|
|
Log in / Subscribe / Register

Chromium OS source released

Chromium OS source released

Posted Nov 20, 2009 10:10 UTC (Fri) by xav (guest, #18536)
Parent article: Chromium OS source released

This is frightening:

"Each time the system boots, Chromium OS verifies that the firmware, kernel, and system image have not been tampered with or become corrupt. This process starts in the firmware."

(from http://www.chromium.org/chromium-os/chromiumos-design-doc... in "High-level design").

to post comments

Chromium OS source released

Posted Nov 20, 2009 11:17 UTC (Fri) by sylware (guest, #35259) [Link] (7 responses)

not important *if* we have 100% of the source code which is verified.
If it's 99.99%, then it's evil.

Chromium OS source released

Posted Nov 20, 2009 13:12 UTC (Fri) by xav (guest, #18536) [Link] (6 responses)

What's the use of a 100% verified source code if you can't modify your own machine ?

Chromium OS source released

Posted Nov 20, 2009 13:58 UTC (Fri) by johill (subscriber, #25196) [Link] (1 responses)

On the one hand, sure, it impacts some people's perceived freedom, but do they actually want such a device to start with?

On the other, the vast majority of computer users don't (nor should need to!) care about system adminstration and keeping it virus free etc.

Therefore, at the greater internet eco system level, I can only think of it as a good thing as long as the entity controlling it (i.e. google in this case) keeps it up-to-date and secure. Eventually that'll no longer happen, but if serious vulnerabilities are found then there's your means to fix it yourself.

The way I see it, as long as it's secure => great for everybody (including those who'd rather like to tinker with it because they don't get exploited by exploits running on those machines)

If it starts being insecure => no loss over a current system that requires good adminstration on the user's part to keep secure, which we all know doesn't happen.

If you want to buy something with that on specifically to tinker with, there's something wrong with you :)

Now, I realise that this argumentation isn't exactly sound on a moral level, but the way I see it so far a way to give an end-user a secure system _and_ let them tinker with it as they like hasn't been invented yet.

So is this really so bad?

Chromium OS source released

Posted Nov 20, 2009 21:56 UTC (Fri) by pboddie (guest, #50784) [Link]

So is this really so bad?

Potentially, yes. If every hardware vendor decides that this is what the "consumers" want, which is (as always) a projection of the marketing people's ideas onto the "consumers", you won't be able to buy a device which isn't bundled with and tied to the vendor-supplied software.

It's bad enough having Windows bundled with most computers sold via the usual retail channels. Swapping Windows out for something else and making it extremely difficult for the buyer to install their own software (let alone get a refund on the bundled and tied software) isn't progress.

Chromium OS source released

Posted Nov 20, 2009 15:21 UTC (Fri) by sylware (guest, #35259) [Link]

I do agree with you: none.

The hardware must allow you to verify *your code* or *the modified* software stack *you coded*. In no case that hardware should verify only google software stack.

Chromium OS source released

Posted Nov 21, 2009 3:00 UTC (Sat) by mbligh (subscriber, #7720) [Link] (2 responses)

We've explicitly said that there's a developer mode switch for the bootloader which will allow you to load a customized version.

Chromium OS source released

Posted Nov 21, 2009 8:00 UTC (Sat) by xav (guest, #18536) [Link] (1 responses)

Does it allow to verify the integrity of your code, or does the verification work only when using Google's code ?

Chromium OS source released

Posted Nov 21, 2009 20:55 UTC (Sat) by mbligh (subscriber, #7720) [Link]

Not sure we've really considered doing verification for Chromium OS - I don't see much point on a standard machine. If you can't change the BIOS, you can't verify the bootloader, and the whole verification model is broken.

Even if you were running on the custom hardware with modified BIOS, I can't see how it'd know whose signatures to trust?

Chromium OS source released

Posted Nov 20, 2009 16:36 UTC (Fri) by gnb (subscriber, #5132) [Link] (1 responses)

What you've quoted is a single bullet point. The actual description of
Verified Boot states:

"It is important to note that restraining the boot path to only Chromium-
is run that is not provided for or maintained by upstream, that the user
will have the option to immediately reset the device to a known-good state.
"

Not being able to run third party code _without knowing it_ seems a good
thing.

Chromium OS source released

Posted Nov 20, 2009 17:36 UTC (Fri) by xav (guest, #18536) [Link]

Yes, I read too fast. My bad.

Thanks for correcting me.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds