I like the approach of Chromebooks. Safe and secure in its default state. Can sw... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		charcoal23 on Nov 3, 2017 \| parent \| context \| favorite \| on: Savitech USB audio drivers install a new root CA c... I like the approach of Chromebooks. Safe and secure in its default state. Can switch to "dev mode" which gives you a less secure but much more open system. And then can open the case, remove the write-protect screw, and have a fully open system. If any problems develop, or you simply want to go back to a locked-down secure state, you can very easily reset the machine to it's original configuration. My personal approach to the problem is multiple devices. Linux laptop and Windows desktop for my open systems. iPhone and Chromebook for when I don't want to worry.

yndoendo on Nov 3, 2017 [–]

Chromebooks are close but one should be able to keep their changes and reactivate the security screw so no further changes maybe made. Simply, manual switches to protect UEFI/BIOS and TPM changes are better move then none or all approach the Chromebooks take.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact