[liberationtech] Chromebooks for Risky Situations?

[micah anderson]

T N <trrevv at gmail.com> writes:

> The word "Linux" doesn't refer to anything, other than maybe the kernel.
>
> Chrome OS is linux.  But it's a massively stripped down "distribution" that
> has a radical design, including the fact that it will ONLY run if all of
> the cryptographic checks are verified from the root of trust.  That root of
> trust is Google's massively large PKI public key that is burned into the
> firmware.
>
> For a journalist in the field, that's a great reassurance.  Take your
> Chromebook to China.  The Chinese government can not alter what you are
> running without either (a) modifying your hardware, which means they take
> possession of it for a period of time and manage to do something that is
> tricky to do (i.e. circumstances under which you'd no longer trust your
> computer anyways) or (b) you will know they tried to hack it and your
> Chromebook will refuse to boot, and will instead wipe away the hacks and
> update itself and won't boot unless the update is a legitimate one signed
> by Google.
>
> Yes, you can't compare Chrome OS's attack surface to a typical linux
> distribution, or even a highly customized linux install which doesn't have
> the hardware root of trust.

...but you can compare it to a Windows tablet, which doesn't let you
modify the boot sector either, but I wouldn't want to be caught
recommending Windows anymore than I would want to recommend Google.