O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Chromium OS Introduction

Code & Beer #12
Chromium OS Introduction

  • Seja o primeiro a comentar

Chromium OS Introduction

  1. 1. AZ Huang <aitjcize@gmail.com> Chromium OS
  2. 2. What is Chromium OS? Chromium OS
  3. 3. Features ● Fast booting (only on Chromebook ;) ○ Boot within 5 seconds! ○ Customized firmware + bootloader: ■ Firmware(i.e. BIOS): coreboot ■ Bootloader: depthcharge ● Simple and Safe: ○ Security: browser sandbox + verified boot ● Based on Gentoo ● Has keyboard!
  4. 4. Security: Web Apps? ● Chrome extensions: ○ Pure HTML5 ○ With NaCl: Native Client binary ■ Sandboxed environment ■ Small performance overhead ● Android Apps?
  5. 5. ARC: App Runtime for Chrome ● Currently only supports for apps (officially): ○ Duolingo - A fun and free way to learn a new language before your next trip ○ Evernote - Write, collect and find what matters to you, with a full-size keyboard and touchscreen ○ Sight Words - A delightful way for you to help improve your child's reading skills ○ Vine - Create short, beautiful, looping videos in a simple and fun way
  6. 6. ARC: App Runtime for Chrome ● Hack: vladikoff/chromeos-apk ○ Run other Apps on Windows/Linux/MacOS
  7. 7. Security ● But every piece of software has bugs … ○ Browser loopholes? ○ Sandbox is penetrated? ● OS modified, data stolen...
  8. 8. Security: Verified Boot ● How can I prevent firmware/filesystem/kernel being modified by malware? RO firmware (root key) RW firmware Verifies Kernel Filesystem Verifies Verifies
  9. 9. Security: Filesystem Verifying ● Linux: dm-verity
  10. 10. Security: Verified Boot ● What if firmware / kernel / filesystem actually got modified? ● Have a duplicate of everything!! Filesystem A Kernel A RW firmware A RO firmware Kernel B RW firmware B Filesystem B Boot Boot
  11. 11. Security: Verified Boot ● With verified boot, filesystem is read-only? What about user data? ○ Stateful partition Filesystem A Kernel A Stateful partition (stores user data) Filesystem B Kernel B Filesystem C Kernel C Reserved, not used for now OEM Encrypted
  12. 12. Security: A copy of everything? ● Benefits: ○ AU(Auto update) can be done in another copy. ○ If AU failed, we can always fallback to the previous version. Filesystem A Kernel A Filesystem B Kernel B Currently Booting AU Becomes default at next boot Boot failed? fall back to the previous version
  13. 13. Boot Priority
  14. 14. Physical Security ● What if someone grab your device, can he read the files (browser cache/bookmarks…)? ● Stateful partition is encrypted ○ Key stored in TPM ● TPM: Trusted Platform Module: ○ Preventing firmware version rollback ○ Store user data encryption keys ○ Protect certain RSA keys
  15. 15. Hacking Chromium OS ● Crouton: Chromium OS Universal Chroot Environment ○ Run Ubuntu(chroot) on Chromebook!
  16. 16. Hacking Chromium OS ● Chrbuntu: ○ Booting with ChromeOS kernel + any rootfs ○ You still need kernel modules under /lib/modules ;) ○ http://chromeos-cr48.blogspot.fr/ ○ http://askubuntu.com/questions/356243/true-ubuntu- on-chromebook-arm-samsung
  17. 17. Hacking Chromium OS ● Chromium OS SDK: ○ A Gentoo chroot environment ● Become a chromium OS developer! ○ http://www.chromium.org/chromium-os ○ http://chromium-review.googlesource.com
  18. 18. Thank you!