New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 725626 link

Starred by 3 users
Status: Untriaged
Owner: ----
Cc:
snanda@chromium.org
r...@chromium.org
teravest@chromium.org
vapier@chromium.org
jrbarnette@chromium.org
jorgelo@chromium.org
ihf@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Feature

Blocking:
issue 725678



Sign in to add a comment

Consider adding a way to run in "fake" verified mode

Project Member Reported by derat@chromium.org, May 23 2017 
 Issue 724937  was caused by a bug in a security enhancement that's only performed in verified mode. This made it challenging to track down (we also appeared to be wiping logs when I rebooted via sysrq, for reasons still unclear to me).

Would it be possible to add a way to make crossystem's cros_debug command report that the system is in verified mode even when it isn't, so that developers have some way to exercise verified-mode-only code paths when trying to track down bugs?

Even better, would it be possible to add some degree of automated testing that runs in this mode?

I think that what I want here is a way to exercise these code paths while still retaining the ability to SSH to the device. We'd presumably need to carve out the ability to continue running SSH in this mode.

Is that feasible? Is there a better way to investigate verified-mode-only bugs?

Comment 1 by vapier@chromium.org, May 23 2017 

to back up a bit, what exactly would you want to be available in this scenario ?  i'm guessing things that are "passive" ... so crosh's shell command.  maybe we start there ?

we could add a flag file to the stateful partition that crossystem would check in addition to cros_debug ... if it exists, then it would lie and say cros_debug is disabled.

the write protect knob has a "boot" and "cur" distinction.  we could do the same here:
cros_debug == cros_debug_cur == what everyone tests == looks at existing data source, and additionally checks the stateful partition for a flag file
cros_debug_boot == new knob that only things like crosh would check

Comment 2 by vapier@chromium.org, May 23 2017

Blocking: 725678

Comment 3 by derat@chromium.org, May 23 2017 

I tried to answer that here: :-)

"I think that what I want here is a way to exercise these code paths while still retaining the ability to SSH to the device. We'd presumably need to carve out the ability to continue running SSH in this mode."

I'm not sure that being able to run crosh would've helped in this case, since the hang only occurred when the ui job was stopping (making crosh unavailable).

SSH probably would've helped (I was able to repro the problem while remaining connected over SSH on a dev-mode machine where I'd forced this code to run).

frecon might've helped too, although I'm not sure whether I would've been able to switch to it while in this state.

Comment 4 by vapier@chromium.org, May 23 2017 

so we want:
- sshd (+ ability to login)
- crosh
- frecon (+ ability to login)

those all pass the "passive" test so should be fine.

Sign in to add a comment