NayuOS - all you need to know...
Post by: hatt
NayuOS is a Free and Open Source operating system, designed for developers. It is an ongoing project at Nexedi: and their main focus is on Chromebooks for daily development work and wanted to have more customizable, secure and privacy-compliant devices - not running any proprietary software, because we love Free Software. A few experiments later NayuOS - our free alternative to Chrome OS - was born. NayuOS is currently on a good enough way to meeting most of our needs, so we decided to spread the word and share what we have done so far.
Chromebooks are relatively cheap specific machines sold by latop manufacturers in collaboration with Google. They run a specific OS called Chrome OS. In non-developer mode the OS provides a Chrome Browser and that's pretty much it! Developer mode is not bloated either. There is a shell with some useful software (python2, ssh, tcpdump, ...) preinstalled.
Digging deeper, the cryptographic security mechanism is interesting: while booting, every step verifies the cryptographic signature of the next step with the first one consisting of Google Chrome OS's public key stored in the read-only part of the firmware and being used to verify the OS for non-developer images. This is why you see a scary screen when booting a non-Google image or when switching into developer mode.
Some other security mechanisms are also specific to this OS: the root partition is mounted read-only, there are sandboxes for isolating processes, ... all in order to mitigate attacks on the system or at least make them more difficult.
On Chrome OS, users' data is stored at Google, so the configuration of the browser and all data will be synchronized when switching from one machine to another. For us this meant a big privacy issue, so we decided to use only guest mode (users are not logged in and there is no synchronization).
Still, this left us the issue of Chrome OS not being Free Software and closed-source. Since we were planning to tinker quite a bit with the OS, we therefore switched to using Chromium OS giving us the necessary freedom to tweak the OS to our needs.