Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can not remove root verification on Chrome OS v70 #8

Open
jbardi opened this issue Nov 1, 2018 · 6 comments
Open

Can not remove root verification on Chrome OS v70 #8

jbardi opened this issue Nov 1, 2018 · 6 comments

Comments

@jbardi
Copy link

jbardi commented Nov 1, 2018
edited
Loading

The process no longer works on Chrome OS v70 stable.

Technically this issue is not related to your script, because I have to remove root verification before I can even attempt to run your script, but I was hoping you may have an idea of how I might fix no longer being able to remove root verification since the v70 upgrade.

After upgrading to v70 the --remove_rootfs_verification no longer works. v70 installed to the alternate rootfs using kernal B on partition 4, and running rootdev -s shows me /dev/mmcblk0p5, so I ran the following command:

sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification --partitions 4

When run, it shows the proper output as below:

make_dev_ssd.sh: INFO: Kernel B: Disabled rootfs verification.
make_dev_ssd.sh: INFO: Backup of Kernel B is stored in: /mnt/stateful_partition/backups/kernel_B_20181101_143134.bin
make_dev_ssd.sh: INFO: Kernel B: Re-signed with developer keys successfully.
make_dev_ssd.sh: INFO: Successfully re-signed 1 of 1 kernel(s) on device /dev/mmcblk0

However, when I reboot and then attempt to run the RootandSEpatch.sh it tells me that it is read only and that I have to remove root verification. I have tried over and over, and its a catch 22 as it never really removes root verification. I've been using your root script since version 63 I believe, but this is the first time I have been unable to remove root verification.

I have also tried the dev tool to remove verificaton as suggested in another forum:

sudo /usr/libexec/debugd/helpers/dev_features_rootfs_verification

That command is supposed to determin the rootfs and kernel pair being used and remove the root verificaton from the correct partition.

When typing the mount command, it shows that the partition is mounted rw, but it still does not work. This is the output of the mount command for the rootfs that is running on partition 4:

/dev/mmcblk0p5 on / type ext2 (rw,relatime,seclabel)

I am running an ASUS Chromebook Flip C302
@mmirg
Copy link

mmirg commented Nov 1, 2018

I don't believe this is a problem of disabling root verification but rather that CrOS no longer mounts the root directory as writeable. I modified my script to touch /etc to verify whether root verification is disabled and the rest continues to run properly. At least until you update to CrOS 71 and more of the filesystem becomes unwriteable.

@jbardi
Copy link
Author

jbardi commented Nov 1, 2018
edited
Loading

Awesome!! Since you verified the rootfs verification was not the problem and the script can still write to the necessary directories, I simply removed the rootfs check from my script altogether and everything worked perfectly. If v71 stable is finally unable to be rooted, I'll be stuck on v70 for the foreseeable future.

Thanks for the information, I can relax now, at least for the next 6 weeks until v71 lol

@mmirg
Copy link

mmirg commented Nov 1, 2018 via email

@jbardi
Copy link
Author

jbardi commented Nov 2, 2018
edited
Loading

Yeah, my Chromebook is the only device I have that still uses that standard superuser process. All of my other devices exclusively use systemless root, which has many more benefits beyond the obvious. I would love to see a way to implement Magisk into the Android container.

@nolirium
Copy link
Owner

nolirium commented Nov 4, 2018

I don't believe this is a problem of disabling root verification but rather that CrOS no longer mounts the root directory as writeable. I modified my script to touch /etc to verify whether root verification is disabled and the rest continues to run properly.

Oh, interesting, so you are both saying that CrOS isn't letting the "touch /.this" command succeed any more? I wonder if this could be specific to Intel/x64 (maybe Crostini supporting?) devices at the moment, as it doesn't seem to be occurring on my armv7 Chromebook in v72 dev currently? (Although to be certain I would perhaps need to wipe it and then go through the various channels to actually check and confirm).

In any case, perhaps I should switch out the script's current rootfs check with something like the below, which, if I understand correctly, would work on your device/s at the moment?

check_writeable_rootfs() {

if [  -e /etc/aroc_writable_test ]; then
rm /etc/aroc_writable_test
fi

touch /etc/aroc_writable_test  2> /dev/null

  if [ ! -e /etc/aroc_writable_test ]; then
  echo "Error!"
  echo "Unable to modify system!"
  echo "You can disable rootfs verification by running the following command, then rebooting."
  echo "sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification --partitions $(( $(rootdev -s | sed -r 's/.*(.)$/\1/') - 1))"
  echo "Please run the "remove_rootfs_verification" command now, then reboot and run this script again."
  exit 1
fi

rm /etc/aroc_writable_test

}

@mmirg
Copy link

mmirg commented Nov 5, 2018

Yup, that's pretty much what I'm doing now. I noticed that /etc isn't writeable without root fs verification removed so I chose that as a candidate directory. Thanks for the update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jbardi @mmirg @nolirium