u-root / nichrome Goto Github PK

View Code? Open in Web Editor NEW

58.0 50.0 27.0 31.13 MB

An open ChromeOS distro with a Go-based userland, X11, and upspin support. (WIP)

License: GNU General Public License v2.0

Shell 58.02% Python 8.37% Go 31.57% HTML 1.76% JavaScript 0.01% CSS 0.26%

chrome-os golang u-root

nichrome's Introduction

u-root

Description

u-root embodies four different projects.

Go versions of many standard Linux tools, such as ls, cp, or shutdown. See cmds/core for most of these.
A way to compile many Go programs into a single binary with busybox mode.
A way to create initramfs (an archive of files) to use with Linux kernels, embeddable into firmware.
Go bootloaders that use kexec to boot Linux or multiboot kernels such as ESXi, Xen, or tboot. They are meant to be used with LinuxBoot.

Usage

Make sure your Go version is >= 1.21.

Download and install u-root either via git:

git clone https://github.com/u-root/u-root
cd u-root
go install

Or install directly with go:

go install github.com/u-root/u-root@latest

Note

The u-root command will end up in $GOPATH/bin/u-root, so you may need to add $GOPATH/bin to your $PATH.

Examples

Here are some examples of using the u-root command to build an initramfs.

git clone https://github.com/u-root/u-root
cd u-root

# Build an initramfs of all the Go cmds in ./cmds/core/... (default)
u-root

# Generate an archive with bootloaders
#
# core and boot are templates that expand to sets of commands
u-root core boot

# Generate an archive with only these given commands
u-root ./cmds/core/{init,ls,ip,dhclient,wget,cat,gosh}

# Generate an archive with all of the core tools with some exceptions
u-root core -cmds/core/{ls,losetup}

Important

u-root works exactly when go build and go list work as well.

Note

The u-root tool is the same as the mkuimage tool with some defaults applied.

In the near future, uimage will replace u-root.

Tip

To just build Go busybox binaries, try out gobusybox's makebb tool.

Multi-module workspace builds

There are several ways to build multi-module command images using standard Go tooling.

$ mkdir workspace
$ cd workspace
$ git clone https://github.com/u-root/u-root
$ git clone https://github.com/u-root/cpu

$ go work init ./u-root
$ go work use ./cpu

$ u-root ./u-root/cmds/core/{init,gosh} ./cpu/cmds/cpud

$ cpio -ivt < /tmp/initramfs.linux_amd64.cpio
...
-rwxr-x---   0 root     root      6365184 Jan  1  1970 bbin/bb
lrwxrwxrwx   0 root     root            2 Jan  1  1970 bbin/cpud -> bb
lrwxrwxrwx   0 root     root            2 Jan  1  1970 bbin/gosh -> bb
lrwxrwxrwx   0 root     root            2 Jan  1  1970 bbin/init -> bb
...

# Works for offline vendored builds as well.
$ go work vendor # Go 1.22 feature.

$ u-root ./u-root/cmds/core/{init,gosh} ./cpu/cmds/cpud

When creating a new Go workspace is too much work, the goanywhere tool can create one on the fly. This works only with local file system paths:

$ go install github.com/u-root/gobusybox/src/cmd/goanywhere@latest

$ goanywhere ./u-root/cmds/core/{init,gosh} ./cpu/cmds/cpud -- u-root

goanywhere creates a workspace in a temporary directory with the given modules, and then execs u-root in the workspace passing along the command names.

Tip

While workspaces are good for local compilation, they are not meant to be checked in to version control systems.

For a non-workspace way of building multi-module initramfs images, read more in the mkuimage README. (The u-root tool is mkuimage with more defaults applied.)

Extra Files

You may also include additional files in the initramfs using the -files flag.

If you add binaries with -files are listed, their ldd dependencies will be included as well.

$ u-root -files /bin/bash

$ cpio -ivt < /tmp/initramfs.linux_amd64.cpio
...
-rwxr-xr-x   0 root     root      1277936 Jan  1  1970 bin/bash
...
drwxr-xr-x   0 root     root            0 Jan  1  1970 lib/x86_64-linux-gnu
-rwxr-xr-x   0 root     root       210792 Jan  1  1970 lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
-rwxr-xr-x   0 root     root      1926256 Jan  1  1970 lib/x86_64-linux-gnu/libc.so.6
lrwxrwxrwx   0 root     root           15 Jan  1  1970 lib/x86_64-linux-gnu/libtinfo.so.6 -> libtinfo.so.6.4
-rw-r--r--   0 root     root       216368 Jan  1  1970 lib/x86_64-linux-gnu/libtinfo.so.6.4
drwxr-xr-x   0 root     root            0 Jan  1  1970 lib64
lrwxrwxrwx   0 root     root           42 Jan  1  1970 lib64/ld-linux-x86-64.so.2 -> /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
...

You can determine placement with colons:

$ u-root -files "/bin/bash:sbin/sh"

$ cpio -ivt < /tmp/initramfs.linux_amd64.cpio
...
-rwxr-xr-x   0 root     root      1277936 Jan  1  1970 sbin/sh
...

For example on Debian, if you want to add two kernel modules for testing, executing your currently booted kernel:

$ u-root -files "$HOME/hello.ko:etc/hello.ko" -files "$HOME/hello2.ko:etc/hello2.ko"
$ qemu-system-x86_64 -kernel /boot/vmlinuz-$(uname -r) -initrd /tmp/initramfs.linux_amd64.cpio

Init and Uinit

u-root has a very simple (exchangable) init system controlled by the -initcmd and -uinitcmd command-line flags.

-initcmd determines what /init is symlinked to. -initcmd may be a u-root command name or a symlink target.
-uinitcmd is run by the default u-root init after some basic file system setup. There is no default, users should optionally supply their own. -uinitcmd may be a u-root command name with arguments or a symlink target with arguments.
After running a uinit (if there is one), init will start a shell determined by the -defaultsh argument.

We expect most users to keep their -initcmd as init, but to supply their own uinit for additional initialization or to immediately load another operating system.

All three command-line args accept both a u-root command name or a target symlink path. Only -uinitcmd accepts command-line arguments, however. For example,

u-root -uinitcmd="echo Go Gopher" ./cmds/core/{init,echo,gosh}

cpio -ivt < /tmp/initramfs.linux_amd64.cpio
# ...
# lrwxrwxrwx   0 root     root           12 Dec 31  1969 bin/uinit -> ../bbin/echo
# lrwxrwxrwx   0 root     root            9 Dec 31  1969 init -> bbin/init

qemu-system-x86_64 -kernel $KERNEL -initrd /tmp/initramfs.linux_amd64.cpio -nographic -append "console=ttyS0"
# ...
# [    0.848021] Freeing unused kernel memory: 896K
# 2020/05/01 04:04:39 Welcome to u-root!
#                              _
#   _   _      _ __ ___   ___ | |_
#  | | | |____| '__/ _ \ / _ \| __|
#  | |_| |____| | | (_) | (_) | |_
#   \__,_|    |_|  \___/ \___/ \__|
#
# Go Gopher
# ~/>

Passing command line arguments like above is equivalent to passing the arguments to uinit via a flags file in /etc/uinit.flags, see Extra Files.

Additionally, you can pass arguments to uinit via the uroot.uinitargs kernel parameters, for example:

u-root -uinitcmd="echo Gopher" ./cmds/core/{init,echo,gosh}

cpio -ivt < /tmp/initramfs.linux_amd64.cpio
# ...
# lrwxrwxrwx   0 root     root           12 Dec 31  1969 bin/uinit -> ../bbin/echo
# lrwxrwxrwx   0 root     root            9 Dec 31  1969 init -> bbin/init

qemu-system-x86_64 -kernel $KERNEL -initrd /tmp/initramfs.linux_amd64.cpio -nographic -append "console=ttyS0 uroot.uinitargs=Go"
# ...
# [    0.848021] Freeing unused kernel memory: 896K
# 2020/05/01 04:04:39 Welcome to u-root!
#                              _
#   _   _      _ __ ___   ___ | |_
#  | | | |____| '__/ _ \ / _ \| __|
#  | |_| |____| | | (_) | (_) | |_
#   \__,_|    |_|  \___/ \___/ \__|
#
# Go Gopher
# ~/>

Note the order of the passed arguments in the above example.

The command you name must be present in the command set. The following will not work:

u-root -uinitcmd="echo Go Gopher" ./cmds/core/{init,gosh}
# 21:05:57 could not create symlink from "bin/uinit" to "echo": command or path "echo" not included in u-root build: specify -uinitcmd="" to ignore this error and build without a uinit

You can also refer to non-u-root-commands; they will be added as symlinks. We don't presume to know whether your symlink target is correct or not.

This will build, but not work unless you add a /bin/foobar to the initramfs.

u-root -uinitcmd="/bin/foobar Go Gopher" ./cmds/core/{init,gosh}

This will boot the same as the above.

u-root -uinitcmd="/bin/foobar Go Gopher" -files /bin/echo:bin/foobar -files your-hosts-file:/etc/hosts ./cmds/core/{init,gosh}

The effect of the above command:

Sets up the uinit command to be /bin/foobar, with 2 arguments: Go Gopher
Adds /bin/echo as bin/foobar
Adds your-hosts-file as etc/hosts
builds in the cmds/core/init, and cmds/core/gosh commands.

This will bypass the regular u-root init and just launch a shell:

u-root -initcmd=gosh ./cmds/core/{gosh,ls}

cpio -ivt < /tmp/initramfs.linux_amd64.cpio
# ...
# lrwxrwxrwx   0 root     root            9 Dec 31  1969 init -> bbin/gosh

qemu-system-x86_64 -kernel $KERNEL -initrd /tmp/initramfs.linux_amd64.cpio -nographic -append "console=ttyS0"
# ...
# [    0.848021] Freeing unused kernel memory: 896K
# failed to put myself in foreground: ioctl: inappropriate ioctl for device
# ~/>

(It fails to do that because some initialization is missing when the shell is started without a proper init.)

Cross Compilation (targeting different architectures and OSes)

Cross-OS and -architecture compilation comes for free with Go. In fact, every PR to the u-root repo is built against the following architectures: amd64, x86 (i.e. 32bit), mipsle, armv7, arm64, and ppc64le.

Further, we run integration tests on linux/amd64, and linux/arm64, using several CI systems. If you need to add another CI system, processor or OS, please let us know.

To cross compile for an ARM, on Linux:

GOARCH=arm u-root

If you are on OSX, and wish to build for Linux on AMD64:

GOOS=linux GOARCH=amd64 u-root

Testing in QEMU

A good way to test the initramfs generated by u-root is with qemu:

qemu-system-x86_64 -nographic -kernel path/to/kernel -initrd /tmp/initramfs.linux_amd64.cpio

Note that you do not have to build a special kernel on your own, it is sufficient to use an existing one. Usually you can find one in /boot.

If you don't have a kernel handy, you can also get the one we use for VM testing:

go install github.com/hugelgupf/vmtest/tools/runvmtest@latest

runvmtest -- bash -c "cp \$VMTEST_KERNEL ./kernel"

It may not have all features you require, however.

Framebuffer

For framebuffer support, append a VESA mode via the vga kernel parameter:

qemu-system-x86_64 \
  -kernel path/to/kernel \
  -initrd /tmp/initramfs.linux_amd64.cpio \
  -append "vga=786"

For a list of modes, refer to the Linux kernel documentation.

Entropy / Random Number Generator

Some utilities, e.g., dhclient, require entropy to be present. For a speedy virtualized random number generator, the kernel should have the following:

CONFIG_VIRTIO_PCI=y
CONFIG_HW_RANDOM_VIRTIO=y
CONFIG_CRYPTO_DEV_VIRTIO=y

Then you can run your kernel in QEMU with a virtio-rng-pci device:

qemu-system-x86_64 \
    -device virtio-rng-pci \
    -kernel vmlinuz \
    -initrd /tmp/initramfs.linux_amd64.cpio

In addition, you can pass your host's RNG:

qemu-system-x86_64 \
    -object rng-random,filename=/dev/urandom,id=rng0 \
    -device virtio-rng-pci,rng=rng0 \
    -kernel vmlinuz \
    -initrd /tmp/initramfs.linux_amd64.cpio

SystemBoot

SystemBoot is a set of bootloaders written in Go. It is meant to be a distribution for LinuxBoot to create a system firmware + bootloader. All of these use kexec to boot. The commands are in cmds/boot. Parsers are available for GRUB, syslinux, and other config files to make the transition to LinuxBoot easier.

pxeboot: a network boot client that uses DHCP and HTTP or TFTP to get a boot configuration which can be parsed as PXELinux or iPXE configuration files to get a boot program.
boot: finds all bootable kernels on local disk, shows a menu, and boots them. Supports (basic) GRUB, (basic) syslinux, (non-EFI) BootLoaderSpec, and ESXi configurations.

More detailed information about the build process for a full LinuxBoot firmware image using u-root/systemboot and coreboot can be found in the LinuxBoot book chapter about LinuxBoot using coreboot, u-root and systemboot.

This project started as a loose collection of programs in u-root by various LinuxBoot contributors, as well as a personal experiment by Andrea Barberio that has since been merged in. It is now an effort of a broader community and graduated to a real project for system firmwares.

Compression

You can compress the initramfs. However, for xz compression, the kernel has some restrictions on the compression options and it is suggested to align the file to 512 byte boundaries:

xz --check=crc32 -9 --lzma2=dict=1MiB \
   --stdout /tmp/initramfs.linux_amd64.cpio \
   | dd conv=sync bs=512 \
   of=/tmp/initramfs.linux_amd64.cpio.xz

Getting Packages of TinyCore

Using the tcz command included in u-root, you can install tinycore linux packages for things you want.

You can use QEMU NAT to allow you to fetch packages. Let's suppose, for example, you want bash. Once u-root is running, you can do this:

% tcz bash

The tcz command computes and fetches all dependencies. If you can't get to tinycorelinux.net, or you want package fetching to be faster, you can run your own server for tinycore packages.

You can do this to get a local server using the u-root srvfiles command:

% srvfiles -p 80 -d path-to-local-tinycore-packages

Of course you have to fetch all those packages first somehow :-)

Build an Embeddable u-root

You can build the cpio image created by u-root into a Linux kernel via the CONFIG_INITRAMFS_SOURCE config variable or coreboot config variable, and further embed the kernel image into firmware as a coreboot payload.

In the kernel and coreboot case, you may need to configure ethernet. We have a dhclient command that works for both ipv4 and ipv6. Since v6 does not yet work that well for most people, a typical invocation looks like this:

% dhclient -ipv4 -ipv6=false

Or, on newer linux kernels (> 4.x) boot with ip=dhcp in the command line, assuming your kernel is configured to work that way.

Build Modes

u-root can create an initramfs in two different modes, specified by -build:

gbb mode: One busybox-like binary comprising all the Go tools you ask to include. See the gobusybox README for how it works. In this mode, u-root copies and rewrites the source of the tools you asked to include to be able to compile everything into one busybox-like binary.
binary mode: each specified binary is compiled separately and all binaries are added to the initramfs.

Updating Dependencies

go get -u
go mod tidy
go mod vendor

Building without network access

The u-root command supports building with workspace vendoring and module vendoring. In both of those cases, if all dependencies are found in the vendored directories, the build happens completely offline.

Hardware

If you want to see u-root on real hardware, this board is a good start.

Contributions

For information about contributing, including how we sign off commits, please see CONTRIBUTING.md.

Improving existing commands (e.g., additional currently unsupported flags) is very welcome. In this case it is not even required to build an initramfs, just enter the cmds/ directory and start coding. A list of commands that are on the roadmap can be found here.

Website

The sources of u-root.org are inside the docs/ directory and are deployed to the gh-pages branch. The CNAME file is currently not part of the CI which deploys to the branch which shall be evaluated if this makes futures deployments easier.

nichrome's People

Contributors

Stargazers

Watchers

nichrome's Issues

usb command needs to install u-root gpt cmd

commit id: b5722be

Ran usb command.
Got error because the gpt command is not installed on the machine.

2018/01/30 16:23:46 gpt [/[GOPATH]/bin/gpt /dev/sda] failed (warning only): exit status 1
Bz image is located at linux-stable/arch/x86/boot/bzImage

[Proposal] Move cloned dependencies to temporary directories

Currently we fetch the following assets when running usb.go:

The Linux Kernel
Linux Firmware
Vboot
Chrome

I propose that we move cloning these resources to the os.TempDir. Build artifacts that are required for successful execution will be copied to a new stable directory in os.TempDir.

usb would lose support for the following flags:

fetch
skiproot
skipkern
keys

Instead, the utility would gain support for one new flag, which would indicate that it should attempt to retrieve all dependencies and recreate any build artifacts. The utility would now check for the presence of the build artifacts in the os.TempDir, and if they were not found, would again attempt to retrieve and recreate all of the build artifacts.

This would have to be done in a way that would still support the static and dynamic build modes.

This may result in more time spent compiling if users reboot frequently.

Invalid relative path to CONFIG when running usb from /usb/

The USB command cannot find the kernel CONFIG if it isn't executed from the top level package directory.

I'm not sure if this is something we'd like to fix.

Use u-root's pkg/cmdline in uinit

As discussed on u-root/u-root#734 let's use u-root's pkg/cmdline package for command line parsing instead of the more error-prone string split

We need to fix the trackpad on chromebooks

https://allysonjulian.com/posts/arch-linux-chromebook-trackpad-tweaks/#installation

gives some idea of what we need.

u-root building fails

chris@chris-VirtualBox:~/go/src/github.com/u-root/NiChrome$ ./usb/usb -fetch=true -dev=/dev/sdb
2017/11/19 16:08:59 Using kernel 4.12.7
2017/11/19 16:08:59 -----> Step check environment: 
2017/11/19 16:08:59 ----------> Start
2017/11/19 16:08:59 ----------> Finished check environment
2017/11/19 16:08:59 -----> Step setup: 
2017/11/19 16:08:59 ----------> Start
Working dir is /home/chris/go/src/github.com/u-root/NiChrome
Home dir is /home/chris
2017/11/19 16:08:59 ----------> Finished setup
2017/11/19 16:08:59 -----> Step cleanup: 
2017/11/19 16:08:59 ----------> Start
-------- Removing problematic files [linux_stable linux-stable NiChrome vboot_reference linux-firmware]
2017/11/19 16:08:59 ----------> Finished cleanup
2017/11/19 16:08:59 -----> Step Get u-root source: 
2017/11/19 16:08:59 ----------> Start
can't load package: package github.com/u-root/wingo: 
../wingo/doc.go:1:1: expected 'package', found 'EOF'

I'm suspecting a u-root failure there, let me see what's going on.

u-root's new "defaultsh" and "initcmd" flags broke usb and travis

I couldn't figure out the right syntax to make this work in usb.go's goBuildDynamic() function, so in the meantime rebase your u-root modifications against u-root commit 0c647f6b if you want to build NiChrome with them.

Travis CI will also fail until usb is fixed.

upspin tab is named "service of services", not "upspin"

I noticed when I started it today that the upspin service starts fine but its tab has the wrong name. This should be an easy fix.

usb command needs to pull fusermount into usr/bin

we need better debugging on startup.

#104 adds a cpio passthrough mode, but trevor and jorge report seeing some weird symlink errors on startup. It's hard as hell to debug this kind of thing and it needs to be better.

NiChrome was not updated alongside u-root

cmds/install/install.go:63:13: assignment mismatch: 3 variables but 2 values
cmds/install/install.go:111:12: assignment mismatch: 3 variables but 2 values
github.com/u-root/u-root/bb/cmds/uinit
cmds/uinit/uinit.go:101:13: assignment mismatch: 3 variables but 2 values
exit status 2
exit status 1
2018/06/04 10:21:53 fail error is : Build static initramfs: exit status 1

cmds/install/install.go:70:7: g.Parts undefined (type *gpt.PartitionTable has no field or method Parts)
cmds/install/install.go:72:34: g.Parts undefined (type *gpt.PartitionTable has no field or method Parts)
cmds/install/install.go:152:3: g.Parts undefined (type *gpt.PartitionTable has no field or method Parts)
exit status 2
exit status 1
2018/06/04 10:34:06 fail error is : Build static initramfs: exit status 1

Argument mismatch and other usage errors where NiChrome install.go and uinit.go files use GPT. Need to modify NiChrome to reflect changes made in u-root.

Differentiate the root shell and the non-root shell

It's currently a little hard to see the difference between the root shell and the non root shell. It would be nice to have a more distinct prompt.

Need to set the date

all the certs are rejected if we boot with the wrong date.

Need sound on chromebooks

We're going to need to enable sound, and also figure out which firmware to include in the kernel.

"go run u-root.go" in usb/usb.go is old?

To get NiChrome/usb/usb to run correctly, I needed to change go run u-root.go ... to u-root ... and similarly for testing in ../u-root. Otherwise, fails with compiler error templates is undefined. The NiChrome/README.md instructions should then also say cd ../u-root; go install.

Independently, also in usb/usb.go I changed rsync -av to cp -p since I'm on Debian where rsync is not available by default. I'm not sure exactly why you were using rsync. If not willing to adopt this change, maybe you can add a comment to clarify the reasoning?

Add ability to include additional files and tcz packages via cmdline flag

Error building io command

../cmds/io/.bb/ports.go:17:24: cannot use in (type func("io".ReadSeeker, uint64, interface {}) error) as type func(int64, "github.com/u-root/u-root/pkg/io".UintN) error in field value
../cmds/io/.bb/ports.go:18:24: cannot use in (type func("io".ReadSeeker, uint64, interface {}) error) as type func(int64, "github.com/u-root/u-root/pkg/io".UintN) error in field value
../cmds/io/.bb/ports.go:19:24: cannot use in (type func("io".ReadSeeker, uint64, interface {}) error) as type func(int64, "github.com/u-root/u-root/pkg/io".UintN) error in field value
../cmds/io/.bb/ports.go:20:26: cannot use out (type func("io".WriteSeeker, uint64, interface {}) error) as type func(int64, "github.com/u-root/u-root/pkg/io".UintN) error in field value
../cmds/io/.bb/ports.go:21:26: cannot use out (type func("io".WriteSeeker, uint64, interface {}) error) as type func(int64, "github.com/u-root/u-root/pkg/io".UintN) error in field value
../cmds/io/.bb/ports.go:22:26: cannot use out (type func("io".WriteSeeker, uint64, interface {}) error) as type func(int64, "github.com/u-root/u-root/pkg/io".UintN) error in field value
../cmds/io/.bb/ports.go:25:6: in redeclared in this block
	previous declaration at ../cmds/io/.bb/io_linux.go:14:57
../cmds/io/.bb/ports.go:29:6: out redeclared in this block
	previous declaration at ../cmds/io/.bb/io_linux.go:22:59
, exit status 2
exit status 1

usb command did not build the correct usb stick, resulting in a boot failing to start user terminal and Chrome browser

Commit id: b5722be

Steps for reproduction:

Plug in the usb stick into build machine and find out what device it is (in this case, it was /dev/sda)
From the project root directory, go to the usb subdirectory and build the usb command in this directory

$ cd usb && go build .

Install the u-root's command gpt. Change back to the root directory. Run the usb command.

$ go install github.com/u-root/u-root/cmds/gpt
$ cd ..
$ ./usb/usb -fetch=true -dev=/the/name/of/device

Unplug the usb stick from build machine and plug it into a Chromebook
Turn on a Chromebook. When the dev-mode screen appears, press Ctrl-U
After boot, observe that Chrome browser and user terminal do not start.
Ctrl-Alt-backspace to exit X11
Notice the following error message about tempfs mount on /pkg failing:
Error creating mount -t "tmpfs" -o "temps" "/pkg" flags 0x0: no such file or directory: not starting user x11 programs

Further examination showed that there was no /pkg directory

tczlist: only print failures

usb command prints a mountain of useless tcz information when it builds. It should only print anything when something fails. Currently, usb "silently" (by overwhelming you with output that looks boring) continues when you add an invalid package to tczlist.

how to split usb.go between cloud and local

The NiChrome build assumes an Ubuntu machine; Debian is not close enough. No problem, just open an Ubuntu VM instance on a cloud provider like GCP and build there. It is less than obvious how to then make the usb stick. Here is what worked for me:

on a fresh VM instance:
install go1.11.5

NiChrome=$GOPATH/src/github.com/u-root/NiChrome
cd $GOPATH/src
git clone https://github.com/u-root/NiChrome
cd $NiChrome
bash travis.sh

on a local machine:
plug in a ChromeOS-formatted USBstick
use dmesg to determine device, say /dev/sdb

cd $GOPATH/src/github.com/u-root/u-root/cmds/gpt
upspin cp [email protected]/Public/NiChrome/gpt.go ./gpt.go
go build
sudo ./gpt -r /dev/sdb > config.txt

copy config.txt to the VM instance's $NiChrome

on the VM instance:

cd $NiChrome
vboot_reference/build/futility/futility vbutil_kernel --pack newKern --keyblock vboot_reference/tests/devkeys/recovery_kernel.keyblock --signprivate vboot_reference/tests/devkeys/recovery_kernel_data_key.vbprivk --version 1 --vmlinuz linux-stable/arch/x86/boot/bzImage --bootloader nocontent.efi --config config.txt --arch x86

copy newKern and initramfs.linux_amd64.cpio to local machine

on the local machine:
using the same device name as determined earlier

sudo dd if=newKern of=/dev/sdb2 bs=1M
sudo dd if=initramfs.linux_amd64.cpio  of=/dev/sdb3 bs=1M

Create Bootable USB

NiChrome needs to make a bootable USB given a kernel (w/ ramfs cpio archive). This method needs to be independent of the ChromiumOS source tree while keeping the level of security that ChromiumOS provides.

userid in NiChrome does not match with userid of the build machine, leading to permission denied error

Commit id: 511cf6f

Build Machine Configurations:

go toolchain version: go1.9.3 linux/amd64
umask: 0022
Perimission bits of ./usr/lib, ./usr/lib/[any_binary], ./lib, ./lib/[any_binary] in the NiChrome directory: 755