Chromium OS source released

If boot verification fails, it gives you the option of reimaging the OS with an approved version, or continuing anyway. You're explicitly allowed to use an unsigned OS, the only price seems to be that you'll get a warning screen on every boot that you have to click through. This seems like an excellent tradeoff: you know there are no viruses because the *entire* *root* *filesystem* is signed by Google, literally (AFAICT).

And the chain of trust is built up from read-only firmware, so it can't be wrong unless someone has physically tampered with the device in a quite sophisticated way. Attackers could still try to get stuff installed as an unprivileged user, but only until it downloads the next OS update that wipes it out . . . it's impossible to root the device across boots. You can't get that without a chain of trust.

Of course, if you don't like it, don't use the device. Or use it but change the OS and navigate through the warning screen every time. Google isn't planning to replace normal PCs in the near future. This is meant to be a special-purpose device, not a general-purpose computer in the conventional sense.