aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorAlyssa Rosenzweig <alyssa@rosenzweig.io>2017-05-13 09:09:58 -0700
committerAlyssa Rosenzweig <alyssa@rosenzweig.io>2017-05-13 09:09:58 -0700
commit2845c86cb32828d39c63a45ed0b920d6bd90ac60 (patch)
tree3a9e1e2d33c8e12f5ac9e0a86c4d22cda281c611 /docs
parent50a1efd9efefac8192bf14dfd4030f1aae2c91e1 (diff)
downloadlibrebootfr-2845c86cb32828d39c63a45ed0b920d6bd90ac60.tar.gz
librebootfr-2845c86cb32828d39c63a45ed0b920d6bd90ac60.zip
Cleanup depthcharge
Diffstat (limited to 'docs')
-rw-r--r--docs/depthcharge/index.md103
1 files changed, 33 insertions, 70 deletions
diff --git a/docs/depthcharge/index.md b/docs/depthcharge/index.md
index 4a1b7a87..ebfbbefe 100644
--- a/docs/depthcharge/index.md
+++ b/docs/depthcharge/index.md
@@ -1,24 +1,11 @@
---
title: Depthcharge payload
+x-toc-enable: true
...
This section relates to the depthcharge payload used in libreboot.
-- [CrOS security model](#cros_security_model)
-- [Developer mode screen](#developer_mode_screen)
- - Holding the developer mode screen
- - Booting normally
- - Booting from different mediums
- - Showing device information
- - Warnings
-
-- [Recovery mode screen](#recovery_mode_screen)
- - [Recovering from a bad state](#recovering_bad_state)
- - [Enabling developer mode](#enabling_developer_mode)
-- [Configuring verified boot
- parameters](#configuring_verified_boot_parameters)
-
-CrOS security model {#cros_security_model}
+CrOS security model
===================
CrOS (Chromium OS/Chrome OS) devices such as Chromebooks implement a
@@ -32,27 +19,24 @@ kernels without verifying their signature and booting from external
media or legacy payload unless explicitly allowed: see [configuring
verified boot parameters](#configuring_verified_boot_parameters).
-Developer mode screen {#developer_mode_screen}
+Developer mode screen
=====================
-The developer mode screen can be accessed in depthcharge when developer
-mode is enabled.\
-Developer mode can be enabled from the [recovery mode
-screen](#recovery_mode_screen).
+The developer mode screen can be accessed in depthcharge when developer mode is
+enabled. Developer mode can be enabled from the recovery mode screen.
It allows booting normally, booting from internal storage, booting from
-external media (when enabled), booting from legacy payload (when
-enabled), showing information about the device and disabling developer
-mode.
+external media (when enabled), booting from legacy payload (when enabled),
+showing information about the device and disabling developer mode.
-Holding the developer mode screen {#holding_developer_mode_screen}
+Holding the developer mode screen
---------------------------------
As instructed on the developer mode screen, the screen can be held by
pressing **Ctrl + H** in the first 3 seconds after the screen is shown.
After that delay, depthcharge will resume booting normally.
-Booting normally {#booting_normally}
+Booting normally
----------------
As instructed on the developer mode screen, a regular boot will happen
@@ -60,7 +44,7 @@ after **3 seconds** (if developer mode screen is not held).\
The default boot medium (internal storage, external media, legacy
payload) is shown on screen.
-Booting from different mediums {#booting_different_mediums}
+Booting from different mediums
------------------------------
Depthcharge allows booting from different mediums, when they are allowed
@@ -74,13 +58,12 @@ can be triggered by pressing various key combinations:
- External media: **Ctrl + U** (when enabled)
- Legacy payload: **Ctrl + L** (when enabled)
-Showing device information {#showing_device_information}
+Showing device information
--------------------------
-As instructed on the developer mode screen, showing device information
-can be triggered by pressing **Ctrl + I** or **Tab**.\
-Various information is shown, including vboot non-volatile data, TPM
-status, GBB flags and key hashes.\
+As instructed on the developer mode screen, showing device information can be
+triggered by pressing **Ctrl + I** or **Tab**. Various information is shown,
+including vboot non-volatile data, TPM status, GBB flags and key hashes.
Warnings
--------
@@ -91,7 +74,7 @@ The developer mode screen will show warnings when:
- Booting from external media is enabled
- Booting legacy payloads is enabled
-Recovery mode screen {#recovery_mode_screen}
+Recovery mode screen
====================
The recovery mode screen can be accessed in depthcharge, by pressing
@@ -101,7 +84,7 @@ It allows recovering the device from a bad state by booting from a
trusted recovery media. When accessed with the device in a good state,
it also allows enabling developer mode.
-Recovering from a bad state {#recovering_bad_state}
+Recovering from a bad state
---------------------------
When the device fails to verify the signature of a piece of the boot
@@ -127,15 +110,14 @@ replaced. When the recovery private key is available (e.g. when using
self-generated keys), it can be used to sign a kernel for recovery
purposes.
-Enabling developer mode {#enabling_developer_mode}
+Enabling developer mode
-----------------------
As instructed on the recovery mode screen, developer mode can be enabled
-by pressing **Ctrl + D**.\
-Instructions to confirm enabling developer mode are then shown on
-screen.
+by pressing **Ctrl + D**. Instructions to confirm enabling developer mode are
+then shown on screen.
-Configuring verified boot parameters {#configuring_verified_boot_parameters}
+Configuring verified boot parameters
====================================
Depthcharge's behavior relies on the verified boot (vboot) reference
@@ -161,45 +143,26 @@ security of the device.
The following parameters can be configured:
-- Kernels signature verification:
- - Enabled with:
+Kernels signature verification:
- # crossystem dev\_boot\_signed\_only=1
+ # crossystem dev\_boot\_signed\_only=1 # enable
+ # crossystem dev\_boot\_signed\_only=0 # disable
- - Disabled with:
+External media boot:
- # crossystem dev\_boot\_signed\_only=0
+ # crossystem dev\_boot\_usb=1 # enable
+ # crossystem dev\_boot\_usb=0 # disable
-- External media boot:
- - Enabled with:
+Legacy payload boot:
- # crossystem dev\_boot\_usb=1
+ # crossystem dev\_boot\_legacy=1 # enable
+ # crossystem dev\_boot\_legacy=0 # disable
- - Disabled with:
+Default boot medium:
- # crossystem dev\_boot\_usb=0
-
-- Legacy payload boot:
- - Enabled with:
-
- # crossystem dev\_boot\_legacy=1
-
- - Disabled with:
-
- # crossystem dev\_boot\_legacy=0
-
-- Default boot medium:
- - Internal storage:
-
- # crossystem dev\_default\_boot=disk
-
- - External media:
-
- # crossystem dev\_default\_boot=usb
-
- - Legacy payload:
-
- # crossystem dev\_default\_boot=legacy
+ # crossystem dev\_default\_boot=disk # internal storage
+ # crossystem dev\_default\_boot=usb # external media
+ # crossystem dev\_default\_boot=legacy # legacy payload
Copyright © 2015 Paul Kocialkowski <contact@paulk.fr>\