Skip to main content

How to beat ChromeOS EOL and carry on getting updates

ChromeOS devices are great in loads of ways, but they have built-in obsolescence. Google will stop providing updates at a predetermined time according to the schedule you can find here. So the best you will achieve is 6.5 year if you buy the device on the launch day. In reality, it will be generally much less. It's something to watch as a good deal might not be such a good deal if the device only has two years left.

Once a device reaches its "due" date, you get a red pop up telling you its time to update every time you log in. The update section tells you there are no more updates. Now the device will work fine - for a while. You might get another 6 months use out of it before core services like Gmail stop working. However, if you are prepared to do a little work, you can install the OS of your choice onto the device and carry on using the device and not accept this. If you want ChromeOS, then you can install Cloudready from Neverware. I'll outline the basic steps below:

Put your device into Developer Mode. For most devices, this means hitting the ESC - Refresh - Power buttons. On some devices - like the Samsung Chromebox, the is a little dip switch to do it. Either way, the device reboots and you get ChromeOS is missing or damaged. Hit Ctrl-D and follow the onscreen prompts. When the device reboots - hit Ctrl - D and the device boots into Developer Mode.

If your device was managed - then make sure it is in an OU with forced re-enrollment turned off while you tinker.

We are going to modify the BIOS on the machine. Some machines have a hardware lock on this. It may be a screw or a jumper on the motherboard. You need to find out where this is (if present). Chromium.org has guides for some devices - Samsung Chromebox and 550. So for the Samsung Chromebox the jumper indicated in the picture must be closed:

Inline image 1

Once you have flashed your BIOS you can open this again.

Fire the machine up and login to it. Open up Chrome and hit Ctrl + Alt + T. This will bring up the terminal. Run the following commands:

shell
sudo -s
flashrom --wp-disable

Reboot the device and log back in.
Open up the terminal again Ctrl + Alt + T. The run the following commands:

shell
sudo -s
cd;bash <(curl https://johnlewis.ie/flash_cb_fw.sh)

There is an alternative Sea BIOS source and the script would be:
cd; curl -LO https://mrchromebox.tech/firmware-util.sh && sudo bash firmware-util.sh

The second one comes from MrChromebox.tech - the site gives lots of good information.

You are now at the point of no return and can potentially brick your device. Follow the onscreen instructions to the letter. With the bios flash option FULL ROM should work with most devices - but check your one here (or at MrChromebox.tech if using that BIOS).
Assuming you get no errors, you can reboot the device. ChromeOS has now gone!

You need a bootable USB stick with your new OS on it. Could be Windows, Linux or Cloudready to go back to ChromeOS. Pop it into a USB port before you reboot.

Reboot. Hold ESC down and hammer the "2" key. ESC selects the boot option and 2 is USB boot. If all is well, you should boot from the USB key and be able to install the OS. Once it is all working, I suggest you re-enable the BIOS lock.

This allows you to carry on using the device indefinitely. There are a few things to be aware of:

  • No support for ARM based devices - so Samsung 303's are toast.
  • If you want to use the enterprise version of Cloudready, when you enrol the device, it will use a new ChromeOS licence - its seen as a different device.
Over the coming year, I'll be doing this on numerous Asus, Acer and Samsung Chromeboxes and LG Chromebases. All work absolutely fine - but are coming to the EOL date so there is is no need to accept planned obsolescence.

Just an update on this - the location of the hardware lock for Asus/Dell/HP and Acer (under the heat pipe) hardware locks are shown below:

Video Walkthrough






Popular posts from this blog

Delete a specific email using GAM

If a user send an inappropriate email to a loads of people or get stung by some sort of email exploit you can quickly delete the email from all of the recipients using a GAM command.
Step 1 - get the email header Go into Google Vault and search for the offending user or someone known to have got the message.
Click show details and grab the email ID. This will be a long string of characters followed by @mail.gmail.com
Step 2 - find out who has the email Go into Google Vault and find the original message sent by the offending user. Look at the details to see who got it. Copy the list and dump it into a spreadsheet. Clean up to just a list of emails with a column header 'mail'. Save as a csv file.
Step 3 - delete messages with GAM Put your CSV file in your GAM folder - this e.g. assumes its called mail.csv
Run:
gam csv mail.csv gam user ~mail delete messages query rfc822msgid:MESSAGEIDHERE doit

The alternative nuke option is:
gam all users delete messages query rfc822msgid:MESSAGEI…

How to push bookmarks to users in Chrome via the management console

With the release of Chrome and ChomeOS 37 an update to the management console has arrived that allows you to push bookmarks to users.

Under Device Management > Chrome > User Settings > User Experience you will now find the option to add managed bookmarks.


In the example above, the bookmarks are applied to the sub-OU of 'students' - so all our students will get these bookmarks. Simply add your url and the bookmark name, click the + and save. These will appear in a folder called 'yourdomain bookmarks' - see below:



Be aware that to get these bookmarks applied on a Windows/OS-X device the user must be signed into Chrome. Update: if you install the latest group policy template you can push the bookmarks via policy on PCs - details are given here.
Video Guide:

Using Quarantine Manager in Google Apps

Fairly recently Quarantine Manager was introduced to Google Apps. This is a tool that works alongside SPAM filtering, objectionable content and content compliance rules you may have setup. Essentially the Quarantine Manager holds messages that fall into the categories you have defined for administrators to view before approving or rejecting the messages.

We have used this to block all SPAM messages going to students. This is a brief look at how to set it up.  Please note, it is very important to have authenticated email setup - this prevents things like group notifications every ending up in SPAM.
Step 1 - define some Quarantine Names Head to email settings. You will find 'Manage Quarantines' below 'Authenticated email' near the bottom:
Click on 'ADD' - top left Give the quarantine a name and description of what it is going to do. Decide if you just want to drop the message or send a rejection email. See example below: This in itself does nothing - you have to …