Posted:
In the past, we’ve written a good deal about the Chrome sandbox and other security features that we built into the Chrome browser. These features demonstrate the Chrome team’s overall focus on providing usable security even as we continue our rapid development work on the project.

Chromebooks take Chrome and its core values (simplicity, speed and security) and apply them to our own operating system infrastructure. The result is a multi-layered set of defenses which boosts the security of Chromebooks against malicious software that could compromise and linger on the system. While no software is perfect or completely secure, we believe we’re taking an important step forward.

Let’s take a quick look at some of the Chromebook security features that, when paired with good web hygiene, make it easier to browse the web safely. (We’re already handling updates and malware resistance on the Chromebook automatically!)

Baked in, seriously

Our security model is rooted in two pieces of hardware that ship with every Chromebook: a custom firmware chip and a Trusted Platform Module (TPM). The custom firmware chip consists of two parts: a read-only firmware and a read-write firmware that can be updated. When you press the power button, our read-only firmware starts a process we call Verified Boot. It uses an embedded 8192-bit RSA public key to verify the cryptographic signature on the read-write firmware.

After the read-only firmware verifies and runs the read-write firmware, the latter performs a similar verification operation on the operating system kernel before running it. The operating system kernel will then continue the verification process as it loads all of the system software, like Chrome.

The goal of Verified Boot is to provide cryptographic assurances that the system code hasn’t been modified by an attacker on the Chromebook. Additionally, we use lockable, non-volatile memory (NVRAM) in the TPM to ensure that outdated signatures won’t be accepted. To put this into perspective, the system does all this in about 8 seconds.

If you don't want to boot Google-verified software — let's say you built your own version of Chromium OS — no problem. You can flip the developer switch on your device and use the Chromebook however you'd like. It’s yours, after all!

Up-to-date, automatically

Since no software offers perfect security (and we all want new features too), Chromebooks include an automated update system that is modeled on Chrome’s popular auto-updater. The updater checks with the server securely and downloads updates when they become available. It keeps the system updated against emerging threats and allows for new features to be rolled out seamlessly. Since every Chromebook keeps two copies of the operating system, it's easy to update and then switch to the new version without interrupting your normal flow. In addition, it allows for the Chromebook to revert to the known working version if there are any problems during the update.

Signing in, with confidence

Signing in to the Chromebook is as simple as using your Google Account. The first user of a Chromebook can determine who else is allowed to sign in or choose to keep her machine open for anyone to sign in. In addition, every user has a private, encrypted store which means that, if you share your Chromebook, other users won’t be given access to your data. The encrypted store is implemented using the Linux kernel's eCryptfs with keys that are protected by the TPM.

Or don't sign in at all

Chromebooks also offer the ability to browse without signing in. We call this function Guest Mode. When Guest Mode is used, Chrome runs with the usual privacy measures of incognito mode, but none of the browsing data, including downloads, will stick around. When you exit Guest Mode or reboot your Chromebook, the browsing data is deleted.

A helping hand, even when things go wrong

While we're dedicated to pushing the envelope with Chromebook security, we want to also be prepared in case something unexpected happens. That's why the read-only firmware included in every Chromebook also provides a recovery mode. Recovery mode lets you install a fresh, up-to-date version of the operating system from a recovery device plugged into the USB port. That means that if an attacker manages to install malicious software, you can use recovery mode to help remove it and return your Chromebook back to the way it was.

Getting better over time

Experiencing the web securely, on any platform and with any browser, is a combined matter of the underlying infrastructure, browser design, and user action. How is data stored? Who and what can access that data? How does the user participate in these decisions?

With Chromebooks and Chrome, we’ve made advances in the security infrastructure of the operating system and the browser that should allow you to browse the web more comfortably. Beyond what we’ve discussed here so far, we continue to improve features like our Safe Browsing API and our extensions model that help protect users from malicious web content.

As a savvy web user, you’ll still want to think carefully before you enter your username and password into a suspicious website, or before you grant broad data access to an unfamiliar extension. Remember, it never hurts to follow these tips for staying safe on the web.

Security is an ongoing effort, and we aren’t stopping here! Keep your eyes open for more usability and security advances from Chrome and Chromebooks.

Posted:
(Cross-posted on the Official Google Blog)

We all have a song or a personal soundtrack that speaks to us. But it doesn’t always say exactly what we want it to say.

In All is Not Lost — an HTML5 music collaboration between the band OK Go, the dance troupe and choreographers Pilobolus, and Google—you can embed your message in a music video and have the band dance it out. The band and Pilobolus dancers are filmed through a clear floor, making increasingly complex shapes and eventually words—and messages you can write yourself.



All is Not Lost is built in HTML5 with the browser Google Chrome in mind. Different shots are rendered in different browser windows that move, re-size and re-align throughout the piece. With HTML5’s canvas technology, these videos are drawn in perfect timing with the music.



OK Go are well-known for their delightfully creative music videos, including Here It Goes Again, their first work featuring half a dozen treadmills, and This Too Shall Pass, based around an extraordinary Rube Goldberg machine—both of which have become extraordinarily popular on YouTube. We’re excited to collaborate with them on another project that finds its natural home on the web.

This project also has a special significance for the team here at Google Japan, who worked on this collaboration alongside OK Go. In the wake of the devastating Tōhoku earthquake, the band suggested using All is Not Lost as a message of support to the Japanese people during this difficult time.

All is Not Lost is best experienced in Chrome at allisnotlo.st. For web developers curious about how the experience was created, you can read more on the Google Code Blog.