(no title)
samueldr | 3 years ago
With CCD, you are pretty much free to mess around with the "BIOS" of the machine, without fear of being put in a bad situation.
It also provides a serial terminal to the "AP" (application processor), e.g. available to the OS.
In other words, the Cr50 provides a controlled and user-controlled (but not user-owned) sideband channel to debug the system, even on consumer hardware.
Why user-controlled? Because it requires asserting presence to "Open", which with the design of ChromeOS basically requires being the owner of the device. Why not user-owned? For official ChromeOS devices, AFAIK that firmware cannot be replaced by a user with their own builds.
[0]: https://chromium.googlesource.com/chromiumos/platform/ec/+/c...
amstan|3 years ago
octoberfranklin|3 years ago
The Cr50 is as far from user-controlled as you can get. It can MITM your keyboard, reflash your firmware, and obeys only the holder of the private key corresponding to `LOADERKEY_A`:
http://www.loper-os.org/?p=2433
If the Chromebook is Google's take on laptops, then Cr50 is Google's take on the IME.
samueldr|3 years ago
As I clearly stated, what is user-controlled is the sideband channel to debug the system on consumer hardware. The sideband channel under the current implementation of Cr50 is entirely user-controlled. This is a fact, as the end-user of the machine has control over the sideband channel.
I did not state any judgement about the GSC itself and its firmware.
And please don't start spreading FUD around hypotheticals of updates changing that. Yes it is possible. But a lot else and worse is possible under that scenario, so it serves no purpose but to spread FUD. And is still irrelevant to the content of the previous comment.
I am asking you, please do not ever derail what I say with FUD or out-of-context quotes ever again.
Thank you.