Shared publicly  - 
 
Chromebooks provide less end-user freedom than Windows 8 certified systems. If that's why you're worried about Secure Boot, don't buy a Chromebook.
23
14
Adam Conrad's profile photoSwapnil Bhartiya's profile photoAaron Plattner's profile photoRick Troth's profile photo
35 comments
 
Interesting point on reaction when substituting Microsoft for Google in terms of public opinion.
 
Though they do allow you to install distribution of your choice on them. If I remember correctly Chromebooks have a switch, somewhere below the batter, that allows you to unlock the bootloader.

But, to be honest, I'd buy one for my parents. They only use browser anyway, and having Linux below that browser makes my life easier.
 
I use Google, but I don't trust them. (To the tune of "I'm paranoid, but am I paranoid enough ?")
 
+Mladen Mijatov They allow you to install a distribution of your choice as long as you disable their verified boot, but so does all Windows 8 hardware.
 
This is only really valid in the x86 world. Unless Microsoft changed their tune when I wasn't looking, ARM-based windows machines are required to be locked down.
 
Windows RT, Windows 8, the average consumer doesn't make the distinction.
 
(I guess the reason for my knee jerk is that "Chromebook" also covers the ARM product which is also locked, and can be trivially unlocked, but is worlds ahead of any Windows RT device as far as user freedom)
 
+Adam Conrad True, but the people making the pro-Chromebook argument normally seem to be comparing to x86
 
As long as Google is extremely pro-user by them-self documenting how to unlock the device it will remain in my good books contrary to MS Windows 8 devices where was intended to be totally locked down and they changed it only after protest (ARM is still locked). So pro-Chromebook arguments do make sense as compared to pro-Windows hardware. Also, when I buy Windows 8 hardware I fund the very company I am fighting against. So, I would rather throw my money on a company which fights for users.

http://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices/samsung-arm-chromebook
 
In practice, I'd still get the Chromebook to boot my own kernel, while for locked down x86 systems, they theoretically give me more freedom but may not boot what I want, or might get bricked in the process despite having nice stickers on them.
 
So, +Matthew Garrett, essentially you're saying that the ChromeBook offers the same level as (or even better) protection than UEFI with the pre-installed OS, but that if you decide to install your own OS (which you are completely free to do) it'll act exactly like every other (non-UEFI) PC until, oh, 12 minutes ago when the first UEFI PCs started shipping.

The horror, the horror. This sounds like a bit of sensationalism, tbh.

If they haven't responded and made the equivalent of UEFI signing available for other OSes within the next few years, then this would be worth writing about.
 
Oh, BTW, Chromebooks are the devices pushing for Coreboot unlike M$'s Windows 8 certified machines, so it makes more sense to buy a Chromebook and pay Windows tax.
 
I'd say there's more than one end-user freedom dimension to look at. While I haven't tried either, the Chromebook process (flipping a switch) seems easier than the Windows 8 process (dealing with what's probably a manufacturer-specific Secure Boot implementation). Since the underlying control over the hardware users get is similar, I'd say the relative ease of the Chromebook process is a factor in the Chromebook's favor.
 
+Ravi Nanavati Not only that Google itself has documented how to 'unlock'/enable the developer mode on their official site. It's next to impossible to find such info on Microsoft (really!!!) or OEM's sites. So, that's another plus for Google. I would rather see more non Windows hardware in the market. Also buying a chromebook over Windows 8 hardware sends a message to the vendors that users can't be abused anymore. This demand for Chromebook will tell them where to go.
 
The Chromebooks I was working on for a while had a firmware write enable switch on the motherboard, intentionally buried behind a bunch of screws.  The firmware was just u-boot and rebuilding it with your own keys looked pretty straightforward, though I never bothered with it.  So not exactly user-friendly, but definitely possible.  Do more recent Chromebooks not have the same functionality?
 
+Aaron Plattner Once you're there, you're also pretty much saying that Windows RT devices allow arbitrary key enrolment.
 
+Swapnil Bhartiya If you're fine with the vendor being able to do things with your computer that you can't do without taking the entire thing apart first, feel absolutely free to buy a Chromebook.
 
+Matthew Garrett Did you contact Google to let users use their secure boot method? What was their response? Don't new machines offer virtual mechanism to disable secure boot? I have cr-48 and C550 and both have hardware switch. I am planning to get ARM one which has virtual switch and will put openSUSE on it. My wife is a full time ChromeOS user.

I am actually impressed with the amount of documentation Google has done to help users in disabling it.
 
+Swapnil Bhartiya You can always disable it. But you can always disable it on PCs, too. The point isn't merely to have the ability to run whatever you want, the point is to have the same set of powers that the system vendor does - including the ability to dicate what your machine won't run.
 
+Matthew Garrett Wasn't Microsoft originally planning to lock x86 as well just like ARM refusing users to have any option at all?

BTW, what was Google's response to your query about allowing users to use the secure boot on their system?
 
+Swapnil Bhartiya They were. They changed their mind. Google currently offer no mechanism for getting alternative operating systems signed.
 
+Matthew Garrett I agree with you on allowing users to do what they want with their hardware. Microsoft did not do that out of charity, the pressure was built. So, outside your blog post is there any communication going out with Google? i think the headline and call for not buying Chromebook was a bit too much. I must repeat I agree with your point, but the question remains if there was any dialogue with Google prior to this blog post. In any case I would not pay Microsoft tax and buy Windows 8 hardware. I would rather buy Chromebooks so if a dialogue is going on between you and Google I would love to see what's their response.
 
There are several good reasons to buy Chromebooks. Anger at Secure Boot isn't one of them. Google would clearly like to improve the situation, but so far it hasn't been a priority for them.
Add a comment...