Hacker News new | past | comments | ask | show | jobs | submit login

Tangential but the fact that I had to open up the machine and remove a screw to completely replace ChromeOS with linux bothers the fuck out of me.



That's how secure boot should work. Replacing the root of trust should require serious physical access that can be tamper-evident. And yeah, out of the box, the trust is with the vendor — who else would be trusted in a device that doesn't have an owner yet?


I never thought of that. And it makes a lot more sense in that context.


Well, you can see how they are locking it down with containers sandboxing from an IO talk, by making use of gVisor and a Rust based containers.

"Linux for Chromebooks: Secure Development"

https://www.youtube.com/watch?v=pRlh8LX4kQI


My Chromebook just made me enable developer mode.


Developer mode lets you boot another OS, but leaves you open to accidentally wiping your drive if you hit the wrong button on boot. Replacing the firmware is a good idea, you do need to remove the write protect screw, but that really makes sense for some note of physical security.


Multiple wrong buttons in a specific sequence, at least on my Chromebook.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: