Linked by Thom Holwerda on Fri 28th Jul 2017 19:44 UTC

In the last year while talking to respected security-focused engineers & developers, I've come to fully appreciate Google's Chrome OS design. The architecture benefited from a modern view of threat modeling and real-world attacks. For example, Trusted Platform Module (TPM) hardware chips are built into every Chromebook and deeply incorporated into the OS. The design documents go into some detail on the specific protections that TPM provides, particularly around critical encryption functions.

I also learned that Chromebook is the daily driver for many of Google's own senior developers and security engineers. In short, the combination of the underlying Chromebook hardware with the OS architecture makes for a pretty compelling secure development environment.


It's pretty neat to consider the possibility of pre-travel "power washing" (resetting everything clean to factory settings) on an inexpensive Chromebook and later securely restore over the air once at my destination. Since there is a wide range in Chromebook prices, the engineering challenge here was to find something powerful enough to comfortably use exclusively for several days of coding, writing, and presenting, but also cheap enough that should it get lost/stolen/damaged, I wouldn't lose too much sleep. The threat model here does not include recovery from physical tampering; if the machine were somehow confiscated or otherwise out of my custody, I could treat it as a burner and move on.

Interesting guide on how to turn an inexpensive Chromebook into a burner developer device safe for international travel.

Permalink for comment 647295
To read all comments associated with this story, please click here.
RE: cloud based
by BlueofRainbow on Sun 30th Jul 2017 02:36 UTC in reply to "cloud based"
Member since:


Maybe Google should send its Chrome OS development team for a code-in sprint in an area of the world with an abyssal broadband speed. This would force the development of an interaction model less dependent on the underlying network.

As I remember the stories from the first years chromebooks were deployed in schools, the major complaint was that the "cloud" traffic was so high that it often brought the school network to its knees. Since then, a hybrid approach allowing/promoting local storage for in-progress documents has been implemented.

It is worth mentioning, as a side bar, that MS Office and Windows it-self are becoming more and more reliant on the underlying network to function properly. Even for the stand-alone version, most of the help information is on-line; no network, no help! I don't know about OS X and how much it relies on the underlying network.

There may be good lessons to be learned about networking in areas with limited network infrastructure from the One Laptop Per Child (OLPC) project.

Reply Parent Score: 2