On Mon, Oct 02, 2017 at 05:02:40PM -0700, Vadim Bendebury wrote:
note that this debug header is going away in new Chrome OS designs. Its functionality is going to be provided by the closed case debugging (aka CCD) facility, where authorized user using a special debug cable can gain access to the AP and EC consoles, reprogram AP and EC firmware, etc.
Will the closed chassis debugging require user authorization of some sort and perhaps only be effective in developer mode? One of the major concerns with the Intel SVT adapter is that it claims to work "where USB3-hosted DCI is unavailable", including cold-boot:
https://designintools.intel.com/product_p/itpxdpsvt.htm
There were talks about it at CCC and HITB:
https://conference.hitb.org/hitbsecconf2017ams/materials/D2T4%20-%20Maxim%20...
Hopefully the Chromebook CCD doesn't turn into an evil-maid toolkit...
Yes, it will require user authorization, there will also be an RMA case with its own authorization scheme.
-v
On Mon, Oct 2, 2017 at 5:16 PM, Trammell Hudson hudson@trmm.net wrote:
On Mon, Oct 02, 2017 at 05:02:40PM -0700, Vadim Bendebury wrote:
note that this debug header is going away in new Chrome OS designs. Its functionality is going to be provided by the closed case debugging (aka CCD) facility, where authorized user using a special debug cable can gain access to the AP and EC consoles, reprogram AP and EC firmware, etc.
Will the closed chassis debugging require user authorization of some sort and perhaps only be effective in developer mode? One of the major concerns with the Intel SVT adapter is that it claims to work "where USB3-hosted DCI is unavailable", including cold-boot:
https://designintools.intel.com/product_p/itpxdpsvt.htm
There were talks about it at CCC and HITB:
https://conference.hitb.org/hitbsecconf2017ams/materials/ D2T4%20-%20Maxim%20Goryachy%20and%20Mark%20Ermalov%20-% 20Intel%20DCI%20Secrets.pdf
Hopefully the Chromebook CCD doesn't turn into an evil-maid toolkit...
-- Trammell
-
Trammell Hudson -
Vadim Bendebury