diff options
Diffstat (limited to 'docs/depthcharge')
-rw-r--r-- | docs/depthcharge/index.md | 228 |
1 files changed, 100 insertions, 128 deletions
diff --git a/docs/depthcharge/index.md b/docs/depthcharge/index.md index 1c361a7d..ffb525f5 100644 --- a/docs/depthcharge/index.md +++ b/docs/depthcharge/index.md @@ -1,86 +1,70 @@ --- title: Depthcharge payload +x-toc-enable: true ... This section relates to the depthcharge payload used in libreboot. -- [CrOS security model](#cros_security_model) -- [Developer mode screen](#developer_mode_screen) - - Holding the developer mode screen - - Booting normally - - Booting from different mediums - - Showing device information - - Warnings - -- [Recovery mode screen](#recovery_mode_screen) - - [Recovering from a bad state](#recovering_bad_state) - - [Enabling developer mode](#enabling_developer_mode) -- [Configuring verified boot - parameters](#configuring_verified_boot_parameters) - -CrOS security model {#cros_security_model} +CrOS security model =================== -CrOS (Chromium OS/Chrome OS) devices such as Chromebooks implement a -strict security model to ensure that these devices do not become -compromised, that is implemented as the verified boot (vboot) reference, -most of which is executed within depthcharge. A detailed overview of the -CrOS security model is available on the dedicated page. +CrOS (Chromium OS/Chrome OS) devices such as Chromebooks implement a strict +security model to ensure that these devices do not become compromised, that is +implemented as the verified boot (vboot) reference, most of which is executed +within depthcharge. A detailed overview of the CrOS security model is available +on the dedicated page. -In spite of the CrOS security model, depthcharge won't allow booting -kernels without verifying their signature and booting from external -media or legacy payload unless explicitly allowed: see [configuring -verified boot parameters](#configuring_verified_boot_parameters). +In spite of the CrOS security model, depthcharge won't allow booting kernels +without verifying their signature and booting from external media or legacy +payload unless explicitly allowed: see [configuring verified boot +parameters](#configuring_verified_boot_parameters). -Developer mode screen {#developer_mode_screen} +Developer mode screen ===================== -The developer mode screen can be accessed in depthcharge when developer -mode is enabled.\ -Developer mode can be enabled from the [recovery mode -screen](#recovery_mode_screen). +The developer mode screen can be accessed in depthcharge when developer mode is +enabled. Developer mode can be enabled from the recovery mode screen. It allows booting normally, booting from internal storage, booting from -external media (when enabled), booting from legacy payload (when -enabled), showing information about the device and disabling developer -mode. +external media (when enabled), booting from legacy payload (when enabled), +showing information about the device and disabling developer mode. -Holding the developer mode screen {#holding_developer_mode_screen} +Holding the developer mode screen --------------------------------- -As instructed on the developer mode screen, the screen can be held by -pressing **Ctrl + H** in the first 3 seconds after the screen is shown. -After that delay, depthcharge will resume booting normally. +As instructed on the developer mode screen, the screen can be held by pressing +*Ctrl + H* in the first 3 seconds after the screen is shown. After that delay, +depthcharge will resume booting normally. -Booting normally {#booting_normally} +Booting normally ---------------- -As instructed on the developer mode screen, a regular boot will happen -after **3 seconds** (if developer mode screen is not held).\ -The default boot medium (internal storage, external media, legacy -payload) is shown on screen. +As instructed on the developer mode screen, a regular boot will happen after *3 +seconds* (if developer mode screen is not held). -Booting from different mediums {#booting_different_mediums} +The default boot medium (internal storage, external media, legacy payload) is +shown on screen. + +Booting from different mediums ------------------------------ -Depthcharge allows booting from different mediums, when they are allowed -(see [configuring verified boot -parameters](#configuring_verified_boot_parameters) to enable or disable -boot mediums).\ -As instructed on the developer mode screen, booting from various mediums -can be triggered by pressing various key combinations: +Depthcharge allows booting from different mediums, when they are allowed (see +[configuring verified boot parameters](#configuring_verified_boot_parameters) +to enable or disable boot mediums). + +As instructed on the developer mode screen, booting from various mediums can be +triggered by pressing various key combinations: -- Internal storage: **Ctrl + D** -- External media: **Ctrl + U** (when enabled) -- Legacy payload: **Ctrl + L** (when enabled) +- Internal storage: *Ctrl + D* +- External media: *Ctrl + U* (when enabled) +- Legacy payload: *Ctrl + L* (when enabled) -Showing device information {#showing_device_information} +Showing device information -------------------------- -As instructed on the developer mode screen, showing device information -can be triggered by pressing **Ctrl + I** or **Tab**.\ -Various information is shown, including vboot non-volatile data, TPM -status, GBB flags and key hashes.\ +As instructed on the developer mode screen, showing device information can be +triggered by pressing *Ctrl + I* or *Tab*. Various information is shown, +including vboot non-volatile data, TPM status, GBB flags and key hashes. Warnings -------- @@ -91,111 +75,99 @@ The developer mode screen will show warnings when: - Booting from external media is enabled - Booting legacy payloads is enabled -Recovery mode screen {#recovery_mode_screen} +Recovery mode screen ==================== -The recovery mode screen can be accessed in depthcharge, by pressing -**Escape + Refresh + Power** when the device is off. +The recovery mode screen can be accessed in depthcharge, by pressing *Escape + +Refresh + Power* when the device is off. -It allows recovering the device from a bad state by booting from a -trusted recovery media. When accessed with the device in a good state, -it also allows enabling developer mode. +It allows recovering the device from a bad state by booting from a trusted +recovery media. When accessed with the device in a good state, it also allows +enabling developer mode. -Recovering from a bad state {#recovering_bad_state} +Recovering from a bad state --------------------------- -When the device fails to verify the signature of a piece of the boot -software or when an error occurs, it is considered to be in a bad state -and will instruct the user to reboot to recovery mode.\ -Recovery mode boots using only software located in write-protected -memory, that is considered to be trusted and safe. +When the device fails to verify the signature of a piece of the boot software +or when an error occurs, it is considered to be in a bad state and will +instruct the user to reboot to recovery mode. + +Recovery mode boots using only software located in write-protected memory, that +is considered to be trusted and safe. -Recovery mode then allows recovering the device by booting from a -trusted recovery media, that is automatically detected when recovery -mode starts. When no external media is found or when the recovery media -is invalid, instructions are shown on screen.\ -Trusted recovery media are external media (USB drives, SD cards, etc) -that hold a kernel signed with the recovery key. +Recovery mode then allows recovering the device by booting from a trusted +recovery media, that is automatically detected when recovery mode starts. When +no external media is found or when the recovery media is invalid, instructions +are shown on screen. -Google provides images of such recovery media for Chrome OS (which are -not advised to users as they contain proprietary software).\ -They are signed with Google's recovery keys, that are pre-installed on -the device when it ships. +Trusted recovery media are external media (USB drives, SD cards, etc) that hold +a kernel signed with the recovery key. + +Google provides images of such recovery media for Chrome OS (which are not +advised to users as they contain proprietary software). + +They are signed with Google's recovery keys, that are pre-installed on the +device when it ships. When replacing the full flash of the device, the pre-installed keys are replaced. When the recovery private key is available (e.g. when using -self-generated keys), it can be used to sign a kernel for recovery -purposes. +self-generated keys), it can be used to sign a kernel for recovery purposes. -Enabling developer mode {#enabling_developer_mode} +Enabling developer mode ----------------------- -As instructed on the recovery mode screen, developer mode can be enabled -by pressing **Ctrl + D**.\ -Instructions to confirm enabling developer mode are then shown on -screen. +As instructed on the recovery mode screen, developer mode can be enabled by +pressing *Ctrl + D*. Instructions to confirm enabling developer mode are then +shown on screen. -Configuring verified boot parameters {#configuring_verified_boot_parameters} +Configuring verified boot parameters ==================================== Depthcharge's behavior relies on the verified boot (vboot) reference -implementation, that can be configured with parameters stored in the -verified boot non-volatile storage.\ -These parameters can be modified with the **crossystem** tool, that -requires sufficient privileges to access the verified boot non-volatile -storage. - -**crossystem** relies on **mosys**, that is used to access the verified -boot non-volatile storage on some devices. **crossystem** and **mosys** -are both free software and their source code is made available by -Google: -[crossystem](https://chromium.googlesource.com/chromiumos/platform/vboot_reference/). -[mosys](https://chromium.googlesource.com/chromiumos/platform/mosys/).\ -These tools are not distributed along with Libreboot yet. However, they -are preinstalled on the device, with ChromeOS. +implementation, that can be configured with parameters stored in the verified +boot non-volatile storage. -Some of these parameters have the potential of **weakening the security -of the device**. In particular, disabling kernels signature -verification, external media boot and legacy payload boot can weaken the -security of the device. +These parameters can be modified with the `crossystem` tool, that requires +sufficient privileges to access the verified boot non-volatile storage. -The following parameters can be configured: +`crossystem` relies on `mosys`, that is used to access the verified boot +non-volatile storage on some devices. `crossystem` and `mosys` are both free +software and their source code is made available by Google: +[crossystem](https://chromium.googlesource.com/chromiumos/platform/vboot_reference/). +[mosys](https://chromium.googlesource.com/chromiumos/platform/mosys/). -- Kernels signature verification: - - Enabled with: +These tools are not distributed along with Libreboot yet. However, they are +preinstalled on the device, with ChromeOS. - \# **crossystem dev\_boot\_signed\_only=1** - - Disabled with: +Some of these parameters have the potential of *weakening the security of the +device*. In particular, disabling kernels signature verification, external +media boot and legacy payload boot can weaken the security of the device. - \# **crossystem dev\_boot\_signed\_only=0** -- External media boot: - - Enabled with: +The following parameters can be configured: - \# **crossystem dev\_boot\_usb=1** - - Disabled with: +Kernels signature verification: - \# **crossystem dev\_boot\_usb=0** -- Legacy payload boot: - - Enabled with: + # crossystem dev_boot_signed_only=1 # enable + # crossystem dev_boot_signed_only=0 # disable - \# **crossystem dev\_boot\_legacy=1** - - Disabled with: +External media boot: - \# **crossystem dev\_boot\_legacy=0** -- Default boot medium: - - Internal storage: + # crossystem dev_boot_usb=1 # enable + # crossystem dev_boot_usb=0 # disable - \# **crossystem dev\_default\_boot=disk** - - External media: +Legacy payload boot: - \# **crossystem dev\_default\_boot=usb** - - Legacy payload: + # crossystem dev_boot_legacy=1 # enable + # crossystem dev_boot_legacy=0 # disable - \# **crossystem dev\_default\_boot=legacy** +Default boot medium: -Copyright © 2015 Paul Kocialkowski <contact@paulk.fr>\ + # crossystem dev_default_boot=disk # internal storage + # crossystem dev_default_boot=usb # external media + # crossystem dev_default_boot=legacy # legacy payload +Copyright © 2015 Paul Kocialkowski <contact@paulk.fr>\ Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later |