vboot-utils

The vboot-utils package contains tools for working with Chrome OS verified boot systems, particularly for Chromebooks. It enables manipulation of GUID Partition Tables (GPT) with Chromium OS extensions via cgpt, kernel signing with vbutil_kernel, and firmware operations through futility and other utilities. These tools are essential for developers modifying Chrome OS devices, signing custom kernels to boot on verified boot systems, and debugging firmware components.

Key components include cgpt for partition management, vboot-kernel-utils providing futility and vbutil_kernel for unified firmware tasks and kernel packing, and vboot-utils offering specialized tools like chromeos-tpm-recovery, crossystem, and dev_debug_vboot. Use cases involve creating keypairs, verifying boot processes, extracting firmware maps, and interfacing with TPM and nvram on Chrome OS hardware.

Most users only need cgpt and vboot-kernel-utils; the full vboot-utils is for advanced Chromebook internals handling. Tools support operations like prioritizing kernel partitions, dumping kernel configs, and modifying Google Binary Blocks (GBB).

vboot-utils leverages Chromium OS verified boot protocols, using RSA keys in .vbprivk/.vbpubk/.keyblock formats for signing kernels and firmware. cgpt manipulates GPT headers, entries, and Chromium OS kernel priorities. futility unifies legacy tools, handling FMAP extraction, GBB manipulation, and key operations across vboot v1.0/v2.1 formats. vbutil_kernel packs vmlinuz with keyblocks, configs, and bootloaders into verified blobs, supports repacking, verification against public keys, and extraction. crossystem queries/sets firmware parameters like devmode flags and TPM states via Chrome OS cros_ec interface. dev_debug_vboot validates boot partitions using BIOS keys, logging to /var/log.