diff options
author | Alyssa Rosenzweig <alyssa@rosenzweig.io> | 2017-05-13 09:09:58 -0700 |
---|---|---|
committer | Alyssa Rosenzweig <alyssa@rosenzweig.io> | 2017-05-13 09:09:58 -0700 |
commit | 2845c86cb32828d39c63a45ed0b920d6bd90ac60 (patch) | |
tree | 3a9e1e2d33c8e12f5ac9e0a86c4d22cda281c611 /docs | |
parent | 50a1efd9efefac8192bf14dfd4030f1aae2c91e1 (diff) | |
download | librebootfr-2845c86cb32828d39c63a45ed0b920d6bd90ac60.tar.gz librebootfr-2845c86cb32828d39c63a45ed0b920d6bd90ac60.zip |
Cleanup depthcharge
Diffstat (limited to 'docs')
-rw-r--r-- | docs/depthcharge/index.md | 103 |
1 files changed, 33 insertions, 70 deletions
diff --git a/docs/depthcharge/index.md b/docs/depthcharge/index.md index 4a1b7a87..ebfbbefe 100644 --- a/docs/depthcharge/index.md +++ b/docs/depthcharge/index.md @@ -1,24 +1,11 @@ --- title: Depthcharge payload +x-toc-enable: true ... This section relates to the depthcharge payload used in libreboot. -- [CrOS security model](#cros_security_model) -- [Developer mode screen](#developer_mode_screen) - - Holding the developer mode screen - - Booting normally - - Booting from different mediums - - Showing device information - - Warnings - -- [Recovery mode screen](#recovery_mode_screen) - - [Recovering from a bad state](#recovering_bad_state) - - [Enabling developer mode](#enabling_developer_mode) -- [Configuring verified boot - parameters](#configuring_verified_boot_parameters) - -CrOS security model {#cros_security_model} +CrOS security model =================== CrOS (Chromium OS/Chrome OS) devices such as Chromebooks implement a @@ -32,27 +19,24 @@ kernels without verifying their signature and booting from external media or legacy payload unless explicitly allowed: see [configuring verified boot parameters](#configuring_verified_boot_parameters). -Developer mode screen {#developer_mode_screen} +Developer mode screen ===================== -The developer mode screen can be accessed in depthcharge when developer -mode is enabled.\ -Developer mode can be enabled from the [recovery mode -screen](#recovery_mode_screen). +The developer mode screen can be accessed in depthcharge when developer mode is +enabled. Developer mode can be enabled from the recovery mode screen. It allows booting normally, booting from internal storage, booting from -external media (when enabled), booting from legacy payload (when -enabled), showing information about the device and disabling developer -mode. +external media (when enabled), booting from legacy payload (when enabled), +showing information about the device and disabling developer mode. -Holding the developer mode screen {#holding_developer_mode_screen} +Holding the developer mode screen --------------------------------- As instructed on the developer mode screen, the screen can be held by pressing **Ctrl + H** in the first 3 seconds after the screen is shown. After that delay, depthcharge will resume booting normally. -Booting normally {#booting_normally} +Booting normally ---------------- As instructed on the developer mode screen, a regular boot will happen @@ -60,7 +44,7 @@ after **3 seconds** (if developer mode screen is not held).\ The default boot medium (internal storage, external media, legacy payload) is shown on screen. -Booting from different mediums {#booting_different_mediums} +Booting from different mediums ------------------------------ Depthcharge allows booting from different mediums, when they are allowed @@ -74,13 +58,12 @@ can be triggered by pressing various key combinations: - External media: **Ctrl + U** (when enabled) - Legacy payload: **Ctrl + L** (when enabled) -Showing device information {#showing_device_information} +Showing device information -------------------------- -As instructed on the developer mode screen, showing device information -can be triggered by pressing **Ctrl + I** or **Tab**.\ -Various information is shown, including vboot non-volatile data, TPM -status, GBB flags and key hashes.\ +As instructed on the developer mode screen, showing device information can be +triggered by pressing **Ctrl + I** or **Tab**. Various information is shown, +including vboot non-volatile data, TPM status, GBB flags and key hashes. Warnings -------- @@ -91,7 +74,7 @@ The developer mode screen will show warnings when: - Booting from external media is enabled - Booting legacy payloads is enabled -Recovery mode screen {#recovery_mode_screen} +Recovery mode screen ==================== The recovery mode screen can be accessed in depthcharge, by pressing @@ -101,7 +84,7 @@ It allows recovering the device from a bad state by booting from a trusted recovery media. When accessed with the device in a good state, it also allows enabling developer mode. -Recovering from a bad state {#recovering_bad_state} +Recovering from a bad state --------------------------- When the device fails to verify the signature of a piece of the boot @@ -127,15 +110,14 @@ replaced. When the recovery private key is available (e.g. when using self-generated keys), it can be used to sign a kernel for recovery purposes. -Enabling developer mode {#enabling_developer_mode} +Enabling developer mode ----------------------- As instructed on the recovery mode screen, developer mode can be enabled -by pressing **Ctrl + D**.\ -Instructions to confirm enabling developer mode are then shown on -screen. +by pressing **Ctrl + D**. Instructions to confirm enabling developer mode are +then shown on screen. -Configuring verified boot parameters {#configuring_verified_boot_parameters} +Configuring verified boot parameters ==================================== Depthcharge's behavior relies on the verified boot (vboot) reference @@ -161,45 +143,26 @@ security of the device. The following parameters can be configured: -- Kernels signature verification: - - Enabled with: +Kernels signature verification: - # crossystem dev\_boot\_signed\_only=1 + # crossystem dev\_boot\_signed\_only=1 # enable + # crossystem dev\_boot\_signed\_only=0 # disable - - Disabled with: +External media boot: - # crossystem dev\_boot\_signed\_only=0 + # crossystem dev\_boot\_usb=1 # enable + # crossystem dev\_boot\_usb=0 # disable -- External media boot: - - Enabled with: +Legacy payload boot: - # crossystem dev\_boot\_usb=1 + # crossystem dev\_boot\_legacy=1 # enable + # crossystem dev\_boot\_legacy=0 # disable - - Disabled with: +Default boot medium: - # crossystem dev\_boot\_usb=0 - -- Legacy payload boot: - - Enabled with: - - # crossystem dev\_boot\_legacy=1 - - - Disabled with: - - # crossystem dev\_boot\_legacy=0 - -- Default boot medium: - - Internal storage: - - # crossystem dev\_default\_boot=disk - - - External media: - - # crossystem dev\_default\_boot=usb - - - Legacy payload: - - # crossystem dev\_default\_boot=legacy + # crossystem dev\_default\_boot=disk # internal storage + # crossystem dev\_default\_boot=usb # external media + # crossystem dev\_default\_boot=legacy # legacy payload Copyright © 2015 Paul Kocialkowski <contact@paulk.fr>\ |