Google Chrome OS - fast and secure "by design

Kevin Heeb
Kevin Heeb
-
Published on
27.01.2022
Google Chrome OS - fast and secure "by design

With Chrome OS, Google has completely redeveloped its own client operating system. The three goals of speed, ease of use and security were at the top of the specifications. In the third article of our blog series, you will learn what makes Chrome OS so special and how it achieves these design goals.

The Google Chrome browser is based at its core on the Chromium open-source project, to which Google makes a very large contribution. Likewise, with Chromium OS, a descendant of the Linux distribution Gentoo, another open source project forms the basis for the operating system Google Chrome OS, which supplements Chromium OS with closed source components. With regard to the security of the system, the special feature of Chrome OS is the close interlocking of hardware and software. Details on this are described in the Google white paper "Cloudnative Security for Endpoints". We summarise the most important aspects here.

Illustration of the close interlocking of hardware and software in Chrome OS
In Chrome OS, hardware and software are closely intertwined. Source: Google / Cloudnative security for endpoints

Safer boat thanks to "Titan C

Although many different manufacturers offer Chromebooks, their system architecture is identical under the bonnet. All manufacturers produce their systems strictly according to Google's specification. This means that - unlike Microsoft Windows, for example - there are no manufacturer-specific driver packages that administrators have to install and regularly update. All Chromebooks run the same native firmware, Chrome OS on it and the Chrome browser and other applications in it.

The foundation for security is a security chip called "Titan C", which is also referred to as Cr50 or H1 in some documentation. Titan C verifies the firmware of a Chromebook when it boots by calculating a hash value and comparing it with a hash value signed by Google.

In the next step, the firmware verifies the kernel in the same way, which in turn verifies all further code blocks of the operating system and finally the browser. If the system detects a potential malware attack or any other form of manipulation, it aborts the boot process and starts a backup of the firmware and the operating system.

Special architecture of Chrome OS

The fact that this works is due, among other things, to the partitioning, which is shown graphically in detail in the Chromium OS documentation. Very briefly: The partitions for the kernel and for the root file system are each duplicated. Thus, a Chromebook can always keep two versions of kernel and operating system, one active and one inactive. The active partitions are always mounted read-only during operation. End users have no admin rights and do not need them, because all data processing and storage takes place in user space, not in kernel space. Users therefore only need write access to an encrypted partition where they store the apps they use and their personal data. If there are still signs of compromise during the boot process, the system switches to an intact version of the kernel and operating system from the backup partitions.

Titanium security chip and verified boot
Titanium security chip and verified boot prevent compromise. Source: Google / Cloudnative Security for Endpoints

This architecture also ensures that updates get by without downtime and waiting time from the end user's point of view. As soon as Google releases a new version of Chrome OS, which is currently every four to six weeks as scheduled, the system downloads it in the background and installs it in the inactive partition at that time. At the next reboot, the system automatically swaps the active and inactive partitions for each other and starts with the new version of Chrome OS. This process is repeated during the next operating system update.

Chrome OS uses sandboxing to seal off all apps and websites from each other.
Chrome OS uses sandboxing to seal off all apps and websites from each other. Source: Google / Cloudnative Security for Endpoints

All-round secure operating system

Beyond securing the boot process, security also has a very high priority while working with a Chromebook. Chrome OS consistently uses so-called "sandboxing" here. Each individual app, each instance of the Chrome browser - even each individual tab and each domain within the browser instances - are sealed off in their sandbox from all the others so that they cannot influence each other. In addition, there are the "Safe Browsing" functions and the password safe with integrated check for compromised passwords in the Chrome browser.

So far, Chrome OS can claim that the security concepts work absolutely reliably. In hacker competitions such as the famous "Pwn2Own" or the "Pwnium" competition offered by Google itself and with high prize money, individual security vulnerabilities have been found in the past - and very quickly fixed by Google. However, no participant has yet succeeded in completely taking over Chrome OS.

Through all these measures, end users are fully protected from phishing, social engineering and other attack vectors when working with Chrome OS - and without administrators having to worry about installing and maintaining traditional third-party anti-malware solutions.

We will present which apps and application options are available for Chrome OS in the article "Google Chrome OS - Extensions, Apps and PWAs".

Download now
Google Chrome OS - fast and secure "by design

With Chrome OS, Google has completely redeveloped its own client operating system. The three goals of speed, ease of use and security were at the top of the specifications. In the third article of our blog series, you will learn what makes Chrome OS so special and how it achieves these design goals.

The Google Chrome browser is based at its core on the Chromium open-source project, to which Google makes a very large contribution. Likewise, with Chromium OS, a descendant of the Linux distribution Gentoo, another open source project forms the basis for the operating system Google Chrome OS, which supplements Chromium OS with closed source components. With regard to the security of the system, the special feature of Chrome OS is the close interlocking of hardware and software. Details on this are described in the Google white paper "Cloudnative Security for Endpoints". We summarise the most important aspects here.

Illustration of the close interlocking of hardware and software in Chrome OS
In Chrome OS, hardware and software are closely intertwined. Source: Google / Cloudnative security for endpoints

Safer boat thanks to "Titan C

Although many different manufacturers offer Chromebooks, their system architecture is identical under the bonnet. All manufacturers produce their systems strictly according to Google's specification. This means that - unlike Microsoft Windows, for example - there are no manufacturer-specific driver packages that administrators have to install and regularly update. All Chromebooks run the same native firmware, Chrome OS on it and the Chrome browser and other applications in it.

The foundation for security is a security chip called "Titan C", which is also referred to as Cr50 or H1 in some documentation. Titan C verifies the firmware of a Chromebook when it boots by calculating a hash value and comparing it with a hash value signed by Google.

In the next step, the firmware verifies the kernel in the same way, which in turn verifies all further code blocks of the operating system and finally the browser. If the system detects a potential malware attack or any other form of manipulation, it aborts the boot process and starts a backup of the firmware and the operating system.

Special architecture of Chrome OS

The fact that this works is due, among other things, to the partitioning, which is shown graphically in detail in the Chromium OS documentation. Very briefly: The partitions for the kernel and for the root file system are each duplicated. Thus, a Chromebook can always keep two versions of kernel and operating system, one active and one inactive. The active partitions are always mounted read-only during operation. End users have no admin rights and do not need them, because all data processing and storage takes place in user space, not in kernel space. Users therefore only need write access to an encrypted partition where they store the apps they use and their personal data. If there are still signs of compromise during the boot process, the system switches to an intact version of the kernel and operating system from the backup partitions.

Titanium security chip and verified boot
Titanium security chip and verified boot prevent compromise. Source: Google / Cloudnative Security for Endpoints

This architecture also ensures that updates get by without downtime and waiting time from the end user's point of view. As soon as Google releases a new version of Chrome OS, which is currently every four to six weeks as scheduled, the system downloads it in the background and installs it in the inactive partition at that time. At the next reboot, the system automatically swaps the active and inactive partitions for each other and starts with the new version of Chrome OS. This process is repeated during the next operating system update.

Chrome OS uses sandboxing to seal off all apps and websites from each other.
Chrome OS uses sandboxing to seal off all apps and websites from each other. Source: Google / Cloudnative Security for Endpoints

All-round secure operating system

Beyond securing the boot process, security also has a very high priority while working with a Chromebook. Chrome OS consistently uses so-called "sandboxing" here. Each individual app, each instance of the Chrome browser - even each individual tab and each domain within the browser instances - are sealed off in their sandbox from all the others so that they cannot influence each other. In addition, there are the "Safe Browsing" functions and the password safe with integrated check for compromised passwords in the Chrome browser.

So far, Chrome OS can claim that the security concepts work absolutely reliably. In hacker competitions such as the famous "Pwn2Own" or the "Pwnium" competition offered by Google itself and with high prize money, individual security vulnerabilities have been found in the past - and very quickly fixed by Google. However, no participant has yet succeeded in completely taking over Chrome OS.

Through all these measures, end users are fully protected from phishing, social engineering and other attack vectors when working with Chrome OS - and without administrators having to worry about installing and maintaining traditional third-party anti-malware solutions.

We will present which apps and application options are available for Chrome OS in the article "Google Chrome OS - Extensions, Apps and PWAs".

Download now

Icon arrow