NayuOS is an ongoing project at Nexedi: since we mainly use Chromebooks as part of our development tools, we want to have more customizable, secure and privacy-compliant devices. We also love Free Software so we do want a Free alternative for Chrome OS which fits our needs.
Why choosing Chromebooks with Chrom* OS instead of another GNU/Linux distribution?
- Security: Chrome and Chromium OS have a specific security policy, using sandboxes as a security mechanism to isolate different processes and don't let them access the file system from inside a sandbox, not having packet installation because there are web application to answer all the user's need, encrypting each user's partition independently, ... .
- Price: Chromebooks are very cheap devices! The cheapest one is around $150.
- Freedom: There is no tying: you won't pay a Windows license and most of them are using Coreboot instead of a proprietary BIOS! But Chrome OS's sources are not open, and that is why we prefer Chromium OS.
- Speed: Chromebooks boot fast (you will mostly use the web, so there is not much on your computer anyway).
- Learning: Because you have to find how to do things on the web instead of finding a command in your terminal, it is a nice way to learn modern web and become up to date on web technologies.
For whom is Chromium OS?
Chromium OS is much more developer-friendly, since there is a large range of tools for development (Python2.7, gdb, ...) and networking (tcpdump, rsync, ...) which are not available in Chrome OS. Having Python2 means that it is easy to run an HTTP server on the local network and develop web applications!
For people who care about privacy
Chromium OS is fully Open Source. This is necessary for better privacy and security: you don't have to trust Google, you can look at the code and ensure that the software does what you expect from it! However, it requires you to switch to developer mode, which is by default less secure (no more boot verification, shell in the browser and VT2 access, available root access with no password, ssh daemon running, ...) but allows you to use your device without restriction.
Of course, you still have to be careful with the location of the storage of your personal data (file system, Google's servers or your own, ...).
What is NayuOS and what are the benefits?
NayuOS is a customization of Chromium OS which is currently used by Nexedi's developers and that we want to share because it can be useful to others.
We want to improve the development environment, the usability and configuration of the system and the privacy of the users. Right now, our technical goal is to:
- ✓ stop the SSH daemon running by default in Chromium OS,
- ✓ add git because we don't know any good web-based git utility allowing usual interactive commands (such as
git rebase -i)
- ✓ remove Google login: we prefer guest mode (this is done by default when building ChromiumOS),
- ✓ add re6st connectivity (follow instructions while running
sudo grandenet in the terminal, registry to get a token),
- ✗ add Zeroconf over Babel and configure firewall to easily reach another device on a local network which runs an HTTP Server,
- ✗ add GPG command line utility.
Download the images
The build process based on Buildout in our decentralized cloud technology SlapOS makes possible to build many images of NayuOS for specific boards based on the latest releases of Chromium OS.
Old images were deleted because of a security issue on www.nayuos.com hosting system. All old images could have been compromised. They are temporary hosted on a SlapOS webrunner.
||stable (release 52)
||unstable (release 56.0.9000.B)
||Acer C910 Chromebook 15
||Dell Chromebook 11 (CPU: Celeron N2840)
||Lenovo Chromebook N20
||Acer Chromebook R11
||Dell Chromebook 13
||Acer C720 Chromebook
||ASUS Chromebooks C300
||Chromebook Pixel 2015
||ASUS Chromebooks C200
||Toshiba Chromebook 2
||Dell Chromebook 11 (CPU: Celeron 2955U)
Verify the image
Verify the hash by checking in the hash.txt file (stable, unstable) of the extracted image, and compare with the value of the freshly downloaded image.
zcat your_board.nayuos.img.gz | sha512sum
The values should be the same.
Install the image on your Chromebook
Before doing anything, it is safer to make a recovery USB stick, just in case...
In order to install Chromium OS on you Chromebook, you will have to create a bootable USB stick. To do this, you can use:
Once you have your image, you need to activate the developer mode on your device: generally, you have to turn your Chromebook off and hit
F3 (the "reload" key) +
You should then get a screen saying that "Chrome OS is missing or damaged", this is just an dissuasive message, hit
D and confirm by hitting
ENTER that you want to enable the developer mode.
Choose to "Browse as guest" by clicking on the button in the bottom left corner of the login page.
Then, you need to allow your device to boot on USB. For that, get a shell:
- by typing
T in the browser to access to the "crosh" terminal, and writing the command
- by hitting
F2 (the "next" key), either as
sudo crossystem dev_boot_usb=1
Reboot and press
U at boot time to boot on USB. You will be on a live Chromium OS system. If you want to install it for real, open a terminal and type:
After that, don't try to turn the developer mode off (hitting
SPACE at boot time), or you will have to reinstall the original Chrome OS!
If it does not boot on the live system...
If you were in developer mode under Chrome OS, you may have to switch back to normal mode (hitting space at boot time). Then, you can follow the instructions above.
How to build the image?
If you want to build the image yourself, you can find more informations on:
Some issues which may be fixed in the next versions.
- There is no dev server running which could be used for packages update or installation using
Some packages are looking for binaries/libraries in
/usr/ instead of
npm is looking for node binary in
/usr/bin/ instead of
- Obviously, there is no Adobe Flash, which is proprietary (and there is no gnash neither), but who cares about Flash?
- There is no way to upgrade just by typing a command, re-flashing the device is needed to get a new version of NayuOS.
Tips and tricks
- extend the
/etc/hosts (which is read-only) using the HOSTALIASES environment variable to have per-user customized IP/name conversions
- In case you get the "Chrome OS is missing or damaged" error at boot time or if you just want to go back to your original system, it is easy to make a recovery image of your original system, with the dedicated application.
re6st, to get IPv6 over an IPv4 network, is easy: follow instructions with the script
- use the command
sudo chromeos-setdevpasswd to change
chronos user's password so that password is asked when using sudo and passwordless
root console login is disabled.
- unzip with Python using the command:
python -m zipfile -e myfile.zip outputpath
- create and manage LUKS-encrypted partition (change
partition by the actual partition or device in
On R54 and later, you can use the encmount command to mount one LUKS-encrypted device:
sudo cryptsetup luksOpen /dev/partition mydevice
sudo mkdir /media/removable/somewhere
sudo mount -o rw,nosuid,nodev,noexec /dev/mapper/mydevice /media/removable/somewhere
- change the timezone by changing the symlink at
- some more information on Chromium OS website
Q: I want to run it on a normal PC laptop. When will this option be available?
A: Some of us tried to run a "generic" version of Chromium OS on their laptop. It was not reliable because of problems due to unsupported hardware (such as trackpad issues, ...).
Q: I do not understand why do you need to make separate images for all the x86-based Chromebooks?
A: Chromium OS is optimized for each device: because the Chromium OS team know what are the hardware specifications for every board, they choose not to add such driver, ... . This is why sleep mode, sound, wifi, and so on, always work well on these devices (that you sometimes experience when using a generic GNU/Linux distribution on an ordinary laptop).
Q: What does NayuOS looks like?
A: It looks like this:
Q: What can I do with NayuOS?
A: You can:
- use the crosh terminal,
- access your IPV6 network from anywhere, even on IPv4-only networks,
- read encrypted SD-card, USB sticks,
- use an online open source ERP,
- access remote server with ssh command as usual,
- run Python, create Flask applications, test and use them locally, ...
Q: What can't I do with NayuOS?
A: You can't:
- store documents on your Chromebook (use external devices),
- use Adobe Flash or proprietary codecs for multimedia (mp3, ...),
- install packages (same as Chrome OS),
- execute custom binary anywhere (most of the file system is mounted noexec),
- use Chrome extensions and Google account for logging in.
Q: How Free are NayuOS users? Do you think someday it might be free enough to be submitted to the FSF as an approved distro?
A: Our intention is to have a fully Free (so FSF-compliant) device and Chromebooks running NayuOS or Chromium OS are relatively close to it, but:
- there are unfortunately necessary microcode for the CPU, that are non-Free,
- we did not recompile Coreboot, neither flashed the read-only part of the Chromebook's firmware (at least, we have not tried yet),
- for ARM-flavoured boards, when compiling Chromium OS, accepting GPU drivers are required (this is why we don't redistribute NayuOS images for ARM devices),
- we don't have the resources to audit the full code to find whether there are non-free pieces of software,
About the kernel on my own Chromebook ("swanky"):
512 - A kernel warning has occurred. 1024 - A module from drivers/staging was loaded.
There are no non-GPL-licensed module loaded! These flags can be explained by warnings from Intel drivers:
dmesg | grep -i warn
WARNING: at /mnt/host/source/src/third_party/kernel/v3.10/drivers/gpu/drm/i915/intel_display.c:759 intel_wait_for_vblank+0xdb/0x1c3()
WARNING: at /mnt/host/source/src/third_party/kernel/v3.10/drivers/gpu/drm/i915/intel_display.c:854 intel_wait_for_pipe_off+0x14d/0x154()
and zram being still in staging
(in other words, it is/was not considered ready yet and on the way to become a official Linux kernel module)
dmesg | grep -i staging
zram: module is from the staging directory, the quality is unknown, you have been warned.
Q: I am interested on how I can manage to add my private ssh keys to NayuOS.
A: I am using NayuOS daily, with a USB stick (some use SD cards) on which I have all the data I want to keep locally. My ssh private key is stored on it, so I just need to copy it to
~/.ssh when I need it. The device can be encrypted using cryptsetup cli.
In the news