![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Don't like Secure Boot? Don't buy a Chromebook.
(Edit: It's been suggested that the title of this could give the wrong impression. "Don't like Secure Boot? That's not a reason to buy a Chromebook" may have been better)
People are, unsurprisingly, upset that Microsoft have imposed UEFI Secure Boot on the x86 market. A situation in which one company gets to determine which software will boot on systems by default is obviously open to abuse. What's more surprising is that many of the people who are upset about this are completely fine with encouraging people to buy Chromebooks.
Out of the box, Chromebooks are even more locked down than Windows 8 machines. The Chromebook firmware validates the kernel, and the kernel verifies the filesystem. Want to run a version of Chrome you've built yourself? Denied. Thankfully, Google have provided a way around this - you can (depending on the machine) either flip a physical switch or perform a special keystroke in the firmware to disable the validation. Doing so deletes all your data in the process, in order to avoid the situation where a physically present attacker wants to steal your data or backdoor your system unnoticed, but after that it'll boot any OS you want. The downside is that you've lost the security that you previously had. If a remote attacker manages to replace your kernel with a backdoored one, the firmware will boot it anyway. Want the same level of security as the stock firmware? You can't. There's no way for you to install your own signing keys, and Google won't sign third party binaries. Chromebooks are either secure and running Google's software, or insecure and running your software.
Much like Chromebooks, Windows 8 certified systems are required to permit the user to disable Secure Boot. In contrast to Chromebooks, Windows 8 certified systems are required to permit the user to install their own keys. And, unlike Google, Microsoft will sign alternative operating systems. Windows 8 certified systems provide greater user freedom than Chromebooks.
Some people don't like Secure Boot because they don't trust Microsoft. If you trust Google more, then a Chromebook is a reasonable choice. But some people don't like Secure Boot because they see it as an attack on user freedom, and those people should be willing to criticise Google's stance. Unlike Microsoft, Chromebooks force the user to choose between security and freedom. Nobody should be forced to make that choice.
(Updated to add that some Chromebooks have a software interface for disabling validation)
People are, unsurprisingly, upset that Microsoft have imposed UEFI Secure Boot on the x86 market. A situation in which one company gets to determine which software will boot on systems by default is obviously open to abuse. What's more surprising is that many of the people who are upset about this are completely fine with encouraging people to buy Chromebooks.
Out of the box, Chromebooks are even more locked down than Windows 8 machines. The Chromebook firmware validates the kernel, and the kernel verifies the filesystem. Want to run a version of Chrome you've built yourself? Denied. Thankfully, Google have provided a way around this - you can (depending on the machine) either flip a physical switch or perform a special keystroke in the firmware to disable the validation. Doing so deletes all your data in the process, in order to avoid the situation where a physically present attacker wants to steal your data or backdoor your system unnoticed, but after that it'll boot any OS you want. The downside is that you've lost the security that you previously had. If a remote attacker manages to replace your kernel with a backdoored one, the firmware will boot it anyway. Want the same level of security as the stock firmware? You can't. There's no way for you to install your own signing keys, and Google won't sign third party binaries. Chromebooks are either secure and running Google's software, or insecure and running your software.
Much like Chromebooks, Windows 8 certified systems are required to permit the user to disable Secure Boot. In contrast to Chromebooks, Windows 8 certified systems are required to permit the user to install their own keys. And, unlike Google, Microsoft will sign alternative operating systems. Windows 8 certified systems provide greater user freedom than Chromebooks.
Some people don't like Secure Boot because they don't trust Microsoft. If you trust Google more, then a Chromebook is a reasonable choice. But some people don't like Secure Boot because they see it as an attack on user freedom, and those people should be willing to criticise Google's stance. Unlike Microsoft, Chromebooks force the user to choose between security and freedom. Nobody should be forced to make that choice.
(Updated to add that some Chromebooks have a software interface for disabling validation)
Re: Lot of chromebooks could be secured.
(Anonymous) 2013-02-05 12:02 am (UTC)(link)Unfortunately not, it's more of a suggestion. The switch doesn't actually do anything to prevent writes to the card.
Re: Lot of chromebooks could be secured.
(Anonymous) 2013-02-05 07:45 am (UTC)(link)In fact it is more than a simple suggestion. On good quality SD it disconnects the flash memory write pins. Yes cheaper just do suggestion. This suggestion is picked up by the controller as well that also blocks writing.
I know this from the Raspberry PI. The write protect wire is not connected on the Raspberry PI. So the cards that the write protect is a simple suggestion it will write. I have some SD cards the Raspberry PI cannot write to when the SD switch is set to write protect. Yes some cards have physical lock in card.
So yes a lot of Chromebooks SD can be set read only by the suggestion to controller that a software attack cannot override and will prevent all writes. Because the controller obeys the suggestion.
Final method to secure a SD card against writing is order a batch of custom Read only cards these don't contain flash at all. Something larger groups can do.
There is a reason why I said a Lot not all. There are some hardware varation that require some careful handling like the right brands SD cards with working write protect switches. Other chromebooks a SD card with switch set is enough because controller is picking up the load. Those will not notice if you use a better quality SD with real write switch.
Re: Lot of chromebooks could be secured.
(Anonymous) 2013-02-05 08:03 am (UTC)(link)This is also not a suggestion. The permanent write protect option burns the epproms fuseable link that allows writing clean out. Once done there is no reverse.
The switch is a suggestion or phsycal depending on the card. The CSD register if not set temp but permanent read only is a one way operation that can never be reversed. You need to change the bootloader dump the card start with another card if CSD register has been used since it will never allow changig.
This is the reality the level of brute force required is slightly different between all chromebooks. You prefer to have one with a controler that works or a SD with a working write protect switch. But all else fails blow te fuseable links and this will be write protected in every SD taking device forever more.
This is knowning the hardware. SD card can alway be set read only. SD card cannot always be set read write. Combine that with the fixed boot order of most chromebooks you have have to secure them.
oiaohm
Re: Lot of chromebooks could be secured.
(Anonymous) 2013-02-05 08:27 am (UTC)(link)Re: Lot of chromebooks could be secured.
(Anonymous) 2013-02-06 08:21 am (UTC)(link)Hard wiring the write pin is not the problem. Its the fuseable link in the flash chip or controller chip in most cases that has removed the means to write. Read mode from the controller would zero out the flash. So changing the write bit will not work.
Reality of SD cards particularly the smaller versions the flash and controller have a habit of being one chip.
Sorry write protected SD card done by CSR does require direct physical access to bipass. Even then with a lot of SD cards it will require advanced tools to break open the chip/chips to fix the burnt out fuse-able link on the silcon.
Some of the older SD cards had the fuseable link as a extra little bit between the controller chip and the flash those you could wire the pin around. Those have not been made for the past 3 years.
Read only SD card done correct is read only no simple bypass if you are starting with new current cards.