SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
Chromebooks are one of the most secure devices you can give a non-technical end user, and at a price point few can argue with, but that security comes with a privacy trade off: you have to trust Google, which is part of the NSA's Prism programme, with your data in the cloud.
Even those who put their faith in the company's rusty "don't be evil" mantra may find Chromebook functionality limiting—if you want more than Google services, Netflix, some other Web apps, and maybe the Android app store, then you're out of luck.
Geeky users willing to engage in some entry-level hackery, however, can install Linux on their Chromebook and unleash the Power of Torvalds™.
[...] Trying out Crouton is easy, and worth an evening's tinkering. Enter developer mode on your Chromebook, which for most users means holding down the Esc and Refresh keys while tapping the power button. Doing so will erase all local data on your Chromebook (in the unlikely event that you have any locally stored data on a cloud-focused device, granted). Hit Ctrl-D, Enter, and wait five minutes or so for the Chromebook to wipe.
Once in developer mode, your Chromebook will offer a warning message every time you boot-up that the device is now vulnerable. David Schneider, the Crouton maintainer, who works for Google but was unable to get permission to speak to Ars for this article, outlines the security trade offs on the Crouton wiki:
"Dev mode out of the box does several things that compromise security, including disabling verified boot, enabling VT2 [terminal], and activating passwordless root shell access. This means even without Crouton, if you're in dev mode, someone can switch to VT2, log in as root and add a keylogger that runs at startup, then switch back without you knowing. If you're logged in, they can also access the unencrypted contents of your Chrome profile and copy it elsewhere. If an exploit to Chrome is found, verified boot will no longer protect you from persistent compromises. Essentially, dev mode by default is less physically secure than a standard laptop running Linux."
You've been warned. Once in dev mode, enter your Wi-Fi password and accept the EULA, then select "Browse as Guest." Head on over to Schneider's GitHub repo and download Crouton, and follow the instructions.
There are a few more seemingly straightforward steps detailed in the article. Thinking of those in the community who might like to give it a try, who here has already converted a Chromebook to run Linux? Was it worth it? What hardware did you have? What 'gotchas' did you run into?
-- submitted from IRC
(Score: 1, Informative) by Anonymous Coward on Monday June 26 2017, @02:13PM (5 children)
You can fairly easily flash libreboot on some rk3288-based chromebooks (Asus C201 is supported in the last release, more are coming). It requires no special tools but does require opening the case to enable write access to the flash. Might be some folks selling these with libreboot preinstalled if that suits your fancy.
Libreboot uses essentially the same boot software but the warnings are substantially less intrusive and the automatic boot delay is changed from 30 seconds to 3. And it's all free software so you can make it to do something else if you prefer.
These are probably the most free-software-friendly laptops available today, and they're still being manufactured so you can actually buy new ones.
(Score: 2) by Pino P on Monday June 26 2017, @02:22PM (1 child)
In the past, I have had several devices develop problems with their power jacks such that I have to hold the cord in a very specific position to get it to charge. I got one laptop's power jack serviced under warranty. But as I understand it, installing libreboot voids the warranty on the whole thing. If I need to get a Chromebook's power jack serviced after having installed libreboot, how do I go about doing so?
(Score: 2) by VLM on Monday June 26 2017, @03:10PM
If the battery is dead, they'll plug in a charger, notice the jack doesn't work, and give you a new one (or possibly fix it) not noticing the software installed.
Note that enabling dev mode does not void the guarantees, I mean, devs do use it...
If the battery isn't dead yet, when you disable dev mode, in my experience the SSD gets powerwashed which is apparently chrome-user-speak for wiped with zeros and reinstalled with stock chrome OS from scratch. I would estimate it took 15 minutes when I did it? At that point "they" can't tell what you were doing before you powerwashed it.
A security wise user would be foolish not to powerwash before sending a machine in for service, what possible troubleshooting advantage could you provide by giving "them" access to your entire online life? So I suspect they're pretty used to powerwashed chromebooks crossing their desk. And if the trouble ticket is "no charge light when plugged in" I don't think they're gonna poke around the SSD anyway.
The question I have is if you have an install you like, how do you back it up or whatever before disabling dev mode which wipes it? I'm sure the community has some method. Stick a large flash drive in the USB and bit for bit copy the entire SSD maybe. I own a 32G thumb drive somewhere and probably few chromebooks have more than 32 gig SSD. That would be my guess. Or if you have "drive.google.com" I think my chromebook came with a promo for a zillion free gigs of storage.
(Score: 2) by VLM on Monday June 26 2017, @03:15PM (1 child)
From memory this was a BIOS-like switch on my ACER, I certainly didn't open it up when I was messing around with it before I returned it to default.
Hold down a bunch of keys while turning on power. Not a traditional BIOS in the sense of stereotypical desktop but conceptually similar.
Probably worth checking online before buying if you anticipate enabling dev mode (or not). Holding down escape and refresh or WTF while hitting the power is a lot more convenient than getting out the micro screwdriver set.
(Score: 0) by Anonymous Coward on Monday June 26 2017, @04:55PM
I suppose other models could be different but all rk3288 chromebooks have hardware write protection on the flash chips that cannot be bypassed without physically opening the case. On the C201 this takes the form of a screw which must be removed to enable writing to the flash.
(Score: 0) by Anonymous Coward on Monday June 26 2017, @04:44PM
Oh, sweet! I've got a c100 running crouton, and I'm looking forward to getting rid of the scare warnings.