1. 31
  1.  

  2. 11

    a Chromebook that Samsung had given me to evaluate about six years ago

    Well, on a six year old model you might have the screw/jumper, but on modern devices, just loading an alternative payload (SeaBIOS comes preinstalled) does not require anything other than sitting through the developer mode enablement (proving your presence by pressing the power button occasionally over several minutes), and for full control over firmware, you need to buy or build a debug cable.

    Requiring a physical procedure to unlock security IS NOT OWNER HOSTILE! And it’s not even physical anymore in current (USB-C) models!

    Show me another machine that gives me a flasher and three serial consoles (for the main CPU, the EC and the security chip) over USB-C. What other (non-Apple(?) non-Google non-Purism/System76) Intel laptops actually have is Intel Boot Guard, which for real locks you out of custom firmware by blowing fuses in the CPU.

    It’s no coincidence, for example, that they have tiny hard drives.

    This device is over six years old. My Pixelbook has 512GB of NVMe storage :P

    1. 0

      Requiring a physical procedure to unlock security IS NOT OWNER HOSTILE! And it’s not even physical anymore in current (USB-C) models!

      Requiring someone to disassemble their computer to unlock security is absolutely owner hostile. It allows Google to say ‘it is possible to do this’ while ensuring that only the very most technically minded will actually do it. It should be easy enough that the average person would feel comfortable doing it.

    2. 3

      I went through this last year with an Acer chromebook. The situation has improved ever so slightly, it seems the recent chromebooks (at least the Acer I used) have a ‘security’ screw you have to remove to enable RW for the firmware storage, no need to tape a screwdriver to short out some pins.

      The rest of it still sucks though. I opted to build coreboot myself rather than flash some random binary from the internets.

      1. 4

        The screw is actually old, current models do not require physical access, instead you press the power button occasionally over a few minutes to prove your presence.

        some random binary from the internets

        FYI, MrChromebox is a well known person in the coreboot community :)