From 6be3490d4d751eaa4af3823d3fd6eacb55a4b9bf Mon Sep 17 00:00:00 2001
From: Paul Kocialkowski
- Chromebooks implement a strict security model to ensure that these devices do not become compromised, + CrOS (Chromium OS/Chrome OS) devices such as Chromebooks implement a strict security model to ensure that these devices do not become compromised, that is implemented as the verified boot (vboot) reference, most of which is executed within depthcharge. - A detailed overview of the Chromebook security model is available on the dedicated page. + A detailed overview of the CrOS security model is available on the dedicated page.
- In spite of the Chromebook security model, depthcharge won't allow booting kernels without verifying their signature and booting from external media or legacy payload unless explicitly allowed: see configuring verified boot parameters. + In spite of the CrOS security model, depthcharge won't allow booting kernels without verifying their signature and booting from external media or legacy payload unless explicitly allowed: see configuring verified boot parameters.
- This section is only for the *GRUB* payload. For depthcharge (used on ARM chromebooks in libreboot), instructions + This section is only for the GRUB payload. For depthcharge (used on CrOS devices in libreboot), instructions have yet to be written in the libreboot documentation.
- This is a chromebook, using the Rockchip RK3288 SoC. It uses + This is a Chromebook, using the Rockchip RK3288 SoC. It uses an ARM CPU, and has free EC firmware (unlike some other laptops). More RK3288-based laptops will be added to libreboot at a later date.
@@ -51,7 +51,7 @@- Chromebooks were not designed with the intent of bringing more freedom to users. - However, Chromebooks run with a lot of free software at the boot software and embedded controller levels, + CrOS (Chromium OS/Chrome OS) devices, such as Chromebooks, were not designed with the intent of bringing more freedom to users. + However, they run with a lot of free software at the boot software and embedded controller levels, since free software gives Google enough flexibility to optimize various aspects such as boot time - and most importantly, to implement the Chromebook security system, that involves various aspects of the software. + and most importantly, to implement the CrOS security system, that involves various aspects of the software. Google does hire a lot of Coreboot developers, who are generally friendly to the free software movement and try to be good members of the free software community, by contributing code back.
- Chromebooks are designed (from the factory) to actually coax the user into using + CrOS devices are designed (from the factory) to actually coax the user into using proprietary web services (SaaSS) that invade the user's privacy (ChromeOS is literally just the Google Chrome browser when you boot up, itself proprietary and comes with proprietary add-ons like flash. It's only intended for SaaSS, not actual, real computing). @@ -101,7 +101,7 @@
The FSF has a list of distributions that are 100% free software. None of these - are confirmed to work on ARM chromebooks yet. Parabola looks hopeful: + are confirmed to work on ARM CrOS devices yet. Parabola looks hopeful: https://www.parabola.nu/news/parabola-supports-armv7/
@@ -199,7 +199,7 @@
These systems do not use the GRUB payload. Instead, they use a payload called depthcharge, - which is common on Chromebooks. This is free software, maintained by Google. + which is common on CrOS devices. This is free software, maintained by Google.
Write protection is useful, because it prevents the firmware from being re-flashed by any malicious software that might become executed on your GNU/Linux system, as root. In other words, it can prevent a firmware-level evil maid attack. It's - possible to write protect on all current libreboot systems, but chromebooks make it easy. The screw is such a stupidly - simple idea, which all laptop designs should implement. + possible to write protect on all current libreboot systems, but CrOS devices make it easy. The screw is such a stupidly + simple idea, which all designs should implement.
- The SPI flash (that holds Libreboot) is divided into various partitions that are used to implement parts of the Chromebook security system. + The SPI flash (that holds Libreboot) is divided into various partitions that are used to implement parts of the CrOS security system. Libreboot is installed in the read-only coreboot partition, that becomes writable after removing the write-protect screw.
diff --git a/docs/tasks.html b/docs/tasks.html index 4054749..3121e54 100644 --- a/docs/tasks.html +++ b/docs/tasks.html @@ -102,7 +102,7 @@