> I've C100PA and have been searching about this laptop. I assume probably this > uses coreboot, not u-boot. I am not sure yet even such things, though, I > would like to make this laptop as secure as possible. > > The question is: firstly, I want to grasp whether C100PA has binary blob or > not and how many proprietary software C100PA has in the initial state, or > how. About the proprietary software, I am not sure if it is proper to ask > here.
Yes, this is a Chromebook that is shipped with coreboot by the vendor. The codename used in coreboot is veyron_minnie (i.e. the code is in src/mainboard/google/veyron). This board does not use any proprietary firmware or blobs (neither with factory firmware nor if you reflash it with a current version of coreboot). It does however need proprietary kernel drivers if you want to use the GPU. You can find some guides about using upstream Arch Linux on this board which may help here: https://archlinuxarm.org/platforms/armv7/rockchip/asus-chromebook-flip-c100p (I believe the "veyron-libgl" package mentioned there contains the proprietary GPU drivers.) Note that the factory firmware on this laptop is already "as secure as possible". Chromebooks are among the most secure computers you can buy if you use them with the native Chrome OS. However, if you want to install your own GNU/Linux you will need to enable "developer mode", which must disable the built-in security features to allow you to boot your own operating system. Note that this still doesn't make it any less secure than most other GNU/Linux computers -- other than Chrome OS, I'm not aware of any Linux desktop/laptop distribution that has any sort of "secure boot" solution, so they're all equally "insecure". Most people don't worry too much about exploit persistence and so they're okay with that. A Linux distribution installed on a Chromebook in developer mode is still no more or less secure than the same Linux distribution installed on a laptop that originally shipped with Windows. That said, there are actually ways you can set up your own secure boot with a Chromebook in developer mode, but they are complicated and not well documented (see FWMP_DEV_USE_KEY_HASH at https://www.chromium.org/chromium-os/fwmp). Managing a secure boot solution that's actually secure against persistent exploits on your own is very hard, so if you're a beginner I would just not worry about that... as long as you install a well-maintained Linux distribution, apply updates regularly and don't install software from unknown sources, you're still plenty secure without "secure boot". _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
