Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home for chromium.org
« Groups Home
Chromium OS discuss
+ new post
About this group
Join this group
verifying kernel/root/etc. post boot ("verified dev-mode")
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   Messages 26 - 50 of 59 - Collapse all  -  Translate all to Translated (View all originals) < Older  Newer >
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Mike Frysinger  
View profile  
 More options Nov 1 2012, 1:07 pm
From: Mike Frysinger <vap...@chromium.org>
Date: Thu, 1 Nov 2012 13:07:00 -0400
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

with newer systems, you can take apart the case and toggle the RO firmware
to RW.  then build your own firmware with your own key and then sign your
images with your own key.  then you get verified boot from start to finish.

i'm not sure if this is possible with the older ones w/closed source
firmware.  maybe it'd be possible to just extract them and then overwrite
just the key in the image itself ...

no one has generally asked for this so we haven't spent too much time on
documenting things ...
-mike

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 1 2012, 1:28 pm
From: Trever <trr...@gmail.com>
Date: Thu, 1 Nov 2012 10:28:17 -0700 (PDT)
Local: Thurs, Nov 1 2012 1:28 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

That's an ideal do-it-yourself setup, was wondering about that.  Thanks.
 More documentation there would be great because I think putting your own
key in the firmware is what most hackers will wonder about first.  Again,
it's the natural approach.  Self signed end-to-end essentially.

I may try that, but for me, I have too many hobbies already.  The point I
was quite the opposite.  I really LIKE the stock Chrome OS, and the
hardware is just fine.  Point is, I can buy something that just works (for
me).  

That's the whole point.  I love the product.

But what I would love is to have the stock command line environment without
having to give up verified boot, and without having to go to the extreme of
rolling my own (as you suggest) end-to-end...

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Mike Frysinger  
View profile  
 More options Nov 1 2012, 1:32 pm
From: Mike Frysinger <vap...@chromium.org>
Date: Thu, 1 Nov 2012 13:32:14 -0400
Local: Thurs, Nov 1 2012 1:32 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

unfortunately, i don't think that will happen.  if you can access the
command line, then so can people with malicious intent.  verified mode is
meant to be as secure as possible w/out impacting the web based experience.
 local command line is not part of the web based experience, thus it gets
chucked.
-mike

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 1 2012, 1:38 pm
From: Trever <trr...@gmail.com>
Date: Thu, 1 Nov 2012 10:38:15 -0700 (PDT)
Local: Thurs, Nov 1 2012 1:38 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

Yes, I understand that.  And in general, even the slimmed down linux
command line departs entirely from the use cases the chrome device is
targeted for, to say the least.  It's just nice that it's there and there
are use cases (for some of us) for it, of course.  And having that within
the off-the-shelf-verified boot environment would be extra special.

What I really want it to be able to work with plain text better from the
chrome browser land.  Wouldn't so much need the command line then.  I saw
mini-code-edit web app being used at I/O, but that doesn't seem to be fully
cooked yet.  Maybe that's another thread...

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Randall Spangler  
View profile  
 More options Nov 1 2012, 1:42 pm
From: Randall Spangler <rspang...@chromium.org>
Date: Thu, 1 Nov 2012 10:41:55 -0700
Local: Thurs, Nov 1 2012 1:41 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

On Wed, Oct 31, 2012 at 11:49 PM, Trever <trr...@gmail.com> wrote:
> With the kernel/fs signatures and the read only key burned in the
> firmware, it would be cool to see if you could still (post boot) detect
> root kits and such with the same level of assurance as stock verified boot
> gives you.  (Whatever assurance that is.)  The Chrome device
> "infrastructure" seems like it would make possible a USB drive with tools
> that a root kit couldn't fool, etc..  Where I started with this thread.

Once you've booted, you can't tell if a root kit was used to boot the
system (or has subsequently been installed by someone at your root shell
when you weren't looking).  Crossystem gets its information through kernel
calls, so a rootkit kernel can simply lie.

> I personally like turning off the verified boot so that I have the stock
> Chrome OS but also with the shell.  Because stock Chrome OS has pretty much
> what I need (find, ls, mv, cp, sed, awk, curl, vim, etc..).   I don't need
> to hobby up my own distro (UGH!), just need the stock shell (and Chrome OS
> browser land).  Allows me eg. to move eon's of ASCII documentation to my
> chromebox and use my converter (ascii2gocs) over time to put everything in
> the Google cloud at my leisure, while still being on the chrome device and
> having the relative security of that.  Whatever.  But it's a bit of a
> whince to lose the verified boot.

If that's all you need, you can do the following:

1) Turn the dev switch on
2) Set a root password
3) From a root shell, run:

crossystem dev_boot_usb=0 dev_boot_signed_only=1

The firmware will then boot only Google-signed images (full verified boot),
and only from the SSD, but you'll still have your root shell.

- Randall

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Randall Spangler  
View profile  
 More options Nov 1 2012, 1:51 pm
From: Randall Spangler <rspang...@chromium.org>
Date: Thu, 1 Nov 2012 10:51:46 -0700
Local: Thurs, Nov 1 2012 1:51 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

On Thu, Nov 1, 2012 at 10:41 AM, Randall Spangler <rspang...@chromium.org>wrote:

Caveat: those flags only work on newer Chromebooks.  I don't remember off
the top of my head if Samsung Series 5 supported dev_boot_signed_only.  We
added the feature a year ago in
these<https://gerrit.chromium.org/gerrit/gitweb?p=chromiumos/platform/vboot...>
commits<https://gerrit.chromium.org/gerrit/gitweb?p=chromiumos/platform/vboot...>
.

- Randall

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 1 2012, 1:53 pm
From: Trever <trr...@gmail.com>
Date: Thu, 1 Nov 2012 10:53:22 -0700 (PDT)
Local: Thurs, Nov 1 2012 1:53 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

THERE!  Thank you!!!  Awesome.

(Re root kits... there are tools on other OS's that reputable security
people do trust to do a pretty good job of detecting if your box is
rooted... but I hear what you're saying.  In theory, once you're root
kitted, all bets are off.  But in practice?....)

I am still curious what a shell does to Chrome OS security when running
like you just specified ("verified dev-mode", I'll call it).  Assuming no
one gets physical access to my device(s)...

But I imagine that's a bit unknown.  Who knows what a hacker can do?

I will put some of the information from this thread on the Chrome OS twiki
and give the link.  If people could check that for technical accuracy when
it's done, would be appreciated.  Then you can just point people to the
doc.  

I wish Google would hire the Chrome OS team some tech writers....

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Richard Barnette  
View profile  
 More options Nov 1 2012, 2:22 pm
From: Richard Barnette <jrbarne...@chromium.org>
Date: Thu, 1 Nov 2012 11:21:45 -0700
Local: Thurs, Nov 1 2012 2:21 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author
On Nov 1, 2012, at 10:53 AM, Trever wrote:

> THERE!  Thank you!!!  Awesome.

> (Re root kits... there are tools on other OS's that reputable security people do trust to do a pretty good job of detecting if your box is rooted... but I hear what you're saying.  In theory, once you're root kitted, all bets are off.  But in practice?….)

In practice, it's at least as hard to break into a Chrome OS system as
any stock Linux system, and the tools for detecting a root kit ought to be
portable to Chromium OS.  However, if you don't want/need to install
custom software bits, you're probably more secure booting a verified,
Google-signed Chrome OS image.

> I am still curious what a shell does to Chrome OS security when running like you just specified ("verified dev-mode", I'll call it).  Assuming no one gets physical access to my device(s)…

The shell doesn't actually do anything:  It's there in the system with
or without dev mode.  What dev mode does relative to the shell
is 1) enables switching to VT2, and 2) enables access to bash from
an in-browser terminal.

Changing to dev mode doesn't open up any network ports, so turning
on dev mode doesn't add to the attack surface unless the bad guy
gets physical access.

Security-wise, turning on dev mode costs you these things (that I know
of):
 1) Attackers that get physical access may have ways to break into
    your system that weren't there before, and
 2) If an attacker can get sufficient access (with or without physical
    access), he can install a root kit, or some equivalent, and your
    system could still boot.

If you keep your Chromebook physically secure, you don't have to
worry about 1), and 2) is really hard to do even with physical access
(and harder without it).

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Hung-Te Lin  
View profile  
 More options Nov 1 2012, 5:49 pm
From: Hung-Te Lin <hun...@chromium.org>
Date: Fri, 2 Nov 2012 05:48:27 +0800
Local: Thurs, Nov 1 2012 5:48 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

It sounds like "is there any way to get command line prompts for tools in
verified mode"?

Since all you need is "command line" instead of "the real OS that is
running", I wonder if that can be replaced by a sandboxed virtual Linux,
ex: http://bellard.org/jslinux/

On Fri, Nov 2, 2012 at 2:21 AM, Richard Barnette <jrbarne...@chromium.org>wrote:

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 1 2012, 7:16 pm
From: Trever <trr...@gmail.com>
Date: Thu, 1 Nov 2012 16:16:58 -0700 (PDT)
Local: Thurs, Nov 1 2012 7:16 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

Only because I don't know the code and such, I can't speak to the
implementation.  But the design of the verified boot seems much more
trustworthy than running tools on a root kitted system, so from the
security standpoint would rather have the verified boot. Yes- it's what I
want.  There has to be a rationalization for buying the Chrome device
hardware.  :-)

I have some chromeboxes (got for dirt cheap) that I will hack, probably
starting with the USB boot.  Eventually (in theory) the possibility of
burning my own keys into the firmware is intriguing...

 2) If an attacker can get sufficient access (with or without physical

>     access), he can install a root kit, or some equivalent, and your
>     system could still boot.

Well wait a minute.  As I understand the ability to have a command line
with verified boot (crossystem dev_boot_usb=0 dev_boot_signed_only=1 has
been run and the dev-switch is on), the system won't boot (or it does
something to alert user) if it's not a stock Google kernel.  No?  What's
the point of the "dev_boot_signed_only=1" argument if there's no effect
when the firmware detects that the kernel isn't a Google signed kernel?

Because the dev-switch is on, I realize the system is already alerting the
user at boot (the frowny face etc.).  But is there something that happens
as well to alert that the kernel is not Google's?


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 1 2012, 7:39 pm
From: Trever <trr...@gmail.com>
Date: Thu, 1 Nov 2012 16:39:49 -0700 (PDT)
Local: Thurs, Nov 1 2012 7:39 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

I have seen that crazy/amazing jslinux thing before!  I don't know where
people get the time...  :-)

No that won't do it.  

If in the Chrome OS stock terminal, I go into vi, and write the file I'm
editing, and it is saved into Google Docs, I'd be happy.  (Saving to Google
Drive doesn't work this way.) Preferably when I do :w!, it is even saved as
a Google Document (not just a file), but whatever.  By analogy, the way
that ssh works (as a web app) kind of deal, if that makes any sense at all.
 If there were a vi web app that saves out to Google Drive, just as ssh is
a web app that actually is working pretty darn well and feels like command
line ssh, I'd be on cloud 9 in Google's cloud.  Throw in a source control
tool or two... da bomb.

I bet these things will come, but waiting and waiting and waiting...
painful.  I'm trying to find time myself to help create the things, but
finding time is of course tough, especially when it's not paid time.

As it stands I had to hack together this thing:
http://code.google.com/p/ascii2gdocs/

Given ascii2gdocs and the command line access the developer switch allows,
and finding in stock Chrome OS what I have found, I can get there.  And I
can get there from any sufficiently equipped UNIX server.  It's not elegant
though...

(I guess I should say, there are still other reasons why I want the Chrome
OS command line, including just taking leisure time to study the thing and
see what's what under the covers.)

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Richard Barnette  
View profile  
 More options Nov 1 2012, 8:36 pm
From: Richard Barnette <jrbarne...@chromium.org>
Date: Thu, 1 Nov 2012 17:36:12 -0700
Local: Thurs, Nov 1 2012 8:36 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author
On Nov 1, 2012, at 4:16 PM, Trever wrote:
[ … ]
>  2) If an attacker can get sufficient access (with or without physical
>     access), he can install a root kit, or some equivalent, and your
>     system could still boot.

> Well wait a minute.  As I understand the ability to have a command line with verified boot (crossystem dev_boot_usb=0 dev_boot_signed_only=1 has been run and the dev-switch is on), the system won't boot (or it does something to alert user) if it's not a stock Google kernel.  No?  What's the point of the "dev_boot_signed_only=1" argument if there's no effect when the firmware detects that the kernel isn't a Google signed kernel?

> Because the dev-switch is on, I realize the system is already alerting the user at boot (the frowny face etc.).  But is there something that happens as well to alert that the kernel is not Google's?

Guess I could have been clearer when I said "sufficient access":
If an attacker can break into your system and get root access
while dev mode is enabled, he can execute his own 'crossystem'
command to undo the settings, and install his rootkit.  If verified
boot were on, the crossystem command wouldn't work, and
you'd be protected.

Note that breaking in and getting root access is still hard.  And
again, turning on dev mode by itself doesn't make getting root
access any easier as long as you guard your Chromebook, and
don't open up any network ports.

> --
> Chromium OS discuss mailing list: chromium-os-disc...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en

-- jrb

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
T N  
View profile  
 More options Nov 1 2012, 9:07 pm
From: T N <trr...@gmail.com>
Date: Thu, 1 Nov 2012 18:07:17 -0700
Local: Thurs, Nov 1 2012 9:07 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author
Pretty sure I understand what you're saying.

What you said made me wonder though, regardless of what threat model
we're assuming, I simply would like to know what happens if, in the
following order, assuming we start with a clean unhacked Chrome
device:
1.  User enables dev-mode (physical switch or virtual on ARM units)
2.  User successfully runs crossystem dev_boot_usb=0 dev_boot_signed_only=1
3.  Something installs a non-signed Google kernel (perhaps it is a
rootkitted kernel) to the default kernel partition
4.  User reboots (no other events have happened- in other words, dev
switch is still on and the dev_boot_signed_only=1 is still set)

What then?  I can't test that easily without installing my own
non-Google signed kernel.

Since at step 4 the dev switch is still enabled and since verified
boot is on (dev_boot_signed_only=1) and since a bad kernel is queued
for boot, what happens?

We know we get the frowny face (I guess, need to try the crossystem
command here...).  When the bad kernel is encountered, firmware boots
the remaining Google signed kernel?  What if both kernels are hacked
(no good Google kernels- i.e. what if in step #3 something installs
two bad kernels)?  Will the system refuse to boot?  Go into recovery
mode?  Or?

Thanks in advance!  Parsing to this level of detail is useful, I believe!

On Thu, Nov 1, 2012 at 5:36 PM, Richard Barnette


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Richard Barnette  
View profile  
 More options Nov 1 2012, 9:36 pm
From: Richard Barnette <jrbarne...@chromium.org>
Date: Thu, 1 Nov 2012 18:36:36 -0700
Local: Thurs, Nov 1 2012 9:36 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author
On Nov 1, 2012, at 6:07 PM, T N wrote:

Actually, it's not too hard to test, even without a custom kernel;
After you're in dev mode, there's a command you can run from
the shell prompt that will disable the verified root (check out
/usr/share/vboot/bin/make_dev_ssd.sh).

The problem with this (or with testing a custom image) is that
afterwards, the only way back to a verified system is to go through
recovery, which is more trouble than it's worth for a short experiment.

> Since at step 4 the dev switch is still enabled and since verified
> boot is on (dev_boot_signed_only=1) and since a bad kernel is queued
> for boot, what happens?

I haven't tested the specific feature, but I imagine you'll see the same
thing you'd see if verified boot were enabled.  That exact experience
depends on whether you've got newer or older hardware, but basically,
you'll see a screen that says your system doesn't contain Chrome OS,
and you'll have instructions on what key to press in order to start
recovery.

> We know we get the frowny face (I guess, need to try the crossystem
> command here...).  When the bad kernel is encountered, firmware boots
> the remaining Google signed kernel?  What if both kernels are hacked
> (no good Google kernels- i.e. what if in step #3 something installs
> two bad kernels)?  Will the system refuse to boot?  Go into recovery
> mode?  Or?

Someone with more experience with the firmware will need to weigh
in here; I think that if the system has an old, valid kernel it may try to
boot that before it gives up.  In any event, if both images fail to pass
verification, you'll get the sad face firmware screen, and the opportunity
to go to recovery.

-- jrb

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 1 2012, 11:20 pm
From: Trever <trr...@gmail.com>
Date: Thu, 1 Nov 2012 20:20:14 -0700 (PDT)
Local: Thurs, Nov 1 2012 11:20 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

I enabled dev_boot_signed_only=1 on a stumpy box and that does seem to kick
in a normalish verified boot.  While there is a long pause before boot (I
guess the 30 second pause) and a beep about half way through that pause, I
do not get the frowny face with the message saying: "Chrome OS verification
is turned off.  Press space to begin recovery"

So it would be interesting to know (anyone?) what happens when various
kernels are installed that are not signed by Google (ie. if the default
kernel is not, if the standby is not, if both are not).

Presumably normal verified boot behavior but yes- a bit of a hassle to test
myself.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 2 2012, 3:47 am
From: Trever <trr...@gmail.com>
Date: Fri, 2 Nov 2012 00:47:45 -0700 (PDT)
Local: Fri, Nov 2 2012 3:47 am
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

...finally, if what I seemed to see (and not see) on the screen during boot
with the dev-mode switch enabled but the verified boot toggled on comes out
of firmware, doesn't this mean that if you're physically sitting at the
device watching, you know you have a verified boot?  No rootkitted kernels
and/or changes to your boot preference settings possible?


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Mike Frysinger  
View profile  
 More options Nov 2 2012, 12:16 pm
From: Mike Frysinger <vap...@chromium.org>
Date: Fri, 2 Nov 2012 12:15:37 -0400
Local: Fri, Nov 2 2012 12:15 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

if verified boot is enabled, then you can be fairly confident that the
system is not rooted.  in order to break the chain of trust, someone would
have to disassemble your machine, toggle the read-only firmware to
read-write, install their own custom modified firmware, and then
 re-assemble the device.

while it's possible with enough time, it's not trivial.
-mike


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 2 2012, 1:48 pm
From: Trever <trr...@gmail.com>
Date: Fri, 2 Nov 2012 10:48:58 -0700 (PDT)
Local: Fri, Nov 2 2012 1:48 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

That's the verified boot theory- yep.

So I'll assume that if the amount of time that has passed during boot is
correct, and a user does NOT see the "Chrome OS verification is turned off.
 Press space to begin recovery" message, they can be certain the chain of
trust has not been broken, including that no one has spoofed/covered
messages at the physical console to cover that verification has been
toggled off behind the user's back, etc..  I guess that message is burned
in the read only firmware or that the chain works in such a way that if you
don't see it and the amount of time passed is correct, you know you have an
unbroken chain of trust (ie. a true verified boot).

(I realize other things are more likely to bite you in terms of security
than worrying too much about all of this... but verified boot is not
trivial to lose- it's good to have IMHO.)

Based
on https://gerrit.chromium.org/gerrit/gitweb?p=chromiumos/platform/vboot...,
it seems the older generation had the same dev-mode verified boot feature-
i.e. you had to install the dev-mode bios to break verified boot (not just
toggling the physical switch).  It seems you guys just changed the way you
do it.  I can't test that easily but if someone knows and can chime in,
I'll add it to the public TWIKI.

Thanks for all the information and staying with the thread!

Trever


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 2 2012, 4:36 pm
From: Trever <trr...@gmail.com>
Date: Fri, 2 Nov 2012 13:36:46 -0700 (PDT)
Local: Fri, Nov 2 2012 4:36 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

I have added some documenation to the Chrome OS Wiki, if anyone wishes to
check it for technical accuracy or pass on additional information:
https://sites.google.com/site/chromeoswikisite/home/tips-and-tricks/s...


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Ottavio Caruso  
View profile  
 More options Nov 2 2012, 4:46 pm
From: Ottavio Caruso <ottavio2006-usenet2...@yahoo.com>
Date: Fri, 2 Nov 2012 20:43:14 +0000
Local: Fri, Nov 2 2012 4:43 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author
On 2 November 2012 20:36, Trever <trr...@gmail.com> wrote:

> I have added some documenation to the Chrome OS Wiki, if anyone wishes to
> check it for technical accuracy or pass on additional information:
> https://sites.google.com/site/chromeoswikisite/home/tips-and-tricks/s...

Thanks for this page Trever.

Maybe unrelated to technical aspect of this discussion, but I wonder
if tinkering with dev mode would invalidate the warranty of the
device. I've read scary stories about not being able to restore to
default after playing with dev mode. I wonder if there's any truth in
this. Thanks

--
Ottavio


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 2 2012, 4:51 pm
From: Trever <trr...@gmail.com>
Date: Fri, 2 Nov 2012 13:51:55 -0700 (PDT)
Local: Fri, Nov 2 2012 4:51 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

I'm quite sure that's not true.  Cracking open a case physically will
void your warranty, but dev mode is there to be used.

Furthermore, in any worst case situation, you can always go back to a
clean slate using recovery mode.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Mike Frysinger  
View profile  
 More options Nov 2 2012, 4:57 pm
From: Mike Frysinger <vap...@chromium.org>
Date: Fri, 2 Nov 2012 16:57:03 -0400
Local: Fri, Nov 2 2012 4:57 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

obviously the final say is between the computer manufacturer (e.g. samsung)
and you, so read the fine print that was in the box with the chromebook,
but i'd lean towards what Trever said.

as long as the read-only firmware is intact, the system is designed so that
you can nuke the entire drive, turn the dev switch off, and still be able
to recover.  this page details that process:
http://support.google.com/chromeos/bin/answer.py?hl=en&answer=1080595
-mike


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 2 2012, 9:34 pm
From: Trever <trr...@gmail.com>
Date: Fri, 2 Nov 2012 18:34:00 -0700 (PDT)
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

Turns out my KVM was doing funny things.

On my stumpy box, if I have dev_boot_signed_only=1, I still get the frowny
face saying verified boot is off and to press space for recovery mode.

It seems to be this is a bug.  Whether or not I have dev mode enabled, the
ability to toggle dev_boot_signed_only to re-enable verified boot to me
means something like this:
1.  If I have enabled developer mode, maybe the long pause and beeps should
happen, but
2.  If I have re-enabled verified boot using dev_boot_signed_only=1, it
seems to me that even though developer mode is still on, I shouldn't see
the screen saying it's off.  How about darkness, if not a screen saying
you're in dev mode, while the pause and beeps happen?

I will file a bug report.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 2 2012, 9:36 pm
From: Trever <trr...@gmail.com>
Date: Fri, 2 Nov 2012 18:36:34 -0700 (PDT)
Local: Fri, Nov 2 2012 9:36 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

Sorry, for 2 meant:

2. If I have re-enabled verified boot using dev_boot_signed_only=1, it
seems to me that even though developer mode is still on, I shouldn't see a
screen saying verified boot is off, because it's not.  Etc.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Trever  
View profile  
 More options Nov 2 2012, 9:40 pm
From: Trever <trr...@gmail.com>
Date: Fri, 2 Nov 2012 18:40:56 -0700 (PDT)
Local: Fri, Nov 2 2012 9:40 pm
Subject: Re: [cros-discuss] verifying kernel/root/etc. post boot ("verified dev-mode")
Print | Individual message | Show original | Find messages by this author

The significance of this silliness is a way to know if verified boot has
been turned off behind your back.  In theory, it can't be turned off behind
your back if you haven't enabled developer mode so you don't have this
concern.  (I guess?)  If I am in dev mode, I'd like to have the screen tell
me correctly if verified boot has been turned on or not.  Yes?

I'm not necessarily that paranoid because we're talking about possibly
impossible hacks anyways (famous last words?), but I'm not the only person
I know who likes the "logical purity" (for lack of a better word) and
indeed the feeling of assurance that this whole chain of trust from a read
only key gives you.  It's nice.  So it'd be very nice if the displays
corresponded to what's happening beneath.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Messages 26 - 50 of 59 < Older  Newer >
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google