Uncategorized

Chrome OS firmware change may support Verified Boot of Windows?

[…]A recent branch title “firmware-eve-campfire” was discovered in the Chromium gerrit, accompanied by changes referencing “AltOS” and “go/vboot-windows.” That, combined that with the addition of placeholder strings for “Chrome OS” and “AltOS” being added to all languages, suggests that a future Chrome OS device, codenamed “Eve” will have the capability to boot more than one operating system. The commit was found by -nbsp- on Reddit. Obviously, with a name like “vboot-windows,” it is easy to jump to the conclusion that the feature is intended for Microsoft Windows, though little information about this is available. Most of the relevant code is hidden behind the private gerrit for Google employees, making it difficult to ascertain how this works and what it is intended for. According to a post at XDA-developers, it seems possible that this could be used for non-Windows OSes, such as Linux, or whatever Google Fuschia actually is.[…]

https://www.techrepublic.com/article/a-mysterious-chrome-os-commit-could-hint-at-a-chromebook-that-dual-boots-windows/

Standard
Uncategorized

How to update Chrome OS firmware to improve security

How to update Chrome OS firmware to improve security
By Andy Wolber

1. Check Chrome OS firmware version
2. Save settings and files
3. Create Chrome recovery media
4. Update with a Powerwash

Full article:
https://www.techrepublic.com/article/how-to-update-chrome-os-firmware-to-improve-security/

 

See-also:
https://support.google.com/chromebook/answer/183084
https://support.google.com/chromebook/answer/3296214
https://support.google.com/chrome/a/answer/1360642
https://support.google.com/chromebook/answer/1080595

Standard
Uncategorized

CNet: How Chromebooks became the go-to laptops for security experts

[…]Drewry and Liu focused on four key features for the Chromebook that have been available ever since the first iteration in 2010:
sandboxing,
verified boots,
power washing and
quick updates.
These provided security features that made it much harder for malware to pass through, while providing a quick fix-it button if it ever did. “That’s the fundamental difference between how Chrome OS works and how any other computer at the time worked,” Liu said.[…]

https://www.cnet.com/uk/news/how-google-chromebooks-became-the-go-to-laptop-for-security-experts/

 

Standard
Uncategorized

new ChromeOS TPM security feature

https://www.androidpolice.com/2018/02/18/google-releases-optional-security-update-chromebooks-wipes-local-data/

https://www.techrepublic.com/article/chromebook-update-boosts-security-but-wipes-all-data-in-the-process/

https://chromeunboxed.com/news/tpm-update-chrome-os-how-to-chromebook

https://www.chromium.org/chromium-os/tpm_firmware_update

https://productforums.google.com/forum/#!topic/chromebook-central/eo2HZeDVjr8

https://www.infineon.com/cms/en/product/promopages/tpm-update/

 

Standard
Uncategorized

Mr. Chromebox’s ChromeOS Firmware Utility Script

https://mrchromebox.tech/
https://github.com/MattDevo/

Standard
Uncategorized

ChromeOS impact of Infineon TPM problem

More on: https://firmwaresecurity.com/2017/10/10/infineon-tpms-generating-weak-keys/

“You can check the TPM firmware running on your device by looking at the firmware_version line of the tpm_version entry in chrome://system. If the tpm_version entry is absent, this is likely because you are running an old Chrome OS version which doesn’t report this information. Upgrade to a newer version and check again.”

https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update

 

Standard
Uncategorized

CMC-Vboot: investigates Chrome’s Verified Boot

This project takes Chrome’s Verified Boot (Vboot) process and examines its various security properties using formal logic. This verification is done with a focus on the firmware/hardware boundary. The Vboot process depends on the correct functionality of a Trusted Platform Module (TPM) and a SHA accelerator. Because these hardware accelerators are interacted with through Memory Mapped I/O (MMIO), it is difficult for normal formal methods to capture the interface between the MMIO registers and the workings of the Hardware modules. To explore this boundary I am using a Software TPM Library and passing it through to the QEMU Hardware Emulator. This allows me to use the normal MMIO registers of a TPM with the original Vboot Library.[…]

https://github.com/gilhooleyd/CBMC-Vboot

Standard