From 1eb5130a1c70a7238548d977e9c6f371c007eed7 Mon Sep 17 00:00:00 2001 From: Alyssa Rosenzweig Date: Fri, 17 Mar 2017 23:15:09 -0700 Subject: It wasn't me, I swear! --- docs/depthcharge/index.md | 63 +++++++++++++++++++++++++++++++---------------- 1 file changed, 42 insertions(+), 21 deletions(-) (limited to 'docs/depthcharge') diff --git a/docs/depthcharge/index.md b/docs/depthcharge/index.md index d4f7f9f6..55445e61 100644 --- a/docs/depthcharge/index.md +++ b/docs/depthcharge/index.md @@ -42,7 +42,8 @@ Developer mode screen {#developer_mode_screen} ===================== The developer mode screen can be accessed in depthcharge when developer -mode is enabled.\ +mode is enabled. + Developer mode can be enabled from the [recovery mode screen](#recovery_mode_screen). @@ -65,7 +66,8 @@ Booting normally {#booting_normally} ---------------- As instructed on the developer mode screen, a regular boot will happen -after **3 seconds** (if developer mode screen is not held).\ +after **3 seconds** (if developer mode screen is not held). + The default boot medium (internal storage, external media, legacy payload) is shown on screen. @@ -77,7 +79,8 @@ Booting from different mediums {#booting_different_mediums} Depthcharge allows booting from different mediums, when they are allowed (see [configuring verified boot parameters](#configuring_verified_boot_parameters) to enable or disable -boot mediums).\ +boot mediums). + As instructed on the developer mode screen, booting from various mediums can be triggered by pressing various key combinations: @@ -91,9 +94,11 @@ Showing device information {#showing_device_information} -------------------------- As instructed on the developer mode screen, showing device information -can be triggered by pressing **Ctrl + I** or **Tab**.\ +can be triggered by pressing **Ctrl + I** or **Tab**. + Various information is shown, including vboot non-volatile data, TPM -status, GBB flags and key hashes.\ +status, GBB flags and key hashes. + @@ -125,19 +130,22 @@ Recovering from a bad state {#recovering_bad_state} When the device fails to verify the signature of a piece of the boot software or when an error occurs, it is considered to be in a bad state -and will instruct the user to reboot to recovery mode.\ +and will instruct the user to reboot to recovery mode. + Recovery mode boots using only software located in write-protected memory, that is considered to be trusted and safe. Recovery mode then allows recovering the device by booting from a trusted recovery media, that is automatically detected when recovery mode starts. When no external media is found or when the recovery media -is invalid, instructions are shown on screen.\ +is invalid, instructions are shown on screen. + Trusted recovery media are external media (USB drives, SD cards, etc) that hold a kernel signed with the recovery key. Google provides images of such recovery media for Chrome OS (which are -not advised to users as they contain proprietary software).\ +not advised to users as they contain proprietary software). + They are signed with Google's recovery keys, that are pre-installed on the device when it ships. @@ -152,7 +160,8 @@ Enabling developer mode {#enabling_developer_mode} ----------------------- As instructed on the recovery mode screen, developer mode can be enabled -by pressing **Ctrl + D**.\ +by pressing **Ctrl + D**. + Instructions to confirm enabling developer mode are then shown on screen. @@ -164,7 +173,8 @@ Configuring verified boot parameters {#configuring_verified_boot_parameters} Depthcharge's behavior relies on the verified boot (vboot) reference implementation, that can be configured with parameters stored in the -verified boot non-volatile storage.\ +verified boot non-volatile storage. + These parameters can be modified with the **crossystem** tool, that requires sufficient privileges to access the verified boot non-volatile storage. @@ -174,7 +184,8 @@ boot non-volatile storage on some devices. **crossystem** and **mosys** are both free software and their source code is made available by Google: [crossystem](https://chromium.googlesource.com/chromiumos/platform/vboot_reference/). -[mosys](https://chromium.googlesource.com/chromiumos/platform/mosys/).\ +[mosys](https://chromium.googlesource.com/chromiumos/platform/mosys/). + These tools are not distributed along with Libreboot yet. However, they are preinstalled on the device, with ChromeOS. @@ -187,32 +198,42 @@ security of the device. The following parameters can be configured: - Kernels signature verification: - - Enabled with:\ + - Enabled with: + # **crossystem dev\_boot\_signed\_only=1** - - Disabled with:\ + - Disabled with: + # **crossystem dev\_boot\_signed\_only=0** - External media boot: - - Enabled with:\ + - Enabled with: + # **crossystem dev\_boot\_usb=1** - - Disabled with:\ + - Disabled with: + # **crossystem dev\_boot\_usb=0** - Legacy payload boot: - - Enabled with:\ + - Enabled with: + # **crossystem dev\_boot\_legacy=1** - - Disabled with:\ + - Disabled with: + # **crossystem dev\_boot\_legacy=0** - Default boot medium: - - Internal storage:\ + - Internal storage: + # **crossystem dev\_default\_boot=disk** - - External media:\ + - External media: + # **crossystem dev\_default\_boot=usb** - - Legacy payload:\ + - Legacy payload: + # **crossystem dev\_default\_boot=legacy** -Copyright © 2015 Paul Kocialkowski \ +Copyright © 2015 Paul Kocialkowski + Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 4.0 International license or any later version published by Creative -- cgit v1.2.3-70-g09d2