[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Libreboot-dev] [PATCH 3/5] docs: Introduce instructions to use and conf
|
From: |
Paul Kocialkowski |
|
Subject: |
[Libreboot-dev] [PATCH 3/5] docs: Introduce instructions to use and configure depthcharge |
|
Date: |
Fri, 30 Oct 2015 17:16:54 +0100 |
Signed-off-by: Paul Kocialkowski <address@hidden>
---
docs/depthcharge/index.html | 292 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 288 insertions(+), 4 deletions(-)
diff --git a/docs/depthcharge/index.html b/docs/depthcharge/index.html
index 664a6c8..d30c2e0 100644
--- a/docs/depthcharge/index.html
+++ b/docs/depthcharge/index.html
@@ -14,22 +14,306 @@
<body>
<div class="section">
+
<h1 id="pagetop">Depthcharge payload</h1>
+
+ <p>
+ This section relates to the depthcharge payload used in
libreboot.
+ </p>
+
+ <p>
+ Or <a href="../index.html">Back to main index</a>.
+ </p>
+
+ <ul>
+ <li><a href="#chromebook_security_model">Chromebook
security model</a></li>
+ <li><a href="#developer_mode_screen">Developer mode
screen</a>
+ <ul>
+ <li><a
href="#holding_developer_mode_screen">Holding the developer mode screen</li>
+ <li><a href="#booting_normally">Booting
normally</li>
+ <li><a
href="#booting_different_mediums">Booting from different mediums</li>
+ <li><a
href="#showing_device_information">Showing device information</li>
+ <li><a href="#warnings">Warnings</li>
+ </ul>
+ </li>
+ <li><a href="#recovery_mode_screen">Recovery mode
screen</a>
+ <ul>
+ <li><a
href="#recovering_bad_state">Recovering from a bad state</a></li>
+ <li><a
href="#enabling_developer_mode">Enabling developer mode</a></li>
+ </ul>
+ </li>
+ <li><a
href="#configuring_verified_boot_parameters">Configuring verified boot
parameters</a></li>
+ </ul>
+
+ </div>
+
+ <div class="section">
+
+ <h1 id="chromebook_security_model">Chromebook security
model</h1>
+
+ <p>
+ Chromebooks implement a strict security model to ensure
that these devices do not become compromised,
+ that is implemented as the verified boot (vboot)
reference, most of which is executed within depthcharge.
+ A detailed overview of the Chromebook security model is
available on the dedicated page.
+ </p>
+
+ <div class="subsection">
+
+ <p>
+ In spite of the Chromebook security model,
depthcharge won't allow booting kernels without verifying their signature and
booting from external media or legacy payload unless explicitly allowed: see <a
href="#configuring_verified_boot_parameters">configuring verified boot
parameters</a>.
+ </p>
+
+ </div>
+
+ </div>
+
+ <div class="section">
+
+ <h1 id="developer_mode_screen">Developer mode screen</h1>
+
+ <p>
+ The developer mode screen can be accessed in
depthcharge when developer mode is enabled.<br />
+ Developer mode can be enabled from the <a
href="#recovery_mode_screen">recovery mode screen</a>.
+ </p>
+
+ <p>
+ It allows booting normally, booting from internal
storage, booting from external media (when enabled), booting from legacy
payload (when enabled), showing information about the device and disabling
developer mode.
+ </p>
+
+ <div class="subsection">
+
+ <h2 id="holding_developer_mode_screen">Holding the
developer mode screen</h2>
+
+ <p>
+ As instructed on the developer mode screen, the
screen can be held by pressing <b>Ctrl + H</b> in the first 3 seconds after the
screen is shown.
+ After that delay, depthcharge will resume
booting normally.
+ </p>
+
+ </div>
+
+ <div class="subsection">
+
+ <h2 id="booting_normally">Booting normally</h2>
+
+ <p>
+ As instructed on the developer mode screen, a
regular boot will happen after <b>3 seconds</b> (if developer mode screen is
not held).<br />
+ The default boot medium (internal storage,
external media, legacy payload) is shown on screen.
+ </p>
+
+ </div>
+
+ <div class="subsection">
+
+ <h2 id="booting_different_mediums">Booting from
different mediums</h2>
+
+ <p>
+ Depthcharge allows booting from different
mediums, when they are allowed (see <a
href="#configuring_verified_boot_parameters">configuring verified boot
parameters</a> to enable or disable boot mediums).<br />
+ As instructed on the developer mode screen,
booting from various mediums can be triggered by pressing various key
combinations:
+ </p>
+
+ <ul>
+ <li>Internal storage: <b>Ctrl + D</b></li>
+ <li>External media: <b>Ctrl + U</b> (when
enabled)</li>
+ <li>Legacy payload: <b>Ctrl + L</b> (when
enabled)</li>
+ </ul>
+
+ </div>
+
+ <div class="subsection">
+
+ <h2 id="showing_device_information">Showing device
information</h2>
+
+ <p>
+ As instructed on the developer mode screen,
showing device information can be triggered by pressing <b>Ctrl + I</b> or
<b>Tab</b>.<br />
+ Various information is shown, including vboot
non-volatile data, TPM status, GBB flags and key hashes.<br />
+ </p>
+
+ </div>
+
+ <div class="subsection">
+
+ <h2 id="warnings">Warnings</h2>
+
+ <p>
+ The developer mode screen will show warnings
when:
+
+ <ul>
+ <li>Booting kernels without verifying
their signature is enabled</li>
+ <li>Booting from external media is
enabled</li>
+ <li>Booting legacy payloads is
enabled</li>
+ </ul>
+
+ </p>
+
+ </div>
+
+ </div>
+
+ <div class="section">
+
+ <h1 id="recovery_mode_screen">Recovery mode screen</h1>
+
+ <p>
+ The recovery mode screen can be accessed in
depthcharge, by pressing <b>Escape + Refresh + Power</b> when the device is off.
+ </p>
+
+ <p>
+ It allows recovering the device from a bad state by
booting from a trusted recovery media.
+ When accessed with the device in a good state, it also
allows enabling developer mode.
+ </p>
+
+ <div class="subsection">
+
+ <h2 id="recovering_bad_state">Recovering from a bad
state</h2>
+
<p>
- This section relates to the depthcharge payload
used in libreboot.
+ When the device fails to verify the signature
of a piece of the boot software or when an error occurs,
+ it is considered to be in a bad state and will
instruct the user to reboot to recovery mode.<br />
+ Recovery mode boots using only software located
in write-protected memory, that is considered to be trusted and safe.
</p>
+
<p>
- TODO: write this section.
+ Recovery mode then allows recovering the device
by booting from a trusted recovery media, that is automatically detected when
recovery mode starts.
+ When no external media is found or when the
recovery media is invalid, instructions are shown on screen. <br />
+ Trusted recovery media are external media (USB
drives, SD cards, etc) that hold a kernel signed with the recovery key.
</p>
+
<p>
- <a href="../index.html">Back to main index</a>.
+ Google provides images of such recovery media
for Chrome OS (which are not advised to users as they contain proprietary
software). <br />
+ They are signed with Google's recovery keys,
that are pre-installed on the device when it ships.
</p>
+
+ <p>
+ When replacing the full flash of the device,
the pre-installed keys are replaced.
+ When the recovery private key is available
(e.g. when using self-generated keys), it can be used to sign a kernel for
recovery purposes.
+ </p>
+
+ </div>
+
+ <div class="subsection">
+
+ <h2 id="enabling_developer_mode">Enabling developer
mode</h2>
+
+ <p>
+ As instructed on the recovery mode screen,
developer mode can be enabled by pressing <b>Ctrl + D</b>.<br />
+ Instructions to confirm enabling developer mode
are then shown on screen.
+ </p>
+
+ </div>
+
+ </div>
+
+ <div class="section">
+
+ <h1 id="configuring_verified_boot_parameters">Configuring
verified boot parameters</h1>
+
+ <p>
+ Depthcharge's behavior relies on the verified boot
(vboot) reference implementation,
+ that can be configured with parameters stored in the
verified boot non-volatile storage.<br />
+ These parameters can be modified with the
<b>crossystem</b> tool, that requires sufficient privileges to access the
verified boot non-volatile storage.
+ </p>
+
+ <p>
+ <b>crossystem</b> relies on <b>mosys</b>, that is used
to access the verified boot non-volatile storage on some devices.
+ <b>crossystem</b> and <b>mosys</b> are both free
software and their source code is made available by Google: <a
href="https://chromium.googlesource.com/chromiumos/platform/vboot_reference/";>crossystem</a>.
<a
href="https://chromium.googlesource.com/chromiumos/platform/mosys/";>mosys</a>.<br
/>
+ These tools are not distributed along with Libreboot
yet. However, they are preinstalled on the device, with ChromeOS.
+ </p>
+
+ <p>
+ Some of these parameters have the potential of
<b>weakening the security of the device</b>.
+ In particular, disabling kernels signature
verification, external media boot and legacy payload boot can weaken the
security of the device.
+ </p>
+
+ <div class="subsection">
+
+ <p>
+ The following parameters can be configured:
+ </p>
+
+ <ul>
+
+ <li>
+ Kernels signature verification:
+ <ul>
+
+ <li>
+ Enabled with:<br />
+ # <b>crossystem
dev_boot_signed_only=1</b>
+ </li>
+
+ <li>
+ Disabled with:<br />
+ # <b>crossystem
dev_boot_signed_only=0</b>
+ </li>
+
+ </ul>
+ </li>
+
+ <li>
+ External media boot:
+ <ul>
+
+ <li>
+ Enabled with:<br />
+ # <b>crossystem
dev_boot_usb=1</b>
+ </li>
+
+ <li>
+ Disabled with:<br />
+ # <b>crossystem
dev_boot_usb=0</b>
+ </li>
+
+ </ul>
+ </li>
+
+ <li>
+ Legacy payload boot:
+ <ul>
+
+ <li>
+ Enabled with:<br />
+ # <b>crossystem
dev_boot_legacy=1</b>
+ </li>
+
+ <li>
+ Disabled with:<br />
+ # <b>crossystem
dev_boot_legacy=0</b>
+ </li>
+
+ </ul>
+ </li>
+
+ <li>
+ Default boot medium:
+ <ul>
+
+ <li>
+ Internal storage:<br />
+ # <b>crossystem
dev_default_boot=disk</b>
+ </li>
+
+ <li>
+ External media:<br />
+ # <b>crossystem
dev_default_boot=usb</b>
+ </li>
+
+ <li>
+ Legacy payload:<br />
+ # <b>crossystem
dev_default_boot=legacy</b>
+ </li>
+
+ </ul>
+
+ </ul>
+
+ </div>
+
</div>
<div class="section">
<p>
- Copyright © 2015 Francis Rowe
<address@hidden><br/>
+ Copyright © 2015 Paul Kocialkowski
<address@hidden><br/>
Permission is granted to copy, distribute and/or modify
this document
under the terms of the GNU Free Documentation License,
Version 1.3
or any later version published by the Free Software
Foundation;
--
1.9.1