Linked by Thom Holwerda on Mon 4th Feb 2013 22:10 UTC
Google "People are, unsurprisingly, upset that Microsoft have imposed UEFI Secure Boot on the x86 market. A situation in which one company gets to determine which software will boot on systems by default is obviously open to abuse. What's more surprising is that many of the people who are upset about this are completely fine with encouraging people to buy Chromebooks. Out of the box, Chromebooks are even more locked down than Windows 8 machines." Good point.
Permalink for comment 551677
To read all comments associated with this story, please click here.
sonnyrao
Member since:
2011-07-18

The ChromeOS security model relies on having hardware write-protection over the part of the firmware which is used in early boot. If the user disables the write-protection, then it's very possibly to insert your own keys into the firmware image. There is even a script that ships on all ChromeOS systems which will do this for you at /usr/share/vboot/bin/make_dev_firmware.sh

The ChromeOS team's biggest problem here is not documenting this process better for each device. So far though, very few people have even asked how to do it.

The ease of disabling the write protection is also highly variable between different ChromeOS devices. For example on the Samsung ARM Chromebook, it is just a screw which needs to be removed. There's a tension between ease of removing the write-protect and security against "walk-by" attacks.

But the system wasn't intentionally designed to lock out the owner at all, which is what the blog post implies, and that is very unfortunate.

Reply Score: 2