Why isn't GrapheneOS available on Chromebooks?

anonymousgrapheneperson

Hi! I wanted to ask why Chromebooks do not support GrapheneOS, Chromebooks support Verified Boot, Have sandboxing similar to Android, and Chromebooks provide 10-year security updates so what security requirements do Chromebooks not meet for GrapheneOS? Or is GrapheneOS primarily focused on Mobile security and privacy and not looking to branch out to desktop?

Johnnyloans

1) Can't just throw a phone OS onto a desktop

2) Many requirements:
https://grapheneos.org/faq#future-devices

A rudimentary explanation of the requirements:

Chromebooks make it very difficult to install other OSes
Isolating all parts of the system from each other, have several layers of security, and methods to verify integrity. So, if anything bad does happen like a user installing a malicious app, it is trapped in a room by itself. Everything else is safe.
Secure storage of keys/secrets.
Quick, timely updates given to the GOS team from the phone manufacturer.
If an update catastrophically fails like the battery goes to 0% during the update, the phone can still turn on from a last-known good-state.
Preventing damage from altered or malicious code--more supervision. Such as, Code execution can only be done in a small section of memory or securing an App's logic flow better. Putting this simply, Programs are full of: do this > now that > okay now back 3 steps back and do it all over again.
A bad actor could alter one of these forks in the road to instead lead to their malicious code that they planted into memory. If they do change the fork in the road, that planted code cannot run since it isn't inside an approved execution area of memory which would be a huge hurdle to be get approved. Multiple layers of security.

Why they are so important is because the GOS team desire the best security possible.