aboutsummaryrefslogtreecommitdiff
path: root/docs/depthcharge
diff options
context:
space:
mode:
Diffstat (limited to 'docs/depthcharge')
-rw-r--r--docs/depthcharge/index.html362
-rw-r--r--docs/depthcharge/index.md279
2 files changed, 279 insertions, 362 deletions
diff --git a/docs/depthcharge/index.html b/docs/depthcharge/index.html
deleted file mode 100644
index 3088237e..00000000
--- a/docs/depthcharge/index.html
+++ /dev/null
@@ -1,362 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- @import url('../css/main.css');
- </style>
-
- <title>Depthcharge payload</title>
-</head>
-
-<body>
-
- <div class="section">
-
- <h1 id="pagetop">Depthcharge payload</h1>
-
- <p>
- This section relates to the depthcharge payload used in libreboot.
- </p>
-
- <p>
- Or <a href="../">Back to main index</a>.
- </p>
-
- <ul>
- <li><a href="#cros_security_model">CrOS security model</a></li>
- <li><a href="#developer_mode_screen">Developer mode screen</a>
- <ul>
- <li><a href="#holding_developer_mode_screen">Holding the developer mode screen</li>
- <li><a href="#booting_normally">Booting normally</li>
- <li><a href="#booting_different_mediums">Booting from different mediums</li>
- <li><a href="#showing_device_information">Showing device information</li>
- <li><a href="#warnings">Warnings</li>
- </ul>
- </li>
- <li><a href="#recovery_mode_screen">Recovery mode screen</a>
- <ul>
- <li><a href="#recovering_bad_state">Recovering from a bad state</a></li>
- <li><a href="#enabling_developer_mode">Enabling developer mode</a></li>
- </ul>
- </li>
- <li><a href="#configuring_verified_boot_parameters">Configuring verified boot parameters</a></li>
- </ul>
-
- </div>
-
- <div class="section">
-
- <h1 id="cros_security_model">CrOS security model</h1>
-
- <p>
- CrOS (Chromium OS/Chrome OS) devices such as Chromebooks implement a strict security model to ensure that these devices do not become compromised,
- that is implemented as the verified boot (vboot) reference, most of which is executed within depthcharge.
- A detailed overview of the CrOS security model is available on the dedicated page.
- </p>
-
- <div class="subsection">
-
- <p>
- In spite of the CrOS security model, depthcharge won't allow booting kernels without verifying their signature and booting from external media or legacy payload unless explicitly allowed: see <a href="#configuring_verified_boot_parameters">configuring verified boot parameters</a>.
- </p>
-
- </div>
-
- </div>
-
- <div class="section">
-
- <h1 id="developer_mode_screen">Developer mode screen</h1>
-
- <p>
- The developer mode screen can be accessed in depthcharge when developer mode is enabled.<br />
- Developer mode can be enabled from the <a href="#recovery_mode_screen">recovery mode screen</a>.
- </p>
-
- <p>
- It allows booting normally, booting from internal storage, booting from external media (when enabled), booting from legacy payload (when enabled), showing information about the device and disabling developer mode.
- </p>
-
- <div class="subsection">
-
- <h2 id="holding_developer_mode_screen">Holding the developer mode screen</h2>
-
- <p>
- As instructed on the developer mode screen, the screen can be held by pressing <b>Ctrl + H</b> in the first 3 seconds after the screen is shown.
- After that delay, depthcharge will resume booting normally.
- </p>
-
- </div>
-
- <div class="subsection">
-
- <h2 id="booting_normally">Booting normally</h2>
-
- <p>
- As instructed on the developer mode screen, a regular boot will happen after <b>3 seconds</b> (if developer mode screen is not held).<br />
- The default boot medium (internal storage, external media, legacy payload) is shown on screen.
- </p>
-
- </div>
-
- <div class="subsection">
-
- <h2 id="booting_different_mediums">Booting from different mediums</h2>
-
- <p>
- Depthcharge allows booting from different mediums, when they are allowed (see <a href="#configuring_verified_boot_parameters">configuring verified boot parameters</a> to enable or disable boot mediums).<br />
- As instructed on the developer mode screen, booting from various mediums can be triggered by pressing various key combinations:
- </p>
-
- <ul>
- <li>Internal storage: <b>Ctrl + D</b></li>
- <li>External media: <b>Ctrl + U</b> (when enabled)</li>
- <li>Legacy payload: <b>Ctrl + L</b> (when enabled)</li>
- </ul>
-
- </div>
-
- <div class="subsection">
-
- <h2 id="showing_device_information">Showing device information</h2>
-
- <p>
- As instructed on the developer mode screen, showing device information can be triggered by pressing <b>Ctrl + I</b> or <b>Tab</b>.<br />
- Various information is shown, including vboot non-volatile data, TPM status, GBB flags and key hashes.<br />
- </p>
-
- </div>
-
- <div class="subsection">
-
- <h2 id="warnings">Warnings</h2>
-
- <p>
- The developer mode screen will show warnings when:
-
- <ul>
- <li>Booting kernels without verifying their signature is enabled</li>
- <li>Booting from external media is enabled</li>
- <li>Booting legacy payloads is enabled</li>
- </ul>
-
- </p>
-
- </div>
-
- </div>
-
- <div class="section">
-
- <h1 id="recovery_mode_screen">Recovery mode screen</h1>
-
- <p>
- The recovery mode screen can be accessed in depthcharge, by pressing <b>Escape + Refresh + Power</b> when the device is off.
- </p>
-
- <p>
- It allows recovering the device from a bad state by booting from a trusted recovery media.
- When accessed with the device in a good state, it also allows enabling developer mode.
- </p>
-
- <div class="subsection">
-
- <h2 id="recovering_bad_state">Recovering from a bad state</h2>
-
- <p>
- When the device fails to verify the signature of a piece of the boot software or when an error occurs,
- it is considered to be in a bad state and will instruct the user to reboot to recovery mode.<br />
- Recovery mode boots using only software located in write-protected memory, that is considered to be trusted and safe.
- </p>
-
- <p>
- Recovery mode then allows recovering the device by booting from a trusted recovery media, that is automatically detected when recovery mode starts.
- When no external media is found or when the recovery media is invalid, instructions are shown on screen. <br />
- Trusted recovery media are external media (USB drives, SD cards, etc) that hold a kernel signed with the recovery key.
- </p>
-
- <p>
- Google provides images of such recovery media for Chrome OS (which are not advised to users as they contain proprietary software). <br />
- They are signed with Google's recovery keys, that are pre-installed on the device when it ships.
- </p>
-
- <p>
- When replacing the full flash of the device, the pre-installed keys are replaced.
- When the recovery private key is available (e.g. when using self-generated keys), it can be used to sign a kernel for recovery purposes.
- </p>
-
- </div>
-
- <div class="subsection">
-
- <h2 id="enabling_developer_mode">Enabling developer mode</h2>
-
- <p>
- As instructed on the recovery mode screen, developer mode can be enabled by pressing <b>Ctrl + D</b>.<br />
- Instructions to confirm enabling developer mode are then shown on screen.
- </p>
-
- </div>
-
- </div>
-
- <div class="section">
-
- <h1 id="configuring_verified_boot_parameters">Configuring verified boot parameters</h1>
-
- <p>
- Depthcharge's behavior relies on the verified boot (vboot) reference implementation,
- that can be configured with parameters stored in the verified boot non-volatile storage.<br />
- These parameters can be modified with the <b>crossystem</b> tool, that requires sufficient privileges to access the verified boot non-volatile storage.
- </p>
-
- <p>
- <b>crossystem</b> relies on <b>mosys</b>, that is used to access the verified boot non-volatile storage on some devices.
- <b>crossystem</b> and <b>mosys</b> are both free software and their source code is made available by Google: <a href="https://chromium.googlesource.com/chromiumos/platform/vboot_reference/">crossystem</a>. <a href="https://chromium.googlesource.com/chromiumos/platform/mosys/">mosys</a>.<br />
- These tools are not distributed along with Libreboot yet. However, they are preinstalled on the device, with ChromeOS.
- </p>
-
- <p>
- Some of these parameters have the potential of <b>weakening the security of the device</b>.
- In particular, disabling kernels signature verification, external media boot and legacy payload boot can weaken the security of the device.
- </p>
-
- <div class="subsection">
-
- <p>
- The following parameters can be configured:
- </p>
-
- <ul>
-
- <li>
- Kernels signature verification:
- <ul>
-
- <li>
- Enabled with:<br />
- # <b>crossystem dev_boot_signed_only=1</b>
- </li>
-
- <li>
- Disabled with:<br />
- # <b>crossystem dev_boot_signed_only=0</b>
- </li>
-
- </ul>
- </li>
-
- <li>
- External media boot:
- <ul>
-
- <li>
- Enabled with:<br />
- # <b>crossystem dev_boot_usb=1</b>
- </li>
-
- <li>
- Disabled with:<br />
- # <b>crossystem dev_boot_usb=0</b>
- </li>
-
- </ul>
- </li>
-
- <li>
- Legacy payload boot:
- <ul>
-
- <li>
- Enabled with:<br />
- # <b>crossystem dev_boot_legacy=1</b>
- </li>
-
- <li>
- Disabled with:<br />
- # <b>crossystem dev_boot_legacy=0</b>
- </li>
-
- </ul>
- </li>
-
- <li>
- Default boot medium:
- <ul>
-
- <li>
- Internal storage:<br />
- # <b>crossystem dev_default_boot=disk</b>
- </li>
-
- <li>
- External media:<br />
- # <b>crossystem dev_default_boot=usb</b>
- </li>
-
- <li>
- Legacy payload:<br />
- # <b>crossystem dev_default_boot=legacy</b>
- </li>
-
- </ul>
-
- </ul>
-
- </div>
-
- </div>
-
- <div class="section">
-
- <p>
- Copyright &copy; 2015 Paul Kocialkowski &lt;contact@paulk.fr&gt;<br/>
- Permission is granted to copy, distribute and/or modify this document
- under the terms of the Creative Commons Attribution-ShareAlike 4.0 International license
- or any later version published by Creative Commons;
-
- A copy of the license can be found at <a href="../cc-by-sa-4.0.txt">../cc-by-sa-4.0.txt</a>
- </p>
-
- <p>
- Updated versions of the license (when available) can be found at
- <a href="https://creativecommons.org/licenses/by-sa/4.0/legalcode">https://creativecommons.org/licenses/by-sa/4.0/legalcode</a>
- </p>
-
- <p>
- UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
- EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
- AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
- ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
- IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
- WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
- PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
- ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
- KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
- ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
- </p>
- <p>
- TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
- TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
- NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
- INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
- COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
- USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
- ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
- DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
- IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
- </p>
- <p>
- The disclaimer of warranties and limitation of liability provided
- above shall be interpreted in a manner that, to the extent
- possible, most closely approximates an absolute disclaimer and
- waiver of all liability.
- </p>
-
- </div>
-
-</body>
-</html>
diff --git a/docs/depthcharge/index.md b/docs/depthcharge/index.md
new file mode 100644
index 00000000..60f4e78e
--- /dev/null
+++ b/docs/depthcharge/index.md
@@ -0,0 +1,279 @@
+<div class="section">
+
+Depthcharge payload {#pagetop}
+===================
+
+This section relates to the depthcharge payload used in libreboot.
+
+Or [Back to main index](../).
+
+- [CrOS security model](#cros_security_model)
+- [Developer mode screen](#developer_mode_screen)
+ - Holding the developer mode screen
+ - Booting normally
+ - Booting from different mediums
+ - Showing device information
+ - Warnings
+- [Recovery mode screen](#recovery_mode_screen)
+ - [Recovering from a bad state](#recovering_bad_state)
+ - [Enabling developer mode](#enabling_developer_mode)
+- [Configuring verified boot
+ parameters](#configuring_verified_boot_parameters)
+
+</div>
+
+<div class="section">
+
+CrOS security model {#cros_security_model}
+===================
+
+CrOS (Chromium OS/Chrome OS) devices such as Chromebooks implement a
+strict security model to ensure that these devices do not become
+compromised, that is implemented as the verified boot (vboot) reference,
+most of which is executed within depthcharge. A detailed overview of the
+CrOS security model is available on the dedicated page.
+
+<div class="subsection">
+
+In spite of the CrOS security model, depthcharge won\'t allow booting
+kernels without verifying their signature and booting from external
+media or legacy payload unless explicitly allowed: see [configuring
+verified boot parameters](#configuring_verified_boot_parameters).
+
+</div>
+
+</div>
+
+<div class="section">
+
+Developer mode screen {#developer_mode_screen}
+=====================
+
+The developer mode screen can be accessed in depthcharge when developer
+mode is enabled.\
+Developer mode can be enabled from the [recovery mode
+screen](#recovery_mode_screen).
+
+It allows booting normally, booting from internal storage, booting from
+external media (when enabled), booting from legacy payload (when
+enabled), showing information about the device and disabling developer
+mode.
+
+<div class="subsection">
+
+Holding the developer mode screen {#holding_developer_mode_screen}
+---------------------------------
+
+As instructed on the developer mode screen, the screen can be held by
+pressing **Ctrl + H** in the first 3 seconds after the screen is shown.
+After that delay, depthcharge will resume booting normally.
+
+</div>
+
+<div class="subsection">
+
+Booting normally {#booting_normally}
+----------------
+
+As instructed on the developer mode screen, a regular boot will happen
+after **3 seconds** (if developer mode screen is not held).\
+The default boot medium (internal storage, external media, legacy
+payload) is shown on screen.
+
+</div>
+
+<div class="subsection">
+
+Booting from different mediums {#booting_different_mediums}
+------------------------------
+
+Depthcharge allows booting from different mediums, when they are allowed
+(see [configuring verified boot
+parameters](#configuring_verified_boot_parameters) to enable or disable
+boot mediums).\
+As instructed on the developer mode screen, booting from various mediums
+can be triggered by pressing various key combinations:
+
+- Internal storage: **Ctrl + D**
+- External media: **Ctrl + U** (when enabled)
+- Legacy payload: **Ctrl + L** (when enabled)
+
+</div>
+
+<div class="subsection">
+
+Showing device information {#showing_device_information}
+--------------------------
+
+As instructed on the developer mode screen, showing device information
+can be triggered by pressing **Ctrl + I** or **Tab**.\
+Various information is shown, including vboot non-volatile data, TPM
+status, GBB flags and key hashes.\
+
+</div>
+
+<div class="subsection">
+
+Warnings
+--------
+
+The developer mode screen will show warnings when:
+
+- Booting kernels without verifying their signature is enabled
+- Booting from external media is enabled
+- Booting legacy payloads is enabled
+
+</div>
+
+</div>
+
+<div class="section">
+
+Recovery mode screen {#recovery_mode_screen}
+====================
+
+The recovery mode screen can be accessed in depthcharge, by pressing
+**Escape + Refresh + Power** when the device is off.
+
+It allows recovering the device from a bad state by booting from a
+trusted recovery media. When accessed with the device in a good state,
+it also allows enabling developer mode.
+
+<div class="subsection">
+
+Recovering from a bad state {#recovering_bad_state}
+---------------------------
+
+When the device fails to verify the signature of a piece of the boot
+software or when an error occurs, it is considered to be in a bad state
+and will instruct the user to reboot to recovery mode.\
+Recovery mode boots using only software located in write-protected
+memory, that is considered to be trusted and safe.
+
+Recovery mode then allows recovering the device by booting from a
+trusted recovery media, that is automatically detected when recovery
+mode starts. When no external media is found or when the recovery media
+is invalid, instructions are shown on screen.\
+Trusted recovery media are external media (USB drives, SD cards, etc)
+that hold a kernel signed with the recovery key.
+
+Google provides images of such recovery media for Chrome OS (which are
+not advised to users as they contain proprietary software).\
+They are signed with Google\'s recovery keys, that are pre-installed on
+the device when it ships.
+
+When replacing the full flash of the device, the pre-installed keys are
+replaced. When the recovery private key is available (e.g. when using
+self-generated keys), it can be used to sign a kernel for recovery
+purposes.
+
+</div>
+
+<div class="subsection">
+
+Enabling developer mode {#enabling_developer_mode}
+-----------------------
+
+As instructed on the recovery mode screen, developer mode can be enabled
+by pressing **Ctrl + D**.\
+Instructions to confirm enabling developer mode are then shown on
+screen.
+
+</div>
+
+</div>
+
+<div class="section">
+
+Configuring verified boot parameters {#configuring_verified_boot_parameters}
+====================================
+
+Depthcharge\'s behavior relies on the verified boot (vboot) reference
+implementation, that can be configured with parameters stored in the
+verified boot non-volatile storage.\
+These parameters can be modified with the **crossystem** tool, that
+requires sufficient privileges to access the verified boot non-volatile
+storage.
+
+**crossystem** relies on **mosys**, that is used to access the verified
+boot non-volatile storage on some devices. **crossystem** and **mosys**
+are both free software and their source code is made available by
+Google:
+[crossystem](https://chromium.googlesource.com/chromiumos/platform/vboot_reference/).
+[mosys](https://chromium.googlesource.com/chromiumos/platform/mosys/).\
+These tools are not distributed along with Libreboot yet. However, they
+are preinstalled on the device, with ChromeOS.
+
+Some of these parameters have the potential of **weakening the security
+of the device**. In particular, disabling kernels signature
+verification, external media boot and legacy payload boot can weaken the
+security of the device.
+
+<div class="subsection">
+
+The following parameters can be configured:
+
+- Kernels signature verification:
+ - Enabled with:\
+ \# **crossystem dev\_boot\_signed\_only=1**
+ - Disabled with:\
+ \# **crossystem dev\_boot\_signed\_only=0**
+- External media boot:
+ - Enabled with:\
+ \# **crossystem dev\_boot\_usb=1**
+ - Disabled with:\
+ \# **crossystem dev\_boot\_usb=0**
+- Legacy payload boot:
+ - Enabled with:\
+ \# **crossystem dev\_boot\_legacy=1**
+ - Disabled with:\
+ \# **crossystem dev\_boot\_legacy=0**
+- Default boot medium:
+ - Internal storage:\
+ \# **crossystem dev\_default\_boot=disk**
+ - External media:\
+ \# **crossystem dev\_default\_boot=usb**
+ - Legacy payload:\
+ \# **crossystem dev\_default\_boot=legacy**
+
+</div>
+
+</div>
+
+<div class="section">
+
+Copyright © 2015 Paul Kocialkowski &lt;contact@paulk.fr&gt;\
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the Creative Commons Attribution-ShareAlike 4.0
+International license or any later version published by Creative
+Commons; A copy of the license can be found at
+[../cc-by-sa-4.0.txt](../cc-by-sa-4.0.txt)
+
+Updated versions of the license (when available) can be found at
+<https://creativecommons.org/licenses/by-sa/4.0/legalcode>
+
+UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE EXTENT
+POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS AND
+AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND
+CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, IMPLIED, STATUTORY,
+OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, WARRANTIES OF TITLE,
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT,
+ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OR ABSENCE
+OF ERRORS, WHETHER OR NOT KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF
+WARRANTIES ARE NOT ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT
+APPLY TO YOU.
+
+TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE TO YOU
+ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE) OR
+OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
+PUNITIVE, EXEMPLARY, OR OTHER LOSSES, COSTS, EXPENSES, OR DAMAGES
+ARISING OUT OF THIS PUBLIC LICENSE OR USE OF THE LICENSED MATERIAL, EVEN
+IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSSES,
+COSTS, EXPENSES, OR DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT
+ALLOWED IN FULL OR IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
+
+The disclaimer of warranties and limitation of liability provided above
+shall be interpreted in a manner that, to the extent possible, most
+closely approximates an absolute disclaimer and waiver of all liability.
+
+</div>