Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Monday June 26 2017, @11:53AM   Printer-friendly
from the seems-like-a-salad-idea dept.

Arthur T Knackerbracket has found the following story:

Chromebooks are one of the most secure devices you can give a non-technical end user, and at a price point few can argue with, but that security comes with a privacy trade off: you have to trust Google, which is part of the NSA's Prism programme, with your data in the cloud.

Even those who put their faith in the company's rusty "don't be evil" mantra may find Chromebook functionality limiting—if you want more than Google services, Netflix, some other Web apps, and maybe the Android app store, then you're out of luck.

Geeky users willing to engage in some entry-level hackery, however, can install Linux on their Chromebook and unleash the Power of Torvalds™.

[...] Trying out Crouton is easy, and worth an evening's tinkering. Enter developer mode on your Chromebook, which for most users means holding down the Esc and Refresh keys while tapping the power button. Doing so will erase all local data on your Chromebook (in the unlikely event that you have any locally stored data on a cloud-focused device, granted). Hit Ctrl-D, Enter, and wait five minutes or so for the Chromebook to wipe.

Once in developer mode, your Chromebook will offer a warning message every time you boot-up that the device is now vulnerable. David Schneider, the Crouton maintainer, who works for Google but was unable to get permission to speak to Ars for this article, outlines the security trade offs on the Crouton wiki:

"Dev mode out of the box does several things that compromise security, including disabling verified boot, enabling VT2 [terminal], and activating passwordless root shell access. This means even without Crouton, if you're in dev mode, someone can switch to VT2, log in as root and add a keylogger that runs at startup, then switch back without you knowing. If you're logged in, they can also access the unencrypted contents of your Chrome profile and copy it elsewhere. If an exploit to Chrome is found, verified boot will no longer protect you from persistent compromises. Essentially, dev mode by default is less physically secure than a standard laptop running Linux."

You've been warned. Once in dev mode, enter your Wi-Fi password and accept the EULA, then select "Browse as Guest." Head on over to Schneider's GitHub repo and download Crouton, and follow the instructions.

There are a few more seemingly straightforward steps detailed in the article. Thinking of those in the community who might like to give it a try, who here has already converted a Chromebook to run Linux? Was it worth it? What hardware did you have? What 'gotchas' did you run into?

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by VLM on Monday June 26 2017, @03:10PM

    by VLM (445) Subscriber Badge on Monday June 26 2017, @03:10PM (#531345)

    I need to get a Chromebook's power jack serviced after having installed libreboot, how do I go about doing so?

    If the battery is dead, they'll plug in a charger, notice the jack doesn't work, and give you a new one (or possibly fix it) not noticing the software installed.

    Note that enabling dev mode does not void the guarantees, I mean, devs do use it...

    If the battery isn't dead yet, when you disable dev mode, in my experience the SSD gets powerwashed which is apparently chrome-user-speak for wiped with zeros and reinstalled with stock chrome OS from scratch. I would estimate it took 15 minutes when I did it? At that point "they" can't tell what you were doing before you powerwashed it.

    A security wise user would be foolish not to powerwash before sending a machine in for service, what possible troubleshooting advantage could you provide by giving "them" access to your entire online life? So I suspect they're pretty used to powerwashed chromebooks crossing their desk. And if the trouble ticket is "no charge light when plugged in" I don't think they're gonna poke around the SSD anyway.

    The question I have is if you have an install you like, how do you back it up or whatever before disabling dev mode which wipes it? I'm sure the community has some method. Stick a large flash drive in the USB and bit for bit copy the entire SSD maybe. I own a 32G thumb drive somewhere and probably few chromebooks have more than 32 gig SSD. That would be my guess. Or if you have "drive.google.com" I think my chromebook came with a promo for a zillion free gigs of storage.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2