Also, anyone having physical access to your Chromebook can flip that switch and compromise your machine. While you can set a bios setup password to guard against someone flipping the secure boot switch.
>Gain physical access to Any machine, and all security bets are off.
That's not guaranteed. For example, see Droid Milestone's locked bootloader and XBox 360 (recently broken with a cpu bug).
>But what if the attackers has physical access and simply reflashes the BIOS?
Security is all about raising the bar, reflashing takes a lot more time and effort than flipping a hardware switch and inserting a USB key.
Also, a physical switch is harder to implement in a consistent manner for low margin OEMs(who all buy the firmware from the same source), thus a software setting is better. For example, including such a switch on a tablet like the Microsoft Surface Pro will increase the costs and restrict design.
> That's not guaranteed. For example, see Droid Milestone's locked bootloader and XBox 360 (recently broken with a cpu bug).
I was originally going to say, "Well, that's a different matter entirely."
It's not really, though. It's taking longer and longer for people to hack "secured" hardware.
The lesson of the PS3 still stands, though. If you let the hacker community install what they want, then they may not even bother to hack your hardware, unless you piss them off. The economics of hacking and security works like the economics of guerrilla warfare. You don't set up a highly visible and attractive high value target for an enemy that greatly outnumbers you. Doing that is just stupidity.
Guerrilla warfare is just as much about knowing what to cede as it is knowing what to attack.
http://www.windowsfordevices.com/images/stories/samsung_secu...
Also, anyone having physical access to your Chromebook can flip that switch and compromise your machine. While you can set a bios setup password to guard against someone flipping the secure boot switch.