diff options
| author | Bill Richardson <wfrichar@chromium.org> | 2011-11-09 09:11:34 -0800 |
|---|---|---|
| committer | Bill Richardson <wfrichar@chromium.org> | 2011-11-10 14:03:56 -0800 |
| commit | fa9d7782e837848a1aeb0e95295fa48ac23f7a26 (patch) | |
| tree | 567ca898cae73ba4c5c879d1e7f57882b398bb08 /host/lib/crossystem.c | |
| parent | 9b717be86ba6155a7542bf1649dd3ab2dbc2dc3b (diff) | |
| download | vboot-fa9d7782e837848a1aeb0e95295fa48ac23f7a26.tar.gz | |
Dev-mode only boots official kernels by default
Although we're now using a single unified BIOS, it is pretty nice to be able
to get a shell in developer mode while still using verified boot for the
kernel and filesystem. Alex & ZGB implemented this by requiring the dev-mode
user to install a special dev-mode BIOS. We don't do that, but we DO require
setting a special flag with "crossystem" to accomplish the same thing.
In order to allow booting a self-signed kernel, you must boot in developer
mode, open a shell, and run this:
crossystem dev_boot_custom=1
Special note to internal developers: If you're in the habit (as I am) of
booting directly from a USB stick in dev-mode, you'll have to run this:
crossystem dev_boot_custom=1 dev_boot_usb=1
Just using dev_boot_usb=1 is no longer enough, because the USB kernel is
signed using the recovery key and by pressing Ctrl-U, we validate it with
the kernel data key. That worked before this change because any self-signed
kernel was fine, and that's how the USB key was treated. Now it actually
requires a verified signature until you enable dev_boot_custom=1 also.
BUG=chrome-os-partner:5954
TEST=manual
Boot once in normal mode, which clears the special flags. Then switch to
developer mode. You should be able to boot and get a root shell.
Run
crossystem dev_boot_usb=1
Obtain a USB recovery image that's keyed differently. For example, if you're
testing with dev-keys, use a PVT-signed image or vice-versa.
Reboot into dev-mode with the USB recovery stick inserted. At the dev-mode
screen, press Ctrl-U. You should hear a single beep, but it should not boot.
Press Ctrl-D to boot from the hard drive, log in to a shell and run
crossystem dev_boot_custom=1
Repeat the previous test. This time when you press Ctrl-U, it should boot
the recovery image. Turn the system off before it does anything.
That's it.
Change-Id: I1811ee9a188974b3f94c83c52b00b60028b86c69
Reviewed-on: https://gerrit.chromium.org/gerrit/11442
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'host/lib/crossystem.c')
| -rw-r--r-- | host/lib/crossystem.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c index ef3c6d1c..5bd4c62b 100644 --- a/host/lib/crossystem.c +++ b/host/lib/crossystem.c @@ -390,6 +390,8 @@ int VbGetSystemPropertyInt(const char* name) { value = VbGetNvStorage(VBNV_LOCALIZATION_INDEX); } else if (!strcasecmp(name,"dev_boot_usb")) { value = VbGetNvStorage(VBNV_DEV_BOOT_USB); + } else if (!strcasecmp(name,"dev_boot_custom")) { + value = VbGetNvStorage(VBNV_DEV_BOOT_CUSTOM); } /* Other parameters */ else if (!strcasecmp(name,"cros_debug")) { @@ -469,6 +471,8 @@ int VbSetSystemPropertyInt(const char* name, int value) { return VbSetNvStorage(VBNV_LOCALIZATION_INDEX, value); } else if (!strcasecmp(name,"dev_boot_usb")) { return VbSetNvStorage(VBNV_DEV_BOOT_USB, value); + } else if (!strcasecmp(name,"dev_boot_custom")) { + return VbSetNvStorage(VBNV_DEV_BOOT_CUSTOM, value); } return -1; |