Linked by Thom Holwerda on Fri 28th Jul 2017 19:44 UTC

In the last year while talking to respected security-focused engineers & developers, I've come to fully appreciate Google's Chrome OS design. The architecture benefited from a modern view of threat modeling and real-world attacks. For example, Trusted Platform Module (TPM) hardware chips are built into every Chromebook and deeply incorporated into the OS. The design documents go into some detail on the specific protections that TPM provides, particularly around critical encryption functions.

I also learned that Chromebook is the daily driver for many of Google's own senior developers and security engineers. In short, the combination of the underlying Chromebook hardware with the OS architecture makes for a pretty compelling secure development environment.


It's pretty neat to consider the possibility of pre-travel "power washing" (resetting everything clean to factory settings) on an inexpensive Chromebook and later securely restore over the air once at my destination. Since there is a wide range in Chromebook prices, the engineering challenge here was to find something powerful enough to comfortably use exclusively for several days of coding, writing, and presenting, but also cheap enough that should it get lost/stolen/damaged, I wouldn't lose too much sleep. The threat model here does not include recovery from physical tampering; if the machine were somehow confiscated or otherwise out of my custody, I could treat it as a burner and move on.

Interesting guide on how to turn an inexpensive Chromebook into a burner developer device safe for international travel.

Permalink for comment 647329
To read all comments associated with this story, please click here.
RE[5]: cloud based
by BlueofRainbow on Mon 31st Jul 2017 12:33 UTC in reply to "RE[4]: cloud based"
Member since:


The article is about setting up a chromebook as a secure coding platform within the context of the new air travel security measures requiring electronic devices to be checked-in rather than allowed to be carried on.

The chromebook had to be inexpensive enough so that its owner would not cry if it was destroyed or stolen during luggage handling at the airport. As a side note, an inexpensive chromebook is not as tempting as a shinny ultrabook.

Having a 500 GB spinning hard drive, which could be removed from the chromebook and installed in a cryptography cracking system, would defeat the security requirement.

From another angle, how many of the files stored on a drive are truly active - having been accessed, created, or edited in the last couple weeks? Is-it 1%, 10%, 25%? While the actual percentage will vary according to the habits and requirement of any given user, it is much less than the total capacity of the drive.

One great consumer of drive space is media: music, photos, videos. Having the media on removable storage appears to make sense. This approach would allow replacing a destroyed/lost/stolen chromebook with an inexpensive one and avoid having to re-gathered the media collection from the cloud.

Each user will have a preference about internal drive capacity and flexibility with respect to cloud/memory card/USB drive storage. I don't think we are collectively at the state in which the current operating systems smoothly enables this flexibility.

Reply Parent Score: 2