Uncategorized

ChromeOS impact of Infineon TPM problem

More on: https://firmwaresecurity.com/2017/10/10/infineon-tpms-generating-weak-keys/

“You can check the TPM firmware running on your device by looking at the firmware_version line of the tpm_version entry in chrome://system. If the tpm_version entry is absent, this is likely because you are running an old Chrome OS version which doesn’t report this information. Upgrade to a newer version and check again.”

https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update

 

Standard
Uncategorized

CMC-Vboot: investigates Chrome’s Verified Boot

This project takes Chrome’s Verified Boot (Vboot) process and examines its various security properties using formal logic. This verification is done with a focus on the firmware/hardware boundary. The Vboot process depends on the correct functionality of a Trusted Platform Module (TPM) and a SHA accelerator. Because these hardware accelerators are interacted with through Memory Mapped I/O (MMIO), it is difficult for normal formal methods to capture the interface between the MMIO registers and the workings of the Hardware modules. To explore this boundary I am using a Software TPM Library and passing it through to the QEMU Hardware Emulator. This allows me to use the normal MMIO registers of a TPM with the original Vboot Library.[…]

https://github.com/gilhooleyd/CBMC-Vboot

Standard
Uncategorized

Duo on ChromeOS Verified Access API

Duo Collaborates With Google to Provide Verified Access for Chrome OS

[…]
Ensuring Trusted Access with Google’s Verified Access API
For the past few months, we’ve worked with Google on testing early versions of the Chrome OS Verified Access API, which is now publicly available and configurable in the Google Apps Admin Panel. Verified Access is a new API that allows Chromebooks to cryptographically attest to the state of certain security properties of the device to a third party – in our case, that third party is actually Duo’s service – for the purposes of making decisions around activities like access control. We use this to reliably assess the security posture of Chromebooks at Duo before they are allowed to access particularly sensitive resources. What does the attestation protocol actually tell us? According to the source code:[…]

https://duo.com/blog/duo-collaborates-with-google-to-provide-verified-access-for-chromeos
http://googleforwork.blogspot.com/2016/09/pushing-the-boundary-of-Chrome-OS-Security-with-Verified-Access.html

Standard
Uncategorized

ARM on OEM impact of Android apps on Chromebooks

bfuller has a post ARM’s Android Community blog, with a whitepaper for OEMs on how to deal with Google making Android apps run on ChromeOS systems:

Google on May 19 announced that Android apps are coming to Chromebook. Here is a backgrounder on what the move means for developers, OEMs and consumers. […] The move is likely to have a profound impact on the Chromebook market but also more broadly on clamshell, two-in-one and hybrid form factors. In some ways, the move echoes the impact that the Android development community and ARM ecosystem had in 2009, at the dawn of the smart phone era. What exactly the announcement mean for developers, OEMs and consumers? We’ve posted a detailed article (Android Apps on Chromebook.pdf) that dives into the possibilities and implications of making Android apps available on Chromebooks. Check it out and let us know how the news will affect your work! […]

https://community.arm.com/groups/android-community/blog/2016/05/19/android-apps-on-chromebook-what-it-means-for-developers-oems
https://chrome.googleblog.com/2016/05/the-google-play-store-coming-to.html
https://community.arm.com/docs/DOC-11574

Standard