chromium os introduction
TRANSCRIPT
What is Chromium OS?
Chromium OS
Features
● Fast booting (only on Chromebook ;)○ Boot within 5 seconds!○ Customized firmware + bootloader:
■ Firmware(i.e. BIOS): coreboot■ Bootloader: depthcharge
● Simple and Safe:○ Security: browser sandbox + verified boot
● Based on Gentoo● Has keyboard!
Security: Web Apps?
● Chrome extensions:○ Pure HTML5○ With NaCl: Native Client binary
■ Sandboxed environment■ Small performance overhead
● Android Apps?
ARC: App Runtime for Chrome
● Currently only supports for apps (officially):○ Duolingo - A fun and free way to learn a new
language before your next trip○ Evernote - Write, collect and find what matters to
you, with a full-size keyboard and touchscreen○ Sight Words - A delightful way for you to help
improve your child's reading skills○ Vine - Create short, beautiful, looping videos in a
simple and fun way
ARC: App Runtime for Chrome
● Hack: vladikoff/chromeos-apk○ Run other Apps on Windows/Linux/MacOS
Security
● But every piece of software has bugs …○ Browser loopholes?○ Sandbox is penetrated?
● OS modified, data stolen...
Security: Verified Boot
● How can I prevent firmware/filesystem/kernel being modified by malware?
RO firmware
(root key)
RW firmware
Verifies
Kernel Filesystem
Verifies Verifies
Security: Filesystem Verifying
● Linux: dm-verity
Security: Verified Boot
● What if firmware / kernel / filesystem actually got modified?
● Have a duplicate of everything!!
FilesystemA
KernelA
RW firmware
A
RO firmware
KernelB
RW firmware
B
FilesystemB
Boot
Boot
Security: Verified Boot
● With verified boot, filesystem is read-only? What about user data?○ Stateful partition
FilesystemA
KernelA
Stateful partition(stores user data)
FilesystemB
KernelB
FilesystemC
KernelC
Reserved, not used for now
OEM
Encrypted
Security: A copy of everything?
● Benefits:○ AU(Auto update) can be done in another copy.○ If AU failed, we can always fallback to the previous
version.
FilesystemA
KernelA
FilesystemB
KernelB
Currently Booting AU
Becomes default at next boot
Boot failed?
fall back to the previous version
Boot Priority
Physical Security
● What if someone grab your device, can he read the files (browser cache/bookmarks…)?
● Stateful partition is encrypted○ Key stored in TPM
● TPM: Trusted Platform Module:○ Preventing firmware version rollback○ Store user data encryption keys○ Protect certain RSA keys
Hacking Chromium OS
● Crouton: Chromium OS Universal Chroot Environment○ Run Ubuntu(chroot) on Chromebook!
Hacking Chromium OS
● Chrbuntu:○ Booting with ChromeOS kernel + any rootfs○ You still need kernel modules under /lib/modules ;) ○ http://chromeos-cr48.blogspot.fr/○ http://askubuntu.com/questions/356243/true-ubuntu-
on-chromebook-arm-samsung
Hacking Chromium OS
● Chromium OS SDK:○ A Gentoo chroot environment
● Become a chromium OS developer!○ http://www.chromium.org/chromium-os○ http://chromium-review.googlesource.com
Thank you!