Hello, this is my first post here. I was suggested by an user of some web forum to consult people here about my questions. Then I am here. I am a begginer of GNU/Linux.
I've C100PA and have been searching about this laptop. I assume probably this uses coreboot, not u-boot. I am not sure yet even such things, though, I would like to make this laptop as secure as possible.
The question is: firstly, I want to grasp whether C100PA has binary blob or not and how many proprietary software C100PA has in the initial state, or how. About the proprietary software, I am not sure if it is proper to ask here. So only if you are familiar with it, then if you can spare the time for me, they will help my understanding very much, really. Thank you very much for reading.
I've C100PA and have been searching about this laptop. I assume probably this uses coreboot, not u-boot. I am not sure yet even such things, though, I would like to make this laptop as secure as possible.
The question is: firstly, I want to grasp whether C100PA has binary blob or not and how many proprietary software C100PA has in the initial state, or how. About the proprietary software, I am not sure if it is proper to ask here.
Yes, this is a Chromebook that is shipped with coreboot by the vendor. The codename used in coreboot is veyron_minnie (i.e. the code is in src/mainboard/google/veyron). This board does not use any proprietary firmware or blobs (neither with factory firmware nor if you reflash it with a current version of coreboot). It does however need proprietary kernel drivers if you want to use the GPU. You can find some guides about using upstream Arch Linux on this board which may help here: https://archlinuxarm.org/platforms/armv7/rockchip/asus-chromebook-flip-c100p (I believe the "veyron-libgl" package mentioned there contains the proprietary GPU drivers.)
Note that the factory firmware on this laptop is already "as secure as possible". Chromebooks are among the most secure computers you can buy if you use them with the native Chrome OS. However, if you want to install your own GNU/Linux you will need to enable "developer mode", which must disable the built-in security features to allow you to boot your own operating system. Note that this still doesn't make it any less secure than most other GNU/Linux computers -- other than Chrome OS, I'm not aware of any Linux desktop/laptop distribution that has any sort of "secure boot" solution, so they're all equally "insecure". Most people don't worry too much about exploit persistence and so they're okay with that. A Linux distribution installed on a Chromebook in developer mode is still no more or less secure than the same Linux distribution installed on a laptop that originally shipped with Windows.
That said, there are actually ways you can set up your own secure boot with a Chromebook in developer mode, but they are complicated and not well documented (see FWMP_DEV_USE_KEY_HASH at https://www.chromium.org/chromium-os/fwmp). Managing a secure boot solution that's actually secure against persistent exploits on your own is very hard, so if you're a beginner I would just not worry about that... as long as you install a well-maintained Linux distribution, apply updates regularly and don't install software from unknown sources, you're still plenty secure without "secure boot".
@ Julius Werner
Thank you very much for valuable information. It will save my time very much. And it urged me on.
While I was searching various things, I started to feel that Google might be very serious at least about security, Chrome OS might be quite more secure than starting learning other GNU/Linux distributions because I am a noob. I still have some complicated feelings for Google, though. Because I do not know well yet, but Google has not a decent customer services is a fact. I like the approachs to security, but I cannot like the attitude toward customers.
Anyway I am happy now. I think I would start trying Chromium OS after a while. It would be so much fun. As the starting point of my play on computers, it seems to be proper. I could draw the map. Thank you for other clues on the map, too. I only have glanced at the links. Those were almost completely unable to understand.
If my questions oberflowed much again, please let me ask you hackers here questions again. Somehow I trust your words strongly, maybe because of your writing style. I got to know what I do in front of my lovely laptop so I am excited. Applying update would be my first job. Thank you very much.
Sincerely,
Masaru Suzuqi
-
Julius Werner -
鈴木勝