NayuOS Home NayuOS

    NayuOS

    NayuOS is an ongoing project at Nexedi: since we mainly use Chromebooks as part of our development tools, we want to have more customizable, secure and privacy-compliant devices. We only create Free Software (see our full stack) so we want to have a Free alternative for Chrome OS which fits our needs.

    Why choosing Chromebooks with Chrom* OS instead of another GNU/Linux distribution?

    • Security: Chrome and Chromium OS have a specific security policy, using sandboxes as a security mechanism to isolate different processes and don't let them access the file system from inside a sandbox, not having packet installation because there are web application to answer all the user's need, encrypting each user's partition independently, ... .
    • Price: Chromebooks are very cheap devices! The cheapest one is around $150.
    • Freedom: There is no tying: you won't pay a Windows license and most of them are using Coreboot instead of a proprietary BIOS! But Chrome OS's sources are not open, and that is why we prefer Chromium OS.
    • Speed: Chromebooks boot fast (you will mostly use the web, so there is not much on your computer anyway).
    • Learning: Because you have to find how to do things on the web instead of finding a command in your terminal, it is a nice way to learn modern web and become up to date on web technologies.

    For whom is Chromium OS?

    For developers

    Chromium OS is much more developer-friendly, since there is a large range of tools for development (Python2.7, gdb, ...) and networking (tcpdump, rsync, ...) which are not available in Chrome OS. Having Python2 means that it is easy to run an HTTP server on the local network and develop web applications!

    For people who care about privacy

    Chromium OS is fully Open Source. This is necessary for better privacy and security: you don't have to trust Google, you can look at the code and ensure that the software does what you expect from it! However, it requires you to switch to developer mode, which is by default less secure (no more boot verification, shell in the browser and VT2 access, available root access with no password, ssh daemon running, ...) but allows you to use your device without restriction.

    Of course, you still have to be careful with the location of the storage of your personal data (file system, Google's servers or your own, ...).

    What is NayuOS and what are the benefits?

    NayuOS is a customization of Chromium OS which is currently used by Nexedi's developers and that we want to share because it can be useful to others.

    We want to improve the development environment, the usability and configuration of the system and the privacy of the users. Right now, our technical goal is to:

    • ✓ stop the SSH daemon running by default in Chromium OS,
    • ✓ add git because we don't know any good web-based git utility allowing usual interactive commands (such as git rebase -i)
    • ✓ remove Google login: we prefer guest mode (this is done by default when building ChromiumOS),
    • ✓ add re6st connectivity (follow instructions while running sudo grandenet in the terminal, registry to get a token),
    • ~ add possibility to access and customize the writeable parts of the file system with JavaScript applications (based on jIO) by running a WebDAV server (source code),
    • ✗ add Zeroconf over Babel and configure firewall to easily reach another device on a local network which runs an HTTP Server,
    • ✗ add GPG command line utility.

    License

    NayuOS is Free Software, licensed under the terms of the GNU GPL v3 (or later). For details, please see Nexedi licensing.

    Install NayuOS

    First, Find your codename of the board for your machine. If we do not support your board you can always try a generic image amd64-generic or build your own image.
    Second, download (and verify) the image from our repository. New builds can be found in Build Releases with links to their repositories.
    Third, we provide a guide on how to Install the image on your Chromebook.

    Find your codename

    board name machine
    auron_yuna Acer C910 Chromebook 15
    candy Dell Chromebook 11 (CPU: Celeron N2840)
    cave ASUS Flip C302
    clapper Lenovo Chromebook N20
    cyan Acer Chromebook R11
    lars Acer 14 For Work (CP5-471)
    leon Toshiba Chromebook
    link Chromebook Pixel 2013
    lulu Dell Chromebook 13
    peppy Acer C720 Chromebook
    quawks ASUS Chromebooks C300
    samus Chromebook Pixel 2015
    squawks ASUS Chromebooks C200
    swanky Toshiba Chromebook 2
    wolf Dell Chromebook 11 (CPU: Celeron 2955U)

    *Old images were deleted because of a security issue on www.nayuos.com hosting system. All old images could have been compromised. They are temporary hosted on a SlapOS webrunner.

    Build releases

    Release 62

    Built on 2017-11-05
    Download from repository R62
    Notes

    • New build for ASUS Flip C302 (board cave)

    Release 61

    Built on 2017-07-14
    Download from repository R61

    Release 60

    Built on 2017-07-08
    Download from repository R60
    Notes

    • Generic image amd64-generic is being built from now on
    • New build for Acer 14 For Work (board lars) but currently with audio issues.
    • New build for Google ChromeBook Pixel 2013 (board link)
    • Board samus was omitted in this build
    • Script grandenet ceased to work - investigation in progress.

     

    Verify the image

    Verify the hash by checking in the hash.txt file of the extracted image, and compare with the value of the freshly downloaded image.

    zcat your_board.nayuos.img.gz | sha512sum 

    The values should be the same.

    Install the image on your Chromebook

    Before doing anything, it is safer to make a recovery USB stick, just in case...

    In order to install Chromium OS on you Chromebook, you will have to create a bootable USB stick. To do this, you can use:

    • use the dd command on any GNU/Linux (and Chrome OS, but beware that some Chromebooks can't handle dd correctly and crash):
      zcat your_board.nayuos.img.gz | pv | sudo dd of=/dev/somedevice

    Once you have your image, you need to activate the developer mode on your device: generally, you have to turn your Chromebook off and hit ESC + F3 (the "reload" key) + POWER button.

    You should then get a screen saying that "Chrome OS is missing or damaged", this is just an dissuasive message, hit CTRL + D and confirm by hitting ENTER that you want to enable the developer mode.

    Choose to "Browse as guest" by clicking on the button in the bottom left corner of the login page.

    Then, you need to allow your device to boot on USB. For that, get a shell:

    • by typing CTRL + ALT + T in the browser to access to the "crosh" terminal, and writing the command shell
    • by hitting CTRL + ALT + F2 (the "next" key), either as root or chronos

    and type:

    sudo crossystem dev_boot_usb=1 

    Reboot and press CTRL + U at boot time to boot on USB.

    Welcome into your live-USB NayuOS

    You will be on a live Chromium OS system. If you want to install it for real, open a terminal (as described above with CTRL + ALT + T and "crosh" terminal) and type:

    sudo /usr/sbin/chromeos-install 

    After installation is done, you can follow the instructions in order to boot into installed NayuOS.

    Important notes

    After that, don't try to turn the developer mode off (hitting SPACE at boot time), or you will have to reinstall the original Chrome OS!

    If it does not boot on the live system...
    If you were in developer mode under Chrome OS, you may have to switch back to normal mode (hitting space at boot time). Then, you can follow the instructions above.

    Build your own image

    The build process based on Buildout in our decentralized cloud technology SlapOS makes possible to build many images of NayuOS for specific boards based on the latest releases of Chromium OS.

    Some other useful information:

    Known issues

    Some issues which may be fixed in the next versions.

    • There is no dev server running which could be used for packages update or installation using gmerge (yet?).
    • Some packages are looking for binaries/libraries in /usr/ instead of /usr/local/:
      • npm is looking for node binary in /usr/bin/ instead of /usr/local/bin.
    • Obviously, there is no Adobe Flash, which is proprietary (and there is no gnash neither), but who cares about Flash?
    • There is no way to upgrade just by typing a command, re-flashing the device is needed to get a new version of NayuOS.

    Tips and tricks

    • extend the /etc/hosts (which is read-only) using the HOSTALIASES environment variable to have per-user customized IP/name conversions
    • In case you get the "Chrome OS is missing or damaged" error at boot time or if you just want to go back to your original system, it is easy to make a recovery image of your original system, with the dedicated application.
    • having re6st, to get IPv6 over an IPv4 network, is easy: follow instructions with the script sudo grandenet
    • use the command sudo chromeos-setdevpasswd to change chronos user's password so that password is asked when using sudo and passwordless root console login is disabled.
    • unzip with Python using the command:
      python -m zipfile -e myfile.zip outputpath
    • create and manage LUKS-encrypted partition (change partition by the actual partition or device in /dev/):
      sudo cryptsetup luksOpen /dev/partition mydevice sudo mkdir /media/removable/somewhere sudo mount -o rw,nosuid,nodev,noexec /dev/mapper/mydevice /media/removable/somewhere 
      On R54 and later, you can use the encmount command to mount one LUKS-encrypted device: encmount mydevice.
    • change the timezone by changing the symlink at /var/lib/timezone/localtime
    • some more information on Chromium OS website

    FAQ

    Q: I want to run it on a normal PC laptop. When will this option be available?

    A: Some of us tried to run a "generic" version of Chromium OS on their laptop. It was not reliable because of problems due to unsupported hardware (such as trackpad issues, ...).

    Q: I do not understand why do you need to make separate images for all the x86-based Chromebooks?

    A: Chromium OS is optimized for each device: because the Chromium OS team know what are the hardware specifications for every board, they choose not to add such driver, ... . This is why sleep mode, sound, wifi, and so on, always work well on these devices (that you sometimes experience when using a generic GNU/Linux distribution on an ordinary laptop).

    Q: What does NayuOS looks like?

    A: We took a screenshot for you

    NayuOS screenshot

    Q: What can I do with NayuOS?

    A: You can:

    • use the crosh terminal,
    • access your IPV6 network from anywhere, even on IPv4-only networks,
    • read encrypted SD-card, USB sticks,
    • use an online open source ERP,
    • access remote server with ssh command as usual,
    • run Python, create Flask applications, test and use them locally, ...
    • use or write JavaScript applications for everything else!

    Q: What can't I do with NayuOS?

    A: You can't:

    • store documents on your Chromebook (use external devices),
    • use Adobe Flash or proprietary codecs for multimedia (mp3, ...),
    • install packages (same as Chrome OS),
    • execute custom binary anywhere (most of the file system is mounted noexec),
    • use Chrome extensions and Google account for logging in.

     

    Q: How Free are NayuOS users? Do you think someday it might be free enough to be submitted to the FSF as an approved distro?

    A: Our intention is to have a fully Free (so FSF-compliant) device and Chromebooks running NayuOS or Chromium OS are relatively close to it, but:

    • there are unfortunately necessary microcode for the CPU, that are non-Free,
    • we did not recompile Coreboot, neither flashed the read-only part of the Chromebook's firmware (at least, we have not tried yet),
    • for ARM-flavoured boards, when compiling Chromium OS, accepting GPU drivers are required (this is why we don't redistribute NayuOS images for ARM devices),
    • we don't have the resources to audit the full code to find whether there are non-free pieces of software,
    • more?

    About the kernel on my own Chromebook ("swanky"):

    cat /proc/sys/kernel/tainted 1536

    This means:

    512 - A kernel warning has occurred. 1024 - A module from drivers/staging was loaded. 

    There are no non-GPL-licensed module loaded! These flags can be explained by warnings from Intel drivers:

    dmesg | grep -i warn [...] WARNING: at /mnt/host/source/src/third_party/kernel/v3.10/drivers/gpu/drm/i915/intel_display.c:759 intel_wait_for_vblank+0xdb/0x1c3() [...] WARNING: at /mnt/host/source/src/third_party/kernel/v3.10/drivers/gpu/drm/i915/intel_display.c:854 intel_wait_for_pipe_off+0x14d/0x154() [...] 

    and zram being still in staging (in other words, it is/was not considered ready yet and on the way to become a official Linux kernel module)

    dmesg | grep -i staging zram: module is from the staging directory, the quality is unknown, you have been warned. 

     

    Q: I am interested on how I can manage to add my private ssh keys to NayuOS.

    A: I am using NayuOS daily, with a USB stick (some use SD cards) on which I have all the data I want to keep locally. My ssh private key is stored on it, so I just need to copy it to ~/.ssh when I need it. The device can be encrypted using cryptsetup cli.

    In the news

    English

    French

    German

    Spanish

    Italian

    Chinese

    Indonesian

    References