Uncategorized

How to update Chrome OS firmware to improve security

How to update Chrome OS firmware to improve security
By Andy Wolber

1. Check Chrome OS firmware version
2. Save settings and files
3. Create Chrome recovery media
4. Update with a Powerwash

Full article:
https://www.techrepublic.com/article/how-to-update-chrome-os-firmware-to-improve-security/

 

See-also:
https://support.google.com/chromebook/answer/183084
https://support.google.com/chromebook/answer/3296214
https://support.google.com/chrome/a/answer/1360642
https://support.google.com/chromebook/answer/1080595

Standard
Uncategorized

CNet: How Chromebooks became the go-to laptops for security experts

[…]Drewry and Liu focused on four key features for the Chromebook that have been available ever since the first iteration in 2010:
sandboxing,
verified boots,
power washing and
quick updates.
These provided security features that made it much harder for malware to pass through, while providing a quick fix-it button if it ever did. “That’s the fundamental difference between how Chrome OS works and how any other computer at the time worked,” Liu said.[…]

https://www.cnet.com/uk/news/how-google-chromebooks-became-the-go-to-laptop-for-security-experts/

 

Standard
Uncategorized

Google introduces Android Enterprise Recommended program

https://www.android.com/enterprise/recommended/requirements/

https://www.android.com/enterprise/recommended/

https://androidenterprisepartners.withgoogle.com/#!/results/browse-all/2

Standard
Uncategorized

new ChromeOS TPM security feature

https://www.androidpolice.com/2018/02/18/google-releases-optional-security-update-chromebooks-wipes-local-data/

https://www.techrepublic.com/article/chromebook-update-boosts-security-but-wipes-all-data-in-the-process/

https://chromeunboxed.com/news/tpm-update-chrome-os-how-to-chromebook

https://www.chromium.org/chromium-os/tpm_firmware_update

https://productforums.google.com/forum/#!topic/chromebook-central/eo2HZeDVjr8

https://www.infineon.com/cms/en/product/promopages/tpm-update/

 

Standard
Uncategorized

cpu_features: library from Google Compiler Research Team

[…]Here’s the problem: there’s no way to know a priori which instructions your CPU supports. Identifying the CPU manufacturer isn’t sufficient. For instance, Intel’s Haswell architecture supports the AVX2 instruction set, while Sandy Bridge doesn’t. Some developers resort to desperate measures like reading /proc/cpuinfo to identify the CPU and then consulting hardcoded mappings of CPU IDs to instructions. Enter cpu_features, a small, fast, and simple open source library to report CPU features at runtime. Written in C89 for maximum portability, it allocates no memory and is suitable for implementing fundamental functions and running in sandboxed environments. The library currently supports x86, ARM/AArch64, and MIPS processors, and we’ll be adding to it as the need arises. We also welcome contributions from others interested in making programs “write once, run fast everywhere.”

By Guillaume Chatelet, Google Compiler Research Team

https://opensource.googleblog.com/2018/02/cpu-features-library.html

https://github.com/google/cpu_features

Standard
Uncategorized

Google wants servers without Intel ME and UEFI

Golem has a story about the recent Google presentation at OSSEU2017:

From Google Translation of German text:

Google wants servers without Intel ME and UEFI
by Sebastian Grüner
According to the motto “Are you afraid?” a team of Google’s coreboot developers is working with colleagues to make Intel’s ME and the proprietary UEFI harmless in servers. And probably with success.[…]

https://schd.ws/hosted_files/osseu17/84/Replace%20UEFI%20with%20Linux.pdf

https://www.golem.de/news/freie-linux-firmware-google-will-server-ohne-intel-me-und-uefi-1710-130840.html

https://osseu17.sched.com/event/ByYt/replace-your-exploit-ridden-firmware-with-linux-ronald-minnich-google

Ronald Minnich auf dem Open Source Summit in Prag

Maybe I missed it, but I didn’t see the video of this presentation archived.

 

Standard