I’m really curious to know which is more reasonable, using custom firmware for Chromebook, or using a Windows PC with UEFI? Especially in comparison to default Chromebook ChromeOS with verified boot?
Also acknowledging that installing alternative OS, or something like ChromiumOS would need to disable developer mode. To make it similar like default ChromeOS. I’m not sure if ChromiumOS forks keep verified boot the same.
It seems like going the Chromebook route is more likely to get better support too, like getting the right Linux kernel modules for it. Some Windows PCs don’t have a Linux equivalent kernel module to their windows driver.
Also Chromebooks do have a long AUE support time, but when flashing custom UEFI firmware maybe this security is not the same anymore?
With the Windows PC route, you can sort of use custom keys on the firmware at least. But, with UEFI flashed on Coreboot on a Chromebook, doesn’t seem like an actual way to put a custom key to load bootloaders.
Also the obvious, Chromebooks have a security chip called “Titan C” or “Discrete H1” or just TPM, like modern Windows PCs have. But I don’t know if ChromiumOS forks fully utilize this secure enclave/TPM?
This makes me wonder why Android devices have somewhat better developer support with Custom ROM’s, but Chromebook isn’t at that same level I guess
Without a firmware signing to ensure boot, or not let people have easy access like VT2 terminal, thus getting root access, I want to prevent these things because it makes it easier for people to acquire data on my device without my permission, and they can tamper the system files without system detecting it (if it doesn’t have verified boot), it makes me uneasy.
At the same time, I really do want to customize ChromiumOS, there are some things I do not like with basic stock ChromeOS.