Provided by: depthcharge-tools_0.6.2-2_all bug

NAME

       depthchargectl - Manage the ChromeOS bootloader and its boot images

SYNOPSIS

       depthchargectl [options] COMMAND ...

       depthchargectl bless [options] [PARTITION | DISK]

       depthchargectl build [options] [KERNEL_VERSION]

       depthchargectl check [options] IMAGE

       depthchargectl config [options] KEY

       depthchargectl list [options] [DISK ...]

       depthchargectl remove [options] (KERNEL_VERSION | IMAGE)

       depthchargectl target [options] [PARTITION | DISK ...]

       depthchargectl write [options] [KERNEL_VERSION | IMAGE]

DESCRIPTION

       depthchargectl  automatically  manages  the ChromeOS bootloader by building images for the
       current board  and  system,  writing  them  to  appropriate  ChromeOS  kernel  partitions,
       prioritizing  those  partitions  accordingly, and setting them as successful on boot. When
       you have more than one ChromeOS kernel partition, they will be  utilized  in  rotation  so
       that an unsuccessful boot attempt can revert to the last good version.

       The KERNEL_VERSION argument is a distro-specific representation of a kernel and usually is
       the latter part of /boot/vmlinuz-VERSION.  The IMAGE argument is  a  boot  image  for  the
       ChromeOS  bootloader,  or  a  file  suspected  to  be  one. DISK should be a physical disk
       containing a GPT partition table (e.g. /dev/mmcblk0, /dev/sda), but  virtual  disks  (e.g.
       /dev/dm-0)  are  resolved  to  such  physical  disks if possible. PARTITION must be one of
       partition devices of  a  physical  disk  (e.g  /dev/mmcblk0p1,  /dev/sda2).  The  vmlinuz,
       initramfs and dtb files are as explained in mkdepthcharge(1).

       The program's functionality is divided into subcommands:

   depthchargectl bless
       Sets  bootloader-specific flags for a given partition or the currently booted partition as
       detected from the kern_guid=PARTUUID parameter mkdepthcharge(1) adds to the kernel command
       line.  By  default, this marks the partition as successfully booted and the most preferred
       one, but can disable the partition or make it boot only on the next attempt as well.

   depthchargectl build
       Builds a bootable image from the running system for this board,  using  the  latest  or  a
       specific  kernel version. depthchargectl keeps a database of known ChromeOS boards and how
       to build bootable images for them. For example, it keeps track of which  device-tree  file
       that  needs  to  be  included  for  each  ARM  board.  It also figures out distro-specific
       information of where the vmlinuz, initramfs and  dtb  files  are  located.  It  uses  this
       information and mkdepthcharge(1) to build this image.

       It  automatically adds an appropriate root=ROOT kernel command line parameter deduced from
       /etc/fstab. Higher compression levels for the kernel are automatically tried as necessary,
       when the firmware supports them.

   depthchargectl config
       Retrieves the configured value for a given configuration key, primarily for use in scripts
       that integrate depthchargectl with the system upgrade process. Can also query  information
       about boards.

   depthchargectl check
       Checks  if  a file is a depthcharge image that can be booted on this board. depthchargectl
       also keeps track of restrictions on images for each board. For example,  earlier  ChromeOS
       board  can  boot  images up to a specific size, e.g. 32MiB. It checks if its input is in a
       format the ChromeOS bootloader expects and satisfies these restrictions.

   depthchargectl list
       Prints a table of ChromeOS kernel partitions and their bootloader specific GPT flags (i.e.
       Successful, Priority, Tries). By default, it only searches the physical disks on which the
       boot and root partitions reside.

   depthchargectl remove
       Disables partitions that contain a specific image or a specific kernel  version.  This  is
       most  useful  when you are removing a kernel version and its modules from your system, and
       know images built with this kernel will fail to boot from that point on.

   depthchargectl target
       Chooses and prints the lowest priority, preferably unsuccessful ChromeOS kernel  partition
       to write a boot image to. By default, searches the same disks as the list subcommand. If a
       partition is given, it checks if it is an appropriate for a boot image. Tries to avoid the
       currently booted kernel.

   depthchargectl write
       Writes  a  specific  image  or builds and writes a kernel-version image to a partition the
       target subcommand returns, and marks it as bootable once  on  the  next  boot.  The  bless
       subcommand must be run after a successful boot to make the partiiton permanently bootable,
       but that is possible to do  automatically  with  the  service  files  provided  with  this
       package.

OPTIONS

   Global options
       -h, --help
              Show a help message and exit.

       -v, --verbose
              Print info messages and mkdepthcharge(1) output to stderr.

       -V, --version
              Print program version and exit.

       --root ROOT
              Root  device  or mountpoint of the system to work on. If a mounted device is given,
              its mountpoint is used. Defaults to the currently booted system's root.

       --root-mountpoint DIR, --boot-mountpoint DIR
              Root and boot mountpoints of the system to work on. If not given, deduced from  the
              --root argument. These are helpful because the --root argument is overloaded by the
              build subcommand, which adds it as a kernel command line argument, and  it  can  be
              desirable to avoid that while building an image for a chroot.

       --tmpdir DIR
              Directory  to  keep  temporary  files.  Normally depthchargectl creates a temporary
              directory by itself and removes it when it quits. However, if a temporary directory
              is specified with this option any temporary files will be created under it and will
              not be deleted.

   Configuration options
       In    addition     to     its     built-in     configuration,     depthchargectl     reads
       /etc/depthcharge-tools/config and /etc/depthcharge-tools/config.d/* as configuration files
       to make it adaptable to different boards and systems. The  following  options  allow  this
       configuration to be overridden temporarily.

       --config FILE
              Additional  configuration  file to read. This can include changing board properties
              or adding new boards, which mostly isn't possible to do with command-line options.

       --board CODENAME
              Assume depthchargectl is running on the  specified  board.  Normally  it  tries  to
              detect  which board it's running on primarily based on the HWID of the board set by
              the vendor, among other things.

       --images-dir DIR
              Directory to store and look for  built  depthcharge  images.  By  default,  set  to
              /boot/depthcharge.

       --vboot-keyblock KEYBLOCK
              The  kernel  keyblock  file  required  to  sign  and  verify  images.  By  default,
              depthchargectl   searches   for   these   keys   in   /etc/depthcharge-tools    and
              /usr/share/vboot/devkeys directories.

       --vboot-public-key SIGNPUBKEY
              The  public  key  required  to  verify  images,  in  .vbpubk  format.  By  default,
              depthchargectl   searches   for   these   keys   in   /etc/depthcharge-tools    and
              /usr/share/vboot/devkeys directories.

       --vboot-private-key SIGNPRIVATE
              The  private  key  necessary  to  sign  images,  in  .vbprivk  format.  By default,
              depthchargectl   searches   for   these   keys   in   /etc/depthcharge-tools    and
              /usr/share/vboot/devkeys directories.

       --kernel-cmdline CMD [CMD ...]
              Command-line   parameters   for  the  kernel.  By  default,  these  are  read  from
              /etc/kernel/cmdline, /usr/lib/kernel/cmdline or /proc/cmdline.  depthchargectl  and
              mkdepthcharge(1)  may  append  some other values to this: an appropriate root=ROOT,
              the  kern_guid=%U  parameter  required  for  the  bless  subcommand,  noinitrd   if
              --ignore-initramfs is given.

       --ignore-initramfs
              Do  not  include initramfs in the built images, ignore the initramfs checks for the
              root=ROOT argument, and add noinitrd to the kernel cmdline. If you know  that  your
              OS  kernel  can  boot  on this board without an initramfs (perhaps because it has a
              built-in one), you can specify this option to build an initramfs-less image.

       --zimage-initramfs-hack
              Choose which initramfs support hack will be used  for  the  zimage  format.  Either
              set-init-size  (the  default),  pad-vmlinuz  for  kernels without KASLR, or none if
              depthcharge ever gets native support for safely loading zimage initramfs.

   depthchargectl bless options
       --bad  Set the specified partition as unbootable. This sets all three of  the  Successful,
              Priority, Tries flags to 0.

       --oneshot
              Set  the  specified  partition  to  be  tried  once in the next boot. This sets the
              Successful flag to 0, Tries flag to 1, and makes sure  the  Priority  flag  is  the
              highest one among all the partitions of the disk the specified one is in.

       -i NUM, --partno NUM
              Partition  number  in  the  given disk image, for when the positional argument is a
              disk image instead of a partition block device.

   depthchargectl build options
       --description DESC
              Human-readable description for the image. By default, a string that describes  your
              system  with  the specified kernel release name, like "Debian GNU/Linux, with Linux
              5.10.0-6-arm64".

       --root ROOT
              Root device to add to kernel cmdline. By default, this is acquired from  /etc/fstab
              or  a  filesystem UUID is derived from the mounted root. If none is passed, no root
              parameter is added.

       --compress TYPE [TYPE ...]
              Compression types to attempt. By default, all  compression  types  that  the  board
              supports based on depthchargectl configuration are attempted from lowest to highest
              compression.

       --timestamp SECONDS
              Build timestamp for the image. By default, SOURCE_DATE_EPOCH is used if  it's  set.
              If  not,  the  modification  date  of either the initramfs or vmlinuz is used as an
              attempt to keep images somewhat reproducible.

       -o PATH, --output PATH
              Output image to path instead of storing it in the images-dir.

       The following options allow one to specify the exact files to  be  used  in  building  the
       image, instead of letting depthchargectl deduce them:

       --kernel-release NAME
              Release  name  for  the  kernel  to  be used in image filename under the images-dir
              (unless --output is specified).

       --kernel FILE
              Kernel executable. Usually /boot/vmlinuz-VERSION by default, but  depends  on  your
              OS.

       --initramfs FILE [FILE ...]
              Ramdisk image. Usually /boot/initrd.img-VERSION by default, but depends on your OS.
              If none is passed, no initramfs is added.

       --fdtdir DIR
              Directory to search device-tree binaries for the board.  Usually  /boot/dtbs  or  a
              directory  like /usr/lib/linux-image-VERSION, depends on your OS. dtb files in this
              dir are searched to find ones matching your board's device-tree  compatible  string
              set in configuration.

       --dtbs FILE [FILE ...]
              Device-tree binary files to use instead of searching fdtdir.

   depthchargectl config options
       --section SECTION
              Config section to retrieve configured values from. By default, this is the globally
              default section: depthcharge-tools.

       --default DEFAULT
              A default value to return if the given config key doesn't exist in the given config
              section.  If  a default value is not given, this subcommand prints an error message
              and exits with nonzero status when the key is missing.

   depthchargectl check options
       This subcommand takes no specific options.

   depthchargectl list options
       -a, --all-disks
              List partitions on all disks.

       -c, --count
              Print only the count of partitions.

       -n, --noheadings
              Don't print column headings.

       -o COLUMNS, --output COLUMNS
              Comma separated list of columns to output. Supported columns are ATTRIBUTE (or  A),
              SUCCESSFUL  (or  S), TRIES (or T), PRIORITY (or P) for ChromeOS GPT flags, PATH for
              the partition device (if exists), DISKPATH (or DISK) for the disk device/image  the
              partition  is  in, PARTNO for the partition number, and SIZE for the partition size
              in bytes.

   depthchargectl remove options
       -f, --force
              Allow disabling the currently booted partition.

   depthchargectl target options
       -a, --all-disks
              Consider all available disks, instead of considering only disks containing the root
              and boot partitions.

       --allow-current
              Allow targeting the currently booted partition.

       -s BYTES, --min-size BYTES
              Only  consider  partitions  larger  than  this size in bytes. Defaults to 64 KiB to
              ignore unused partitions in ChromeOS installations.

   depthchargectl write options
       --allow-current
              Allow overwriting the currently booted partition.

       -f, --force
              Write image to disk even if it cannot be verified by the check subcommand.

       --no-prioritize
              Don't modify ChromeOS GPT flags on the partition. Normally, the flags would be  set
              to make the system boot from the newly written partition on the next boot.

       -t DEVICE, --target DEVICE
              Specify a disk or partition device to write to. This device is passed to the target
              subcommand to determine where exactly to write to.

EXIT STATUS

       In general, exits with zero on success and non-zero on failure.  Some  subcommands  return
       more specified exit statuses:

   depthchargectl build exit status
       0      Image built and stored successfully.

       1      An error occurred before or during building the image.

       3      Can build an image with an initramfs, but it is too big for the board despite using
              maximum allowed  kernel  compression.  This  might  be  solvable  by  reducing  the
              initramfs size.

       4      Like  3,  but  without  an  initramfs  or reducing the initramfs size wouldn't make
              things fit. This might be  solvable  by  reducing  the  vmlinuz  size,  perhaps  by
              building a custom kernel.

   depthchargectl check exit status
       0      The image passes all checks.

       1      Errors unrelated to image checks.

       2      The image isn't a readable file.

       3      Size of the image is too big for the board.

       4      The image cannot be interpreted by vbutil_kernel(1).

       5      The image fails the vbutil_kernel(1) signature checks.

       6      The image is built with a wrong format for the board.

       7      The image is missing device-tree files compatible with the board.

   depthchargectl target exit status
       0      A  usable  partition  is  given,  or  a usable partition was chosen from disks. The
              partition passes the checks and is printed to output.

       1      Errors unrelated to partition checks.

       2      The partition is not a writable block device.

       3      The disk containing the partition is not a writable block device.

       4      Cannot parse a partition number from the partition.

       5      The partition is not a ChromeOS kernel partition.

       6      The partition is the currently booted partition.

       7      The partition is smaller than the --min-size argument.

FILES

       /etc/depthcharge-tools
              Configuration directory. depthchargectl searches this directory  for  configuration
              files and ChromiumOS verified boot keys.

       /etc/depthcharge-tools/config
              System  configuration  file. The "Configuration options" explained above can be set
              here to have them as  long-term  defaults.  It's  also  possible  to  modify  board
              properties or add new boards here.

       /etc/depthcharge-tools/config.d/*
              These files are considered appended to the config file.

       /etc/kernel/cmdline, /usr/lib/kernel/cmdline, /proc/cmdline
              Files from which depthchargectl may deduce a default kernel command line.

       /usr/lib/systemd/system/depthchargectl-bless.service
              A systemd service that runs depthchargectl bless on successful boots.

       /usr/lib/kernel/install.d/90-depthcharge-tools.install
              A  systemd  kernel-install  plugin  that  can  automatically  manage your system if
              layout=depthcharge-tools is set in /etc/kernel/install.conf.

       /etc/init.d/depthchargectl-bless
              An init service that runs depthchargectl bless on successful boots.

       /usr/share/vboot/devkeys
              A  directory  containing  test  keys  which   should   have   been   installed   by
              vbutil_kernel(1).  depthchargectl  also searches this directory if no verified boot
              keys are set in configuration or found in config directories.

       /boot/depthcharge/*.img
              The most recently built images for each kernel version.

EXAMPLES

       depthchargectl list -n -o PATH
              Get a list of partitions depthchargectl will act on by default.

       depthchargectl build --board kevin --root /mnt --output depthcharge.img
              Build an image for the Samsung Chromebook Plus (v1), using files from and  intended
              to boot with the chroot system mounted at /mnt.

       depthchargectl config board
              Print the board codename for the detected board.

       depthchargectl config --default False enable-system-hooks
              Print  the  enable-system-hooks  config  if  it's set, False if not.  This specific
              config key is meant to be a common mechanism which distro packagers can use to  let
              users disable system upgrade hooks that use depthchargectl.

       depthchargectl write --allow-current
              Build,  check  and  write  an image for the latest kernel-version of this system to
              disk while allowing overwriting the currently booted partiiton. You might use  this
              if  you only have a single ChromeOS kernel partition, but broken kernels might make
              your system unbootable.

       depthchargectl write vmlinux.kpart -t /dev/mmcblk1p1
              Write the vmlinux.kpart file to /dev/mmcblk1p1, only if  both  the  image  and  the
              partition  are  valid. Something of this form would be used for writing images to a
              secondary or external disk.

SEE ALSO

       mkdepthcharge(1), cgpt(1), vbutil_kernel(1)