ChromeBook CampFire?

Everything we know about Campfire, Google’s secretive project to get Windows 10 running on Chromebooks.[…]

https://www.xda-developers.com/chromebooks-chrome-os-windows-10-dual-boot-apple-boot-camp-campfire/

 

Chrome OS firmware change may support Verified Boot of Windows?

[…]A recent branch title “firmware-eve-campfire” was discovered in the Chromium gerrit, accompanied by changes referencing “AltOS” and “go/vboot-windows.” That, combined that with the addition of placeholder strings for “Chrome OS” and “AltOS” being added to all languages, suggests that a future Chrome OS device, codenamed “Eve” will have the capability to boot more than one operating system. The commit was found by -nbsp- on Reddit. Obviously, with a name like “vboot-windows,” it is easy to jump to the conclusion that the feature is intended for Microsoft Windows, though little information about this is available. Most of the relevant code is hidden behind the private gerrit for Google employees, making it difficult to ascertain how this works and what it is intended for. According to a post at XDA-developers, it seems possible that this could be used for non-Windows OSes, such as Linux, or whatever Google Fuschia actually is.[…]

https://www.techrepublic.com/article/a-mysterious-chrome-os-commit-could-hint-at-a-chromebook-that-dual-boots-windows/

How to update Chrome OS firmware to improve security

How to update Chrome OS firmware to improve security
By Andy Wolber

1. Check Chrome OS firmware version
2. Save settings and files
3. Create Chrome recovery media
4. Update with a Powerwash

Full article:
https://www.techrepublic.com/article/how-to-update-chrome-os-firmware-to-improve-security/

 

See-also:
https://support.google.com/chromebook/answer/183084
https://support.google.com/chromebook/answer/3296214
https://support.google.com/chrome/a/answer/1360642
https://support.google.com/chromebook/answer/1080595

CNet: How Chromebooks became the go-to laptops for security experts

[…]Drewry and Liu focused on four key features for the Chromebook that have been available ever since the first iteration in 2010:
sandboxing,
verified boots,
power washing and
quick updates.
These provided security features that made it much harder for malware to pass through, while providing a quick fix-it button if it ever did. “That’s the fundamental difference between how Chrome OS works and how any other computer at the time worked,” Liu said.[…]

https://www.cnet.com/uk/news/how-google-chromebooks-became-the-go-to-laptop-for-security-experts/

 

new ChromeOS TPM security feature

https://www.androidpolice.com/2018/02/18/google-releases-optional-security-update-chromebooks-wipes-local-data/

https://www.techrepublic.com/article/chromebook-update-boosts-security-but-wipes-all-data-in-the-process/

https://chromeunboxed.com/news/tpm-update-chrome-os-how-to-chromebook

https://www.chromium.org/chromium-os/tpm_firmware_update

https://productforums.google.com/forum/#!topic/chromebook-central/eo2HZeDVjr8

https://www.infineon.com/cms/en/product/promopages/tpm-update/

 

Mr. Chromebox’s ChromeOS Firmware Utility Script

https://mrchromebox.tech/
https://github.com/MattDevo/

ChromeOS impact of Infineon TPM problem

More on: https://firmwaresecurity.com/2017/10/10/infineon-tpms-generating-weak-keys/

“You can check the TPM firmware running on your device by looking at the firmware_version line of the tpm_version entry in chrome://system. If the tpm_version entry is absent, this is likely because you are running an old Chrome OS version which doesn’t report this information. Upgrade to a newer version and check again.”

https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update

 

CMC-Vboot: investigates Chrome’s Verified Boot

This project takes Chrome’s Verified Boot (Vboot) process and examines its various security properties using formal logic. This verification is done with a focus on the firmware/hardware boundary. The Vboot process depends on the correct functionality of a Trusted Platform Module (TPM) and a SHA accelerator. Because these hardware accelerators are interacted with through Memory Mapped I/O (MMIO), it is difficult for normal formal methods to capture the interface between the MMIO registers and the workings of the Hardware modules. To explore this boundary I am using a Software TPM Library and passing it through to the QEMU Hardware Emulator. This allows me to use the normal MMIO registers of a TPM with the original Vboot Library.[…]

https://github.com/gilhooleyd/CBMC-Vboot

Duo on ChromeOS Verified Access API

Duo Collaborates With Google to Provide Verified Access for Chrome OS

[…]
Ensuring Trusted Access with Google’s Verified Access API
For the past few months, we’ve worked with Google on testing early versions of the Chrome OS Verified Access API, which is now publicly available and configurable in the Google Apps Admin Panel. Verified Access is a new API that allows Chromebooks to cryptographically attest to the state of certain security properties of the device to a third party – in our case, that third party is actually Duo’s service – for the purposes of making decisions around activities like access control. We use this to reliably assess the security posture of Chromebooks at Duo before they are allowed to access particularly sensitive resources. What does the attestation protocol actually tell us? According to the source code:[…]

https://duo.com/blog/duo-collaborates-with-google-to-provide-verified-access-for-chromeos
http://googleforwork.blogspot.com/2016/09/pushing-the-boundary-of-Chrome-OS-Security-with-Verified-Access.html

ARM on OEM impact of Android apps on Chromebooks

bfuller has a post ARM’s Android Community blog, with a whitepaper for OEMs on how to deal with Google making Android apps run on ChromeOS systems:

Google on May 19 announced that Android apps are coming to Chromebook. Here is a backgrounder on what the move means for developers, OEMs and consumers. […] The move is likely to have a profound impact on the Chromebook market but also more broadly on clamshell, two-in-one and hybrid form factors. In some ways, the move echoes the impact that the Android development community and ARM ecosystem had in 2009, at the dawn of the smart phone era. What exactly the announcement mean for developers, OEMs and consumers? We’ve posted a detailed article (Android Apps on Chromebook.pdf) that dives into the possibilities and implications of making Android apps available on Chromebooks. Check it out and let us know how the news will affect your work! […]

https://community.arm.com/groups/android-community/blog/2016/05/19/android-apps-on-chromebook-what-it-means-for-developers-oems
https://chrome.googleblog.com/2016/05/the-google-play-store-coming-to.html
https://community.arm.com/docs/DOC-11574