Verified boot provides a means of11.8: news.cyb/chrome/doing well while ms declines:
getting cryptographic assurances
that the Linux kernel, non-volatile system memory,
and the partition table are untampered with
when the system starts up.
This approach is not "trusted boot"
as it does not depend on a TPM device
or other specialized processor features.
Instead, a chain of trust is created
using custom read-only firmware
that performs integrity checking on
a writable firmware.
The verified code in the writable firmware
then verifies the next component in the boot path, and so on.
. chromebooks grow while microsoft shrivels?
. promising better security makes a diff .
12.25: best-seller on amazon:
. the best selling laptop on amazon.com [2013.1]
was the Samsung ARM-powered, Linux-based Chromebook.
7.28: news.cyb/chrome/sec
/some vulnerabilities found but many avoided:
application-sandboxes-a-pen-testers-perspective .
see also pdf .
. Chrome OS kernel exploits are not easy,
but are of medium difficulty to pull off;
OS user mode exploits are very difficult,
and every other penetration test was
not even applicable to Chrome OS
-- these included off the shelf exploits,
and various sandbox leakages:
keylogging, remote webcam/mic access,
clipboard hijack, screen scraping,
file stealing, network shares access .
