crossystem is your swiss army toolbox for interacting with the boot-time features of chrome os.
The specific knob to tweak here is:
crossystem dev-boot-signed-only=1
With crossystem, you can also turn legacy boot (the open "legacy" bios bootloader, accesed by ctrl-l at boottime) off, and usb boot (ctrl-u, used to boot chrome or chromium os usb installs) off.
(of course, you only do that if you have no interest in dual booting. The user has the power to decide - as it should be)
Once you have that, your dev-mode chromebook can ONLY boot the google supplied chrome os kernel, and it will verify the checksum on the kernel partition, just to make sure.
See? Dev-mode AND security. In only 2 commands (including setting the password).
(I've never figured out how such an easy-to-lockdown system gets so many articles posted on it - all warning how insecure it is and "don't do it".)
crossystemis your swiss army toolbox for interacting with the boot-time features of chrome os.The specific knob to tweak here is:
With crossystem, you can also turn legacy boot (the open "legacy" bios bootloader, accesed by ctrl-l at boottime) off, and usb boot (ctrl-u, used to boot chrome or chromium os usb installs) off.
(of course, you only do that if you have no interest in dual booting. The user has the power to decide - as it should be)
Once you have that, your dev-mode chromebook can ONLY boot the google supplied chrome os kernel, and it will verify the checksum on the kernel partition, just to make sure.
See? Dev-mode AND security. In only 2 commands (including setting the password).
(I've never figured out how such an easy-to-lockdown system gets so many articles posted on it - all warning how insecure it is and "don't do it".)
FYI here's how to toggle USB and legacy boot:
chromium.org/chromium-os/developer...
Both should be already disabled by default.