Today, Google made its first public announcements about Chrome OS, a Linux-derived operating system that it positions as secure and easy to use. I listened in on the Web cast today, and had some initial impressions.
Overall, I am impressed. Google had the luxury to design an OS using a clean sheet of paper, and as a result produced an OS that has some very interesting security properties:
- Trusted boot. The kernel is verified using public keys stored in the firmware.
- OS integrity check. All disk blocks on the root partition are hashed and checked at boot, meaning that malware won't be able to take up residence in the file system.
- No user-installable user applications. Everything is a Web app.
- Application sandboxing. Every process runs in its own memory space. Processes are chrooted. Stack protection, as you might expect.
- OS segregation. The OS enforces separate disk partitions for system (root) and user data.
- User data protection. User data is stored locally on its own partition, and is encrypted.
- Silent and trusted OS updates. No user-serviceable parts inside.
Outside of security, a few things surprised me, but make total sense in retrospect. For example, Google OS will only runs on certain hardware. Solid state disk drives will be required. This means Google does not need to do much hardware abstraction layer (HAL) type engineering. That is how they are getting (or claiming to get) 7 second boot times. Again, this is what you can do when you design from a clean sheet, and when you make conscious choices about what you will not do, such as support every SCSI card, video driver, and crazy hard disk made since the invention of fire.
There are a few things that I am still not totally clear about, such as the apparent ability to restore the OS to a known state using a flash drive.
Other than that, though, there is really not too much, from a security design perspective, that I could improve on. The devil is always in the details. But based on my first impressions, it should be a great netbook OS.