially if you're doing an overwrite installation as described here. Once you erase Chrome OS there's no way to reset the default boot OS unless you reinstall Chrome OS, then install Linux again! (I did that.)

The first thing you must do is remove the write-protect screw. Remove the four rubber pads on the bottom the the device. Under the rubber pads are 4 phillips screws. Remove those. Pry the case apart. The split is right at the base, so if you stick a screwdriver in the crack you can probably get it apart without too much force.

With the device sitting board-side-up and the ports away from you, the write-protect screw is in the back right. It's near the ports, on the side that isn't the side with the RAM. It's a silver screw with an unusually large head (pointed to by the pink arrow, below). Remove the screw. That's it for the hardware modifications. You can put the device back together now.

Incidentally, the 2 GB RAM Chromebox I got had only one of the memory slots filled. It would probably be inexpensive to add a second 2 GB and double the RAM, though I didn't do that.

Boot back into Chrome OS and bring up a shell. I used Ctrl-Alt-T then use the shell command.

sudo -s
flashrom --wp-disable
sh /usr/share/vboot/bin/ 0x488

I used 0x488 instead of 0x489 in the instructions above, so it will pause longer on the boot screen, which makes it easier to intercept it. It makes reboots take longer, but it's not that much longer.

Under no circumstances should you issue the without removing the screw and issuing the flashrom --wp-disable command! If the flash is write-protected, only part of it is actually write-protected. The set_gbb_command will overwrite the part it can, resulting in a corrupted image and a need to restore Chrome OS. Don't do that! (I did.)

More info on the resetting the default boot:

Continue here if you didn't remove the write-protect screw and change the default boot OS.

Insert the SD card or USB stick with the bootable Linux distribution iso on it.

Reboot the Chromebox.

At the white "OS validation is off" screen hit Ctrl-L to enter SeaBIOS, or wait if you've changed the default.

Hit ESC once to bring up the boot menu. You have to do this pretty quickly, basically as soon as the screen turns black. Boot off the Linux installation media. It should be the second option in the boot menu.

In the original post above, there was a need to add a mem=1024M option, but that was not necessary for Ubuntu 14.04 server.

Follow the normal Ubuntu server installation. When it asks you if you want to unmount /dev/sda, make sure you answer yes. That's the Chrome OS disk, and I wanted to completely overwrite it, so the volumes must be unmounted.

From Ubuntu server installation, I just installed OpenSSH, DNS, LAMP. Even though there is a Tomcat/Java option, I wanted to install Oracle Java and my desired Tomcat version so it would match my other servers. And of course once it's running you can apt-get install anything you want.

That's it! I now have a fully functional tiny Linux box!

About this Entry

This page contains a single entry by Rick Kasguma published on January 7, 2015 6:20 PM.

Waveform drawing was the previous entry in this blog.

iPhone VPN (Virtual Private Network) is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.