depthcharge

depthcharge is google's custom payload for coreboot replacing BIOS/UEFI on all chromebooks, starting with intel sandybridge for x86 chromebooks and exynos 5420 for arm chromebooks. The original intel pineview chromebooks used a heavily stripped down insyde h2o uefi and the original arm chromebook used u-boot. It expects a custom ChromeOS kernel partition with specific GPT flags set, otherwise it refuses to boot. In verified mode, it expects this partition to be signed with specific keys (usually google's keys, but you can replace these). Depthcharge will beep very loudly on usb/legacy boot failure and reboot to recovery mode on internal boot failure.

Some of the partition flags have been documented in the Submarine Docs.

Currently, the common wisdom is to replace depthcharge with a build of edk2 or SeaBIOS on all x86_64 platforms. However, the community firmware stack isn't as mature on aarch64 platforms, thus using depthcharge to load LinuxBoot (or a plain Linux kernel directly) may be a sensible option.

Coreboot/depthcharge lives fully in the SPI flash; This means that even with a completely broken partition layout, it should start up with a recovery screen, prompting for external media.

In developer mode, depthcharge allows you to boot unsigned kernels, boot from usb, and other functions which depend on the version of depthcharge.

There are several versions of depthcharge with various different features/UIs. Depthcharge on very old boards (broadwell and older) store bitmaps in the GBB region, and when removed will fallback to a nice looking white text on black background UI. The normal firmware UI is bright white, so this can be easier on your eyes. Around the release of skylake boards, the bitmaps were moved to the COREBOOT region, and the nice fallback was removed. Now if you try to remove the bitmaps, you have a very strange looking screen. Around 2022?, google replaced the legacy firmware UI with "project groot", which brought a dark UI, menu elements you can select instead of pressing "magic" keyboard shortcuts, and new functions such as viewing coreboot logs. Later on, google also introduced an internet recovery feature. This will boot a special ChromeOS kernel from disk, called MiniOS, which will connect to the internet and download a full recovery image and recover the chromebook. If the MiniOS partitions are not present, the firmware will prompt the user to recover via external storage.

depthcharge uses specific GBB Flags for the internal config. They allow you to change specific boot behavior. To set them, one needs to already have flash write access, and a couple common utilities:

1. read your rom with flashrom (e.g. flashrom -p internal -r dump.bin). make a copy of it.
2. get futility (in alpine, packaged as vboot-utils)
3. futility gbb --flags dump.bin - this will show you the current flags. If the number is 0x00..., then you don't have any flags set.
4. paste that number into gbbflaginator, which will list you currently enabled flags
5. modify the flags, copy the result
6. futility gbb --set --flags=0x123abc dump.bin
7. write the modified dump
8. ???
9. profit