1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
|
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
@import url('../css/main.css');
</style>
<title>Depthcharge payload</title>
</head>
<body>
<div class="section">
<h1 id="pagetop">Depthcharge payload</h1>
<p>
This section relates to the depthcharge payload used in libreboot.
</p>
<p>
Or <a href="../index.html">Back to main index</a>.
</p>
<ul>
<li><a href="#cros_security_model">CrOS security model</a></li>
<li><a href="#developer_mode_screen">Developer mode screen</a>
<ul>
<li><a href="#holding_developer_mode_screen">Holding the developer mode screen</li>
<li><a href="#booting_normally">Booting normally</li>
<li><a href="#booting_different_mediums">Booting from different mediums</li>
<li><a href="#showing_device_information">Showing device information</li>
<li><a href="#warnings">Warnings</li>
</ul>
</li>
<li><a href="#recovery_mode_screen">Recovery mode screen</a>
<ul>
<li><a href="#recovering_bad_state">Recovering from a bad state</a></li>
<li><a href="#enabling_developer_mode">Enabling developer mode</a></li>
</ul>
</li>
<li><a href="#configuring_verified_boot_parameters">Configuring verified boot parameters</a></li>
</ul>
</div>
<div class="section">
<h1 id="cros_security_model">CrOS security model</h1>
<p>
CrOS (Chromium OS/Chrome OS) devices such as Chromebooks implement a strict security model to ensure that these devices do not become compromised,
that is implemented as the verified boot (vboot) reference, most of which is executed within depthcharge.
A detailed overview of the CrOS security model is available on the dedicated page.
</p>
<div class="subsection">
<p>
In spite of the CrOS security model, depthcharge won't allow booting kernels without verifying their signature and booting from external media or legacy payload unless explicitly allowed: see <a href="#configuring_verified_boot_parameters">configuring verified boot parameters</a>.
</p>
</div>
</div>
<div class="section">
<h1 id="developer_mode_screen">Developer mode screen</h1>
<p>
The developer mode screen can be accessed in depthcharge when developer mode is enabled.<br />
Developer mode can be enabled from the <a href="#recovery_mode_screen">recovery mode screen</a>.
</p>
<p>
It allows booting normally, booting from internal storage, booting from external media (when enabled), booting from legacy payload (when enabled), showing information about the device and disabling developer mode.
</p>
<div class="subsection">
<h2 id="holding_developer_mode_screen">Holding the developer mode screen</h2>
<p>
As instructed on the developer mode screen, the screen can be held by pressing <b>Ctrl + H</b> in the first 3 seconds after the screen is shown.
After that delay, depthcharge will resume booting normally.
</p>
</div>
<div class="subsection">
<h2 id="booting_normally">Booting normally</h2>
<p>
As instructed on the developer mode screen, a regular boot will happen after <b>3 seconds</b> (if developer mode screen is not held).<br />
The default boot medium (internal storage, external media, legacy payload) is shown on screen.
</p>
</div>
<div class="subsection">
<h2 id="booting_different_mediums">Booting from different mediums</h2>
<p>
Depthcharge allows booting from different mediums, when they are allowed (see <a href="#configuring_verified_boot_parameters">configuring verified boot parameters</a> to enable or disable boot mediums).<br />
As instructed on the developer mode screen, booting from various mediums can be triggered by pressing various key combinations:
</p>
<ul>
<li>Internal storage: <b>Ctrl + D</b></li>
<li>External media: <b>Ctrl + U</b> (when enabled)</li>
<li>Legacy payload: <b>Ctrl + L</b> (when enabled)</li>
</ul>
</div>
<div class="subsection">
<h2 id="showing_device_information">Showing device information</h2>
<p>
As instructed on the developer mode screen, showing device information can be triggered by pressing <b>Ctrl + I</b> or <b>Tab</b>.<br />
Various information is shown, including vboot non-volatile data, TPM status, GBB flags and key hashes.<br />
</p>
</div>
<div class="subsection">
<h2 id="warnings">Warnings</h2>
<p>
The developer mode screen will show warnings when:
<ul>
<li>Booting kernels without verifying their signature is enabled</li>
<li>Booting from external media is enabled</li>
<li>Booting legacy payloads is enabled</li>
</ul>
</p>
</div>
</div>
<div class="section">
<h1 id="recovery_mode_screen">Recovery mode screen</h1>
<p>
The recovery mode screen can be accessed in depthcharge, by pressing <b>Escape + Refresh + Power</b> when the device is off.
</p>
<p>
It allows recovering the device from a bad state by booting from a trusted recovery media.
When accessed with the device in a good state, it also allows enabling developer mode.
</p>
<div class="subsection">
<h2 id="recovering_bad_state">Recovering from a bad state</h2>
<p>
When the device fails to verify the signature of a piece of the boot software or when an error occurs,
it is considered to be in a bad state and will instruct the user to reboot to recovery mode.<br />
Recovery mode boots using only software located in write-protected memory, that is considered to be trusted and safe.
</p>
<p>
Recovery mode then allows recovering the device by booting from a trusted recovery media, that is automatically detected when recovery mode starts.
When no external media is found or when the recovery media is invalid, instructions are shown on screen. <br />
Trusted recovery media are external media (USB drives, SD cards, etc) that hold a kernel signed with the recovery key.
</p>
<p>
Google provides images of such recovery media for Chrome OS (which are not advised to users as they contain proprietary software). <br />
They are signed with Google's recovery keys, that are pre-installed on the device when it ships.
</p>
<p>
When replacing the full flash of the device, the pre-installed keys are replaced.
When the recovery private key is available (e.g. when using self-generated keys), it can be used to sign a kernel for recovery purposes.
</p>
</div>
<div class="subsection">
<h2 id="enabling_developer_mode">Enabling developer mode</h2>
<p>
As instructed on the recovery mode screen, developer mode can be enabled by pressing <b>Ctrl + D</b>.<br />
Instructions to confirm enabling developer mode are then shown on screen.
</p>
</div>
</div>
<div class="section">
<h1 id="configuring_verified_boot_parameters">Configuring verified boot parameters</h1>
<p>
Depthcharge's behavior relies on the verified boot (vboot) reference implementation,
that can be configured with parameters stored in the verified boot non-volatile storage.<br />
These parameters can be modified with the <b>crossystem</b> tool, that requires sufficient privileges to access the verified boot non-volatile storage.
</p>
<p>
<b>crossystem</b> relies on <b>mosys</b>, that is used to access the verified boot non-volatile storage on some devices.
<b>crossystem</b> and <b>mosys</b> are both free software and their source code is made available by Google: <a href="https://chromium.googlesource.com/chromiumos/platform/vboot_reference/">crossystem</a>. <a href="https://chromium.googlesource.com/chromiumos/platform/mosys/">mosys</a>.<br />
These tools are not distributed along with Libreboot yet. However, they are preinstalled on the device, with ChromeOS.
</p>
<p>
Some of these parameters have the potential of <b>weakening the security of the device</b>.
In particular, disabling kernels signature verification, external media boot and legacy payload boot can weaken the security of the device.
</p>
<div class="subsection">
<p>
The following parameters can be configured:
</p>
<ul>
<li>
Kernels signature verification:
<ul>
<li>
Enabled with:<br />
# <b>crossystem dev_boot_signed_only=1</b>
</li>
<li>
Disabled with:<br />
# <b>crossystem dev_boot_signed_only=0</b>
</li>
</ul>
</li>
<li>
External media boot:
<ul>
<li>
Enabled with:<br />
# <b>crossystem dev_boot_usb=1</b>
</li>
<li>
Disabled with:<br />
# <b>crossystem dev_boot_usb=0</b>
</li>
</ul>
</li>
<li>
Legacy payload boot:
<ul>
<li>
Enabled with:<br />
# <b>crossystem dev_boot_legacy=1</b>
</li>
<li>
Disabled with:<br />
# <b>crossystem dev_boot_legacy=0</b>
</li>
</ul>
</li>
<li>
Default boot medium:
<ul>
<li>
Internal storage:<br />
# <b>crossystem dev_default_boot=disk</b>
</li>
<li>
External media:<br />
# <b>crossystem dev_default_boot=usb</b>
</li>
<li>
Legacy payload:<br />
# <b>crossystem dev_default_boot=legacy</b>
</li>
</ul>
</ul>
</div>
</div>
<div class="section">
<p>
Copyright © 2015 Paul Kocialkowski <contact@paulk.fr><br/>
Permission is granted to copy, distribute and/or modify this document
under the terms of the Creative Commons Attribution-ShareAlive 4.0 International license
or any later version published by Creative Commons;
A copy of the license can be found at <a href="../cc-by-sa-4.0.txt">../cc-by-sa-4.0.txt</a>
</p>
<p>
Updated versions of the license (when available) can be found at
<a href="https://creativecommons.org/licenses/by-sa/4.0/legalcode">https://creativecommons.org/licenses/by-sa/4.0/legalcode</a>
</p>
<p>
UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
</p>
<p>
TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
</p>
<p>
The disclaimer of warranties and limitation of liability provided
above shall be interpreted in a manner that, to the extent
possible, most closely approximates an absolute disclaimer and
waiver of all liability.
</p>
</div>
</body>
</html>
|