Linux on a Chromebook

 

This webpage starts with an overview of various things learned from a first look at a Chromebook, then delves more deeply into running Linux on a Chromebook.

 

Operating environment

Chromebooks run an operating system called ChromeOS - which is a cut down version of Linux designed by Google.

ChromeOS provides a much reduced set of facilities compared to Microsoft Windows, macOS, or many of the Linux distributions.

Chromebooks are designed to be used as a gateway to the cloud rather than as a stand alone machine.

Chromebooks and ChromeOS have always had a high emphasis on security, and this continues on - but there is a significant interaction with Google servers.

 

Keyboard

Chromebooks don`t have normal keyboards, they have keyboards unique to Chromebooks.

The normal function keys are used for other purposes.

On the Chromebook I am using the four arrow keys are half-sized keys, and there is an ergonomic mismatch between key size and finger size, so they are quite hard to use. Whether this is relevant to all Chromebooks or just the one I am using - an Asus - I don`t know.

Looking at various photos of keyboards on Chromebooks on Amazon, all of the Chromebooks I looked at - by Acer, HP, Lenovo, Samsung and Asus - have the same half-sized arrow keys - so it looks like they are a Chromebook feature.

 

Data usage

The Chromebook has evolved quite a lot since its first appearance - but the thing that hasn`t changed is that a standard Chromebook isn`t a self contained computer, it is a gateway to the cloud - as such it needs an internet connection to function properly, and it exchanges huge amounts of data with Google servers.

If you are on a metered or data limited internet connection then watch out, because your data usage is going to massively increase.

Just for starters, it tries to automatically do a ChromeOS update every six weeks - at 1.5 - 2 GB`s each time.

Many of the apps "installed" as standard aren`t installed on the Chromebook, they are gateways to the cloud - so every time you use one that is more data to and from the cloud.

By default the Chromebook is constantly trying to send all your data and your settings up to Google servers - so that is more data to and from the cloud - although you do have some control over this via the settings menu.

 

System backups

Microsoft Windows and many distributions of Linux provide some quite good utilities to enable a user to create a system backup of the computer, which can used for system recovery in the event of a major system failure.

Chromebooks don`t provide this facility.

What Google has provided instead is an extension to the Chrome browser called Chromebook Recovery Utility which can be added to a Chrome browser.

This utility does not create an image of the Chromebook - what it does is to require you to identify your specific make and model of Chromebook, then it downloads an image from a Google server which is the correct image for that Chromebook, and which can be saved onto a USB memory stick.

The Chromebook is then booted up in a particular way into a recovery mode that loads that image onto the Chromebook, and in theory the Chromebook is now like new out of the box.

Worth noting that the extension to the Chrome browser can be on any computer that has a Chrome browser on it, it doesn`t have to be on a Chromebook. Windows and Linux both good.

But whatever type of computer is used, it does of course mean that you have used another few GB`s of data during the download.

And then you will have to do an update to bring it back up to current status - so there goes another 1.5 - 2 GB of data.

 

Terminals

In its standard form, there are two types of terminal available on a Chromebook.

There is a Terminal app - but it doesn`t actually produce an active Terminal or shell screen - it provides two links - one is to the management of Linux, the other is related to SSH.

An actual active terminal screen is obtained by pressing Ctrl + Alt + t - this is known as the Crosh shell - which advises that it is the Chrome OS developer shell.

Crosh has roughly 40 commands - using the "help" command provides more information.

Crosh is nothing like a Bash shell - it is a Google created shell.

Using the "help_advanced" command provides help information on all the available commands - there are pages of it, and it all scrolls through so fast you can`t read it.

You can`t pipe the "help_advanced" command through "more" or "less" - Crosh doesn`t allow it.

The only way I have found to read it all is to use the mouse to scroll up and down - which is a bit of a pain on a command line screen where you should be using the keyboard.

 

Linux firewall

There is no firewall configured in the version of Debian that has been installed by using the install option in the Chrome OS advanced options.

So the installed version of Linux is wide open to attacks via the network.

You will need to configure your own firewall.

Iptables and nftables are already installed and are available for use - ufw, gufw, and firewalld can be downloaded and installed using

sudo apt install -----

BUT ---- see below before you do !

 

----------------------

 

You are advised to nowadays use nftables, not iptables - but iptables still works - you can save the configuration using -

sudo iptables-save > filepath

and restore it using -

sudo iptables-restore < filepath

but the configuration is volatile - the configuration is lost after a shutdown, and requires a restore.

So far I have failed to get an initialisation script to work - there is considerable variation in the construction of the scripts in /etc/init.d - so it is all very muddy as to how it is actually working.

The iptables-persistent command provides a better solution.

 

----------------------

 

An ongoing problem is that my experiences of gufw and firewalld have not been good - on several distributions of Linux such as Debian, Ubuntu, and Mint the default userspace tool for configuring the firewall is ufw - this is a command line tool, but there is an associated GUI tool called gufw.

By default ufw creates several obscure interconnected chains - in amongst these chains there are some rules that allow NetBIOS into the firewall - it is hard to work out just what the route through these chains is, and therefore hard to work out if NetBIOS has a route through the firewall.

This is bad - NetBIOS is a very old and very insecure network protocol that is much loved by black hats as a means of attacking computers - it has dogged multiple versions of Windows for decades - I didn`t expect it to be built into Linux as well.

I installed and enabled the command line version ufw on the Linux installation on the Chromebook - and it created over 40 chains for ipv4 and 38 chains for ipv6 on top of the three default chains of INPUT, FORWARD, and OUTPUT - as well the rules for NetBIOS, rules that allow multiple types of ICMP packets through the firewall, plus several other rules.

If you are using the GUI version of ufw - ie, gufw - you don`t see them.

Using any of the command lines -

sudo ufw status verbose

or

sudo ufw status

or

sudo ufw status numbered

doesn`t give any clue about the existence of all these chains and the various rule sets - they stay hidden.

Using the command line -

sudo ufw show raw

does show them.

Something like 80 chains - if I counted them correctly - do the developers of ufw actually expect mere humans to understand the packet flow through 80 chains - or is this a deliberate attempt at obfuscation in order to hide backdoors that allow unwanted packets through the firewall ?

 

----------------------

 

firewalld is another way of configuring netfilter down there in the kernel world - firewalld is a command line tool.

Early versions of firewalld were based on iptables - more recent versions are based on nftables.

Associated with firewalld is a GUI tool called firewall-config - it talks to firewalld - so in theory you have a GUI tool to configure the firewall.

The installation of firewalld on the Linux installation on the Chromebook has not gone to plan - I was able to install firewalld using the command line -

sudo apt install firewalld

but I then couldn`t do any more installations.

It turned out that the installation of firewalld had rewritten the firewall ruleset, and the firewall was now blocking everything - so I had to rewrite the rule set using iptables.

Then I could install firewall-config using the command line -

sudo apt install firewall-config.

The installation appeared to work but firewall-config will not connect to firewalld - firewall-config is the GUI tool for configuring the firewall using firewalld - but in the Linux installation on my Chromebook it doesn`t work.

And the command line version firewalld doesn`t work either - it just gives failure messages.

So whether firewalld doesn`t like Debian, or it doesn`t like the Linux environment on the Chromebook I don`t know.

 

----------------------

 

I removed both ufw and firewalld using the command lines

sudo apt purge ufw

and

sudo apt purge firewalld

 

Termina and Crostini

The Linux installation on a Chromebook sits in a custom container inside a custom virtual machine.

Termina is a VM image with a stripped-down Chrome OS linux kernel - it is designed to boot up as quickly as possible and start running containers.

In other words, it is Termina that creates the virtual environment on a Chromebook.

Crostini is a sort of umbrella description of the container world inside the VM set up by Termina.

Linux is installed in that container world.

It is the Crostini container world that is responsible for the inclusion of the software that enables interaction between ChromeOS and the Linux installation - software blocks like Sommelier, Garcon, Maitred, Concierge - Google has gone to a lot of trouble to enable the interaction between ChromeOS and Linux.

 

More on terminals

The situation on terminal windows changes after the installation of Linux.

As shown above - Crosh is still the terminal / command line window for ChromeOS - and as indicated above, it is a Google created shell.

The terminal / command line window of the installed Linux is accessed through Terminal - it is called Penguin - it is a Bash shell.

Termina is a self contained Linux environment and it has its own terminal window - it can be accessed by going into Crosh, and using the command

vsh termina

This is another Bash shell.

 

Linux installation

The much aclaimed optional installation of Linux is a continually increasing disappointment - it really isn`t much like a normal installation of Linux.

In theory the Linux installation lives in a container in a virtual machine - but it is very far from an isolated virtual environment - there is a built in crossover between the Linux installation and ChromeOS.

ChromeOS can see into many parts of the Linux installation.

ChromeOS can see some of the apps that you install in Linux and they are shown in the ChromeOS apps window.

The file manager in ChromeOS can see into your home folder on Linux.

Grub doesn`t seem to exist - the /boot folder is empty - /etc/default/grub doesn`t exist.

The folders /bin, /lib, /lib64, and /sbin don`t exist - on the Chromebook they are links to folders in /usr.

Sudo doesn`t work the normal way - no password is required - which is a considerable security risk if the Linux installation is connected to the internet.

You can use

sudo apt install --------

to install apps or other bits of software - some of them will work - some of them will not work.

The more I used Linux apps the more I found that the Linux installation is inconsistent - sometimes an app will work, sometimes it doesn`t.

 

Linux kernel modules

There is a considerable departure from a more usual Linux installation in that the Linux installation on Crostini / Termina doesn`t treat kernel modules in the usual way.

According to one page on the Google website about ChromeOS, Termina does not include kernel module support.

The folder /lib/modules/<kernel-name>/ doesn`t exist - so where do loadable kernel modules live - I can`t find them.

The folder /sys/module/ does exist - but doesn`t contain the modules.

The file /etc/modules exists - but doesn`t contain anything useful.

The command line tool lsmod runs but doesn`t provide any information - it responds by stating the /proc/modules doesn`t exist - which is true - it doesn`t exist.

So what modules have been loaded, or are available for loading, is unknown.

 

Linux kernel

A bit of further digging revealed another even more disturbing aspect about the Linux kernel.

Using the command "uname -r" on the terminal screen of the Linux installation shows a kernel version of 6.6.13-00891-g1af58030b5c8.

Using the command "uname -r" on the terminal screen of Termina also shows a kernel version of 6.6.13-00891-g1af58030b5c8.

Now as I stated higher up the web page, Termina is a VM image with a stripped-down Chrome OS linux kernel - it is designed to boot up as quickly as possible and start running containers.

But this is the same kernel version as that being used by the Linux installation - so it looks like the Linux installation isn`t using a Debian kernel, it is using the Termina kernel.

Looking at the root file system that Termina is built on shows a much more orthodox Linux file structure than what the Linux installation is built on.

And inside the Termina root file system, the folder /lib/modules does exist - and includes a folder called 6.6.13-00891-g1af58030b5c8 - so this as you would expect in an orthodox Linux installation.

However it doesn`t contain any sub folders or kernel module files.

And it is worth repeating that the Linux installation doesn`t include Grub - so Grub isn`t pulling in a kernel.

So again it looks very likely that the Linux installation is running on a stripped down Googlised kernel that doesn`t use loadable kernel modules.

Not really surprising that various Linux apps don`t work as they should.

 

Crouton

Crouton is another quite different way of installing Linux on a Chromebook - it predates the virtual environment of Termina and Crostini, and it works on older Chromebooks as well as newer ones.

There are numerous websites about using Crouton, I haven`t done it.

It basicaly involves putting the Chromebook into Developer Mode, then downloading and installing Crouton and one of a few available versions of Linux.

It can provide a Linux desktop which runs in parallel to the ChromeOS desktop, and you can switch between the two desktops.

There is still interaction between ChromeOS and the Linux installation, Crouton does not provide an isolated environment for the Linux installation.

Crouton may be open source, but it was designed by somebody from Google so there is an obvious tie up.

Putting the Chromebook into Developer mode wipes all your data and reduces the security of ChromeOS.

 

Removing ChromeOS

There are various websites that suggest the best way to put Linux on a Chromebook is to wipe the Chromebook to remove ChromeOS, and then put on Linux.

However this is far from trivial - the first problem is that you have to flash the BIOS.

On older Chromebooks this would usually involve opening up the Chromebook and changing a switch on the motherboard, or removing a write protection screw on the motherboard.

Newer Chromebooks - I think since 2019 - use a Titan Security chip to protect the BIOS - and you have to disable this - I have seen reference that to do this you have to open up the Chromebook and disconnect the battery - then power the Chromebook up using the charger.

Then of course you are going to have to go search the internet to find the new BIOS version that is suitable for your Chromebook.

After all that you can install your chosen distribution of Linux.

That is if you haven`t turned your Chromebook into a doorstop - which is highly likely.

 

Conclusion

If you are looking for a laptop that is a gateway to the cloud and don`t mind the continual interchange between your Chromebook and Google servers - then maybe a Chromebook will satisfy your need.

I was interested in the ability to run Linux - but as stated above, this has been a continually increasing disappointment.

There are a lot of websites out there that contain a lot of hype about Linux on Chromebooks, it is difficult to know which websites you can trust to provide reliable information.

Many of the websites are pushing the idea that Linux on a Chromebook is going to become a defacto tool for developers.

Now so far I haven`t installed Linux using Crouton, or by changing the BIOS - but based on my experience of installing Linux on a Chromebook using Crostini, I find it hard to believe that a Linux installation that is unreliable and inconsistent, and that is so deficient in its root file system and in its kernel - and its treatment of kernel modules - can be recommended on the basis that it would be good for developers.

My current view is that if you want Linux on a laptop - don`t start with a Chromebook - forget virtualisation - start with a Microsoft Windows based laptop and install Linux on that - either on its own or with dual booting.

You will get a much wider choice of distribution, and a much more useable and reliable installation of Linux.

 

 

 

 

• home page
• image gallery
• about this website
• about the colour bar

 

website design by ron-t

 

website hosting by freevirtualservers.com

 

© 2024   Ron Turner

 

+                                   +  

 

 

• grayscale