Restoring stock BIOS on a Braswell Chromebook with a broken rom

Since Braswell is still widely unsupported in the world of Chromebooks (no public Tianocore/Windows rom released yet), one can expect to run into many issues when developing for these Chromebooks.

One of these issues I encountered was being unable to flash anything internally after flashing a Tianocore rom. This seems to be an issue with coreboot, and until it is fixed upstream, you will get this message trying to probe the chip:

Programmer does not support specified bus
Error: Programmer initialization failed.

This resulted with being locked on the same rom, unable to flash anything newer or go back to stock. One solution would be to use an external flasher or build one yourself, however, the first option is too expensive to be viable for everyone and the second option has a risk of frying the chip, since most of the chips are 1.8V only compliant, which the Raspberry Pi doesn't natively support (however, people have reported successes using the 3.3V pin).

The safest option so far would be to use a custom flashrom, which has the necessary patches needed to make it work.

Before you begin, it's necessary to have a valid binary file at hand, which you will flash using flashrom. Whether it's a newer rom you compiled yourself, or a backup image you made before flashing the broken rom, is entirely up to you. If you have neither of these, you can generate one yourself. In any case, this file should be 8M in size.

Once you have this installed, you can download the modified flashrom. Mark it as executable:

chmod +x flashrom

Run all of the next commands as root. You can now try simply executing flashrom and seeing if all dependencies are satisfied:

./flashrom

If it complains about missing libraries, install the appropriate package using your distro's package manager. For example, on Debian:

apt install libftdi

If flashrom outputs without giving any errors, you can attempt reading off the chip:

./flashrom -p internal --ifd -i BIOS -A -r test.bin

You can inspect the resulting test.bin file. If the file seems correct, you can flash your own binary:

./flashrom -p internal --ifd -i BIOS -A -w [your binary]

If flashrom reports success, it is time to reboot your machine. Give it time, around a minute maximum. With luck, the machine should boot up to whatever you flashed, for example, if you flashed the stock shellball, it should be complaining about not having ChromeOS installed, which is a good thing. You can proceed by preparing a recovery USB.

Note: I have personally restored my Braswell Edgar using this method. It has been wildly untested on other Chromebooks, however, it should work without any problems.

Special thanks: coolstar, ReddestDream, MrChromebox

Author | nns

Ethical Hacking and Cybersecurity professional with a special interest for hardware hacking, IoT and Linux/GNU.