chromium os introduction
TRANSCRIPT
Features
● Fast booting (only on Chromebook ;)○ Boot within 5 seconds!○ Customized firmware + bootloader:
■ Firmware(i.e. BIOS): coreboot■ Bootloader: depthcharge
● Simple and Safe:○ Security: browser sandbox + verified boot
● Based on Gentoo● Has keyboard!
Security: Web Apps?
● Chrome extensions:○ Pure HTML5○ With NaCl: Native Client binary
■ Sandboxed environment■ Small performance overhead
● Android Apps?
ARC: App Runtime for Chrome
● Currently only supports for apps (officially):○ Duolingo - A fun and free way to learn a new
language before your next trip○ Evernote - Write, collect and find what matters to
you, with a full-size keyboard and touchscreen○ Sight Words - A delightful way for you to help
improve your child's reading skills○ Vine - Create short, beautiful, looping videos in a
simple and fun way
ARC: App Runtime for Chrome
● Hack: vladikoff/chromeos-apk○ Run other Apps on Windows/Linux/MacOS
Security
● But every piece of software has bugs …○ Browser loopholes?○ Sandbox is penetrated?
● OS modified, data stolen...
Security: Verified Boot
● How can I prevent firmware/filesystem/kernel being modified by malware?
RO firmware
(root key)
RW firmware
Verifies
Kernel Filesystem
Verifies Verifies
Security: Verified Boot
● What if firmware / kernel / filesystem actually got modified?
● Have a duplicate of everything!!
FilesystemA
KernelA
RW firmware
A
RO firmware
KernelB
RW firmware
B
FilesystemB
Boot
Boot
Security: Verified Boot
● With verified boot, filesystem is read-only? What about user data?○ Stateful partition
FilesystemA
KernelA
Stateful partition(stores user data)
FilesystemB
KernelB
FilesystemC
KernelC
Reserved, not used for now
OEM
Encrypted
Security: A copy of everything?
● Benefits:○ AU(Auto update) can be done in another copy.○ If AU failed, we can always fallback to the previous
version.
FilesystemA
KernelA
FilesystemB
KernelB
Currently Booting AU
Becomes default at next boot
Boot failed?
fall back to the previous version
Physical Security
● What if someone grab your device, can he read the files (browser cache/bookmarks…)?
● Stateful partition is encrypted○ Key stored in TPM
● TPM: Trusted Platform Module:○ Preventing firmware version rollback○ Store user data encryption keys○ Protect certain RSA keys
Hacking Chromium OS
● Crouton: Chromium OS Universal Chroot Environment○ Run Ubuntu(chroot) on Chromebook!
Hacking Chromium OS
● Chrbuntu:○ Booting with ChromeOS kernel + any rootfs○ You still need kernel modules under /lib/modules ;) ○ http://chromeos-cr48.blogspot.fr/○ http://askubuntu.com/questions/356243/true-ubuntu-
on-chromebook-arm-samsung
Hacking Chromium OS
● Chromium OS SDK:○ A Gentoo chroot environment
● Become a chromium OS developer!○ http://www.chromium.org/chromium-os○ http://chromium-review.googlesource.com