Linked by Thom Holwerda on Fri 28th Jul 2017 19:44 UTC
Google

In the last year while talking to respected security-focused engineers & developers, I've come to fully appreciate Google's Chrome OS design. The architecture benefited from a modern view of threat modeling and real-world attacks. For example, Trusted Platform Module (TPM) hardware chips are built into every Chromebook and deeply incorporated into the OS. The design documents go into some detail on the specific protections that TPM provides, particularly around critical encryption functions.

I also learned that Chromebook is the daily driver for many of Google's own senior developers and security engineers. In short, the combination of the underlying Chromebook hardware with the OS architecture makes for a pretty compelling secure development environment.

[...]

It's pretty neat to consider the possibility of pre-travel "power washing" (resetting everything clean to factory settings) on an inexpensive Chromebook and later securely restore over the air once at my destination. Since there is a wide range in Chromebook prices, the engineering challenge here was to find something powerful enough to comfortably use exclusively for several days of coding, writing, and presenting, but also cheap enough that should it get lost/stolen/damaged, I wouldn't lose too much sleep. The threat model here does not include recovery from physical tampering; if the machine were somehow confiscated or otherwise out of my custody, I could treat it as a burner and move on.

Interesting guide on how to turn an inexpensive Chromebook into a burner developer device safe for international travel.

Thread beginning with comment 647329
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: cloud based
by BlueofRainbow on Mon 31st Jul 2017 12:33 UTC in reply to "RE[4]: cloud based"
BlueofRainbow
Member since:
2009-01-06

unclefester:

The article is about setting up a chromebook as a secure coding platform within the context of the new air travel security measures requiring electronic devices to be checked-in rather than allowed to be carried on.

The chromebook had to be inexpensive enough so that its owner would not cry if it was destroyed or stolen during luggage handling at the airport. As a side note, an inexpensive chromebook is not as tempting as a shinny ultrabook.

Having a 500 GB spinning hard drive, which could be removed from the chromebook and installed in a cryptography cracking system, would defeat the security requirement.

From another angle, how many of the files stored on a drive are truly active - having been accessed, created, or edited in the last couple weeks? Is-it 1%, 10%, 25%? While the actual percentage will vary according to the habits and requirement of any given user, it is much less than the total capacity of the drive.

One great consumer of drive space is media: music, photos, videos. Having the media on removable storage appears to make sense. This approach would allow replacing a destroyed/lost/stolen chromebook with an inexpensive one and avoid having to re-gathered the media collection from the cloud.

Each user will have a preference about internal drive capacity and flexibility with respect to cloud/memory card/USB drive storage. I don't think we are collectively at the state in which the current operating systems smoothly enables this flexibility.

Reply Parent Score: 2

RE[6]: cloud based
by Alfman on Mon 31st Jul 2017 15:41 in reply to "RE[5]: cloud based"
Alfman Member since:
2011-01-28

BlueofRainbow,

The article is about setting up a chromebook as a secure coding platform within the context of the new air travel security measures requiring electronic devices to be checked-in rather than allowed to be carried on.


I agree with unclefester that most of the chromebooks have inadequate storage for the OS, apps and media. But you are right too, the author clearly intended the laptop to be disposable and obviously didn't intend to keep much on it. IMHO only a privileged person would ever purchase a laptop only to throw it away though. Most people would probably be better suited with something that could last several years, I would think 100GB would be a good minimum for moderate games, videos and pictures on it. I remember years back when hard disks were in the 20-80GB range and running out of space and having to make decisions about what I wanted to keep. 400GB laptops are normal and 1TB+ upgrades are available. Of course it's all about how much we are willing to pay.

Edited 2017-07-31 15:58 UTC

Reply Parent Score: 2