Consider adding a way to run in "fake" verified mode |
||
Issue descriptionIssue 724937 was caused by a bug in a security enhancement that's only performed in verified mode. This made it challenging to track down (we also appeared to be wiping logs when I rebooted via sysrq, for reasons still unclear to me). Would it be possible to add a way to make crossystem's cros_debug command report that the system is in verified mode even when it isn't, so that developers have some way to exercise verified-mode-only code paths when trying to track down bugs? Even better, would it be possible to add some degree of automated testing that runs in this mode? I think that what I want here is a way to exercise these code paths while still retaining the ability to SSH to the device. We'd presumably need to carve out the ability to continue running SSH in this mode. Is that feasible? Is there a better way to investigate verified-mode-only bugs?
,
May 23 2017
,
May 23 2017
I tried to answer that here: :-) "I think that what I want here is a way to exercise these code paths while still retaining the ability to SSH to the device. We'd presumably need to carve out the ability to continue running SSH in this mode." I'm not sure that being able to run crosh would've helped in this case, since the hang only occurred when the ui job was stopping (making crosh unavailable). SSH probably would've helped (I was able to repro the problem while remaining connected over SSH on a dev-mode machine where I'd forced this code to run). frecon might've helped too, although I'm not sure whether I would've been able to switch to it while in this state.
,
May 23 2017
so we want: - sshd (+ ability to login) - crosh - frecon (+ ability to login) those all pass the "passive" test so should be fine. |
||
►
Sign in to add a comment |
||
Comment 1 by vapier@chromium.org
, May 23 2017