One thing I never quite understood is why is it so hard to install a regular GNU/Linux distro on a chromebook. Why is it not possible to just put a liveUSB in the USB port and install it like you would on any personal computer?
Chromebooks use Coreboot firmware with a specialized payload called Depthcharge. This bootloader is customized for ChromiumOS and doesn't boot Linux/Windows.
To install Linux/Windows on a Chromebook, you have to flash this firmware, usually replacing it with Coreboot with the Tianocore payload, which is a bootloader capable of booting other OS's. (MrChromeBox supplies this custom firmware for lots of devices)
Yea I feel like this article is pretty misleading. It would be better if Google officially supported removing the entire ChromeOS and doing a full install of any Linux distro you want. This isn't really running Linux on your Chromebook. It's running a chroot of another distro under their Linux kernel/GUI layer. It's pretty different.
It's not even a chroot. That's how crouton works.
Crostini, the google provided solution, actually runs all the "containers" under a KVM virtual machine. So it's even more abstracted.
Like others have said, once you install the Mr Chromebox stuff, you can technically run any flavor of linux you like.
The major issue you'll run into is support for wifi, the proper keyboard layout and audio. The GalliumOS team has built a custom kernel for a range of Chromebooks, though. I believe a lot of their work will be merged with the main kernel in the future, but its not there yet.
I run Gallium3-Beta (Xubuntu 18.04) on an old Toshiba Chromebook 2, and it runs like a dream (considering the hardware) with around 8 - 10 hours on the battery.
Something in the specialized firmware/BIOS prevents it, I think?
The only Chromebook I ever did this with was the original Chromebook Pixel, and flashing a regular BIOS onto it to let me treat it like any other computer required specifically opening the laptop up to remove the Write-Protect screw on the motherboard.
Yes - for security reasons. Chrome OS has a full verified boot chain, starting from the BIOS, like a smartphone.
You cannot tamper with Chrome OS or access user data without password even with physical access to the device.
None of this works with a 3rd party OS, so you have to disable the secured boot and possible re-flash a different BIOS (similar to unprotecting the bootloader on a phone).
And like most "security reasons" they just take away control from the user and give it to whoever implements that security.
Security against whom, i wonder. The narrative says, against malicious actors, but way more often than not, it ends up being security against the computer's owner.
>Chrome OS has a full verified boot chain, starting from the BIOS, like a smartphone. You cannot tamper with Chrome OS or access user data without password even with physical access to the device. [emphasis added]
Ooooh interesting, I'd love to read more about this.
Does this logic apply to iOS as well? (Can't evil maid an iPhone due to verified BIOS?) What about macOS?
CoreBoot, BIOS, and UEFI are alternatives to each other. While you might have firmware that has various compatibility modes, my understanding is that CoreBoot does not provide a BIOS interface at all, and you need the SeaBIOS payload if you want BIOS from CoreBoot.
Security. By default, Chromebooks use a trusted boot path. The boot sequence starts in ROM and the firmware image is verified during boot. Booting unsigned firmware is possible but slightly inconvenient by design, to ensure that no user would do this accidentally or as a result of malicious actions.
I don't see why this is specific to Chromebooks. On x86_64/UEFI, I can sign my Grub EFI loader, load my keys into secure book (delete the stock/microsoft ones), re-enable secure boot, password it and now I have a reasonable expectation that I am booting the OS I think I am.
It'd be nice if Google opened up their actual bootloader so you could do the same with Chromebooks without needing 3rd party tools.
Two main reasons. Chromebooks ship seabios as a legacy payload, but they do not explicitly test or support it for any particular use case. Second, chromeos kernel deviates from mainline and it takes a lot of time for the changes to make their way to the mainline kernel.
