diff options
Diffstat (limited to 'docs/depthcharge')
| -rw-r--r-- | docs/depthcharge/index.md | 96 |
1 files changed, 33 insertions, 63 deletions
diff --git a/docs/depthcharge/index.md b/docs/depthcharge/index.md index 1c361a7d..1c0c8d13 100644 --- a/docs/depthcharge/index.md +++ b/docs/depthcharge/index.md @@ -1,24 +1,11 @@ --- title: Depthcharge payload +x-toc-enable: true ... This section relates to the depthcharge payload used in libreboot. -- [CrOS security model](#cros_security_model) -- [Developer mode screen](#developer_mode_screen) - - Holding the developer mode screen - - Booting normally - - Booting from different mediums - - Showing device information - - Warnings - -- [Recovery mode screen](#recovery_mode_screen) - - [Recovering from a bad state](#recovering_bad_state) - - [Enabling developer mode](#enabling_developer_mode) -- [Configuring verified boot - parameters](#configuring_verified_boot_parameters) - -CrOS security model {#cros_security_model} +CrOS security model =================== CrOS (Chromium OS/Chrome OS) devices such as Chromebooks implement a @@ -32,27 +19,24 @@ kernels without verifying their signature and booting from external media or legacy payload unless explicitly allowed: see [configuring verified boot parameters](#configuring_verified_boot_parameters). -Developer mode screen {#developer_mode_screen} +Developer mode screen ===================== -The developer mode screen can be accessed in depthcharge when developer -mode is enabled.\ -Developer mode can be enabled from the [recovery mode -screen](#recovery_mode_screen). +The developer mode screen can be accessed in depthcharge when developer mode is +enabled. Developer mode can be enabled from the recovery mode screen. It allows booting normally, booting from internal storage, booting from -external media (when enabled), booting from legacy payload (when -enabled), showing information about the device and disabling developer -mode. +external media (when enabled), booting from legacy payload (when enabled), +showing information about the device and disabling developer mode. -Holding the developer mode screen {#holding_developer_mode_screen} +Holding the developer mode screen --------------------------------- As instructed on the developer mode screen, the screen can be held by pressing **Ctrl + H** in the first 3 seconds after the screen is shown. After that delay, depthcharge will resume booting normally. -Booting normally {#booting_normally} +Booting normally ---------------- As instructed on the developer mode screen, a regular boot will happen @@ -60,7 +44,7 @@ after **3 seconds** (if developer mode screen is not held).\ The default boot medium (internal storage, external media, legacy payload) is shown on screen. -Booting from different mediums {#booting_different_mediums} +Booting from different mediums ------------------------------ Depthcharge allows booting from different mediums, when they are allowed @@ -74,13 +58,12 @@ can be triggered by pressing various key combinations: - External media: **Ctrl + U** (when enabled) - Legacy payload: **Ctrl + L** (when enabled) -Showing device information {#showing_device_information} +Showing device information -------------------------- -As instructed on the developer mode screen, showing device information -can be triggered by pressing **Ctrl + I** or **Tab**.\ -Various information is shown, including vboot non-volatile data, TPM -status, GBB flags and key hashes.\ +As instructed on the developer mode screen, showing device information can be +triggered by pressing **Ctrl + I** or **Tab**. Various information is shown, +including vboot non-volatile data, TPM status, GBB flags and key hashes. Warnings -------- @@ -91,7 +74,7 @@ The developer mode screen will show warnings when: - Booting from external media is enabled - Booting legacy payloads is enabled -Recovery mode screen {#recovery_mode_screen} +Recovery mode screen ==================== The recovery mode screen can be accessed in depthcharge, by pressing @@ -101,7 +84,7 @@ It allows recovering the device from a bad state by booting from a trusted recovery media. When accessed with the device in a good state, it also allows enabling developer mode. -Recovering from a bad state {#recovering_bad_state} +Recovering from a bad state --------------------------- When the device fails to verify the signature of a piece of the boot @@ -127,15 +110,14 @@ replaced. When the recovery private key is available (e.g. when using self-generated keys), it can be used to sign a kernel for recovery purposes. -Enabling developer mode {#enabling_developer_mode} +Enabling developer mode ----------------------- As instructed on the recovery mode screen, developer mode can be enabled -by pressing **Ctrl + D**.\ -Instructions to confirm enabling developer mode are then shown on -screen. +by pressing **Ctrl + D**. Instructions to confirm enabling developer mode are +then shown on screen. -Configuring verified boot parameters {#configuring_verified_boot_parameters} +Configuring verified boot parameters ==================================== Depthcharge's behavior relies on the verified boot (vboot) reference @@ -161,42 +143,30 @@ security of the device. The following parameters can be configured: -- Kernels signature verification: - - Enabled with: +Kernels signature verification: - \# **crossystem dev\_boot\_signed\_only=1** - - Disabled with: + # crossystem dev_boot_signed_only=1 # enable + # crossystem dev_boot_signed_only=0 # disable - \# **crossystem dev\_boot\_signed\_only=0** -- External media boot: - - Enabled with: +External media boot: - \# **crossystem dev\_boot\_usb=1** - - Disabled with: + # crossystem dev_boot_usb=1 # enable + # crossystem dev_boot_usb=0 # disable - \# **crossystem dev\_boot\_usb=0** -- Legacy payload boot: - - Enabled with: +Legacy payload boot: - \# **crossystem dev\_boot\_legacy=1** - - Disabled with: + # crossystem dev_boot_legacy=1 # enable + # crossystem dev_boot_legacy=0 # disable - \# **crossystem dev\_boot\_legacy=0** -- Default boot medium: - - Internal storage: +Default boot medium: - \# **crossystem dev\_default\_boot=disk** - - External media: + # crossystem dev_default_boot=disk # internal storage + # crossystem dev_default_boot=usb # external media + # crossystem dev_default_boot=legacy # legacy payload - \# **crossystem dev\_default\_boot=usb** - - Legacy payload: - - \# **crossystem dev\_default\_boot=legacy** Copyright © 2015 Paul Kocialkowski <contact@paulk.fr>\ - - Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation |