Bypassing enterprise enrollment completely.
Reported by
pikachu...@gmail.com,
Oct 5 2017
|
|||||||||
Issue descriptionVersion of Google Chrome (Version 59.0.3071.134 (Official Build) (64-bit) Version of MSI (NO) Using group policy settings? YES [ I'm a 13 year old student, and have discovered how to bypass all forms of enterprise enrollment, turn off write protection, dual boot Chrome OS and Linux, all without tampering with the hardware or using another computer. You simply need a USB drive with the following file installed https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_5841.98.0_wolf_recovery_stable-channel_mp.bin.zip Afterwards, you boot the device into recovery mode, and insert the USB stick (in order to downgrade the OS). After that's done, enter recovery mode again, press ctrl+D and let it start developer mode. After that's done, start Chrome OS normally and simply log in with a gmail account. There is another way -albeit very inconsistent- that requires you to simply drain the battery and let it sit for about an hour. Then, you press ctrl+D on the recovery screen and it'll let you enter developer mode and also stay on the current OS. As you login, it MAY still enroll you but it will keep you in dev mode. In this case,you can still boot Linux through shell in guest mode and use the device unrestricted, but the Chrome OS part is still useless. If this doesn't happen, you can just login with a gmail account like the previous method. I hope this helps. ]
,
Oct 5 2017
,
Oct 6 2017
,
Oct 6 2017
Looks like this is downgrading to m36. Really surprised that this is even possible given intermediate key rolls between v36 and v59. What's the starting version, pikachu? Marking as P0 as it would be very bad if there were really a way to recover back to 36 from any of our current FSIs...
,
Oct 6 2017
Tagging it as 'RB-Stable' for M59, however please feel free to update the priority.
,
Oct 6 2017
+ Krishna [Enterprise POC for CrOS]
,
Oct 9 2017
I've tested on wolf with latest stable version (61) and the device doesn't allow to recover with the image specified here. The message is "You are using out-of-date Chrome OS recovery image". Will try to check with version 59 too.
,
Oct 9 2017
Same message when trying to recover from 59. pikachu13w Could you please attach the logs from the device taken from chrome://net-internals -> ChromeOS -> Store Debug Logs.
,
Oct 9 2017
Which build (or which milestone) did this Chromebook start on before you used the USB stick? +Kevin and Danny for context on the key bump that took place between ~M53 and now. It should not be possible to recover Wolf to anything older once you're past the key change. Removing RBS and M-59 since we stopped shipping that months ago. This shouldn't block M-61 stable, but +Ketaki as FYI
,
Oct 9 2017
right, pre M53 recovery should not load in a device running a post M53 image
,
Oct 20 2017
@pikachu13w, do you know the what milestone you were on before recovery?
,
Oct 23 2017
Pri-0 bugs are critical regressions or serious emergencies, and this bug has not been updated in three days. Could you please provide an update, or adjust the priority to a more appropriate level if applicable? If a fix is in active development, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 6 2017
Pri-0 bugs are critical regressions or serious emergencies, and this bug has not been updated in three days. Could you please provide an update, or adjust the priority to a more appropriate level if applicable? If a fix is in active development, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 4 2017
Given the lack of feedback from this user and since we cannot repro this case, closing this bug.
,
Dec 4 2017
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by pikachu...@gmail.com
, Oct 5 2017