It's been over a year since I wrote my guide on setting up a cheap Chromebook for web development. In that article, I presented three different ways to install a Linux distribution instead of, or sometimes alongside ChromeOS, the native Chromebook operating system. These three methods were all a bit hacky. One required running a heavily sandboxed Android app, while for the other two you had to put the machine in developer mode, which bypasses some of the security measures that make the Chromebook one of the most secure laptops you can find.
Since I wrote that article in September 2017 there's been a new development. Now there is a fourth method of running a native Linux distribution, available to most Chromebook models from the last few years. What makes this new method interesting is that it is an officially supported feature of ChromeOS, so there is no need to activate developer mode, and no need to make concessions on the highly regarded Chromebook security model. This method is based on container technology, and is known by the project name Crostini.
Running Linux in a Chromebook: The Old Methods
Before I describe the new thing, let me review the methods that were previously available, so that you can evaluate Crostini in the proper context.
Termux Android App
The first and most secure of the legacy methods involves the use of an Android app called Termux. This app runs on Android phones or tablets, and gives you a sandboxed Linux environment that you can run without the need of rooting your device. If your Chromebook model is one that supports running Android apps, then you can install this app and have access to a Linux terminal.
While this approach sounds great on paper, the issue with Termux is the sandboxing, which often gets in the way if you try to create a streamlined coding workflow oriented towards web development. The main problems I experienced were caused by weird file sharing rules between the ChromeOS and Linux file systems, and more importantly, the inability to access
localhost from inside the Linux environment.
Dual Booting Linux
The second method I explored is more mainstream. The idea is to install a regular Linux distribution alongside ChromeOS. Then at boot time you select if you want to boot ChromeOS or Linux.
Because the Chromebook security strictly prohibits running non-authorized code at boot, this option is only available when the system is put in developer mode, which among other things disables the verified boot process that prevents unauthorized code such as viruses from infiltrating your system. Also, the Chromebook gives you a loud and annoying reminder that it is in developer mode every time you turn it on. If you forget to manually bypass the warning within 30 seconds of turning it on, then the machine assumes it has been compromised and does a powerwash, which brings it back to factory settings, and of course away go all your files, from the Linux and ChromeOS sides.
Setting aside the complication and risk of enabling developer mode, I have found that running a complete Linux distribution does not provide a great user experience. Of course this is my personal opinion, but I don't find standard Linux desktop environments such as Ubuntu as nice as ChromeOS.
Crouton is an open source script that makes it easy to create chroots that run Linux inside ChromeOS. On the plus side, chroots use a very lightweight form of virtualization that runs code natively, with zero performance impact. But there's also a bad side. While the chroot is sandboxed to some extent, the isolation isn't complete, so for example, chroots have direct access to the host's hardware. If a virus were to infiltrate a chroot, it could potentially find its way outside of the chroot.
Because the security implications of running chroots are potentially severe, Chromebooks do not provide the ability to create chroots directly. Crouton bypasses this limitation by requiring developer mode to be enabled, so once again, you are forced to downgrade the security of your laptop so that you can have a decent Linux environment in which to write code.
What was attractive to me when comparing Crouton against the previous method is that everything runs under ChromeOS, which in my opinion provides a much better user experience than traditional Linux desktops. Linux terminals run happily inside Chrome tabs or windows, and with the help of a little Crouton extension for Chrome, you can also run UI applications from the Linux side within Chrome. I had great success running Visual Studio Code in this way.
In the last year, I produced a lot of code on my sub-$200 Chromebook using Crouton. It is actually a near perfect solution, with the only somewhat important drawback being the developer mode requirement.
The New Way: Crostini
The rumors about a secure way of running Linux in ChromeOS have been circulating for a long time. Then, in April of 2018 Google made the first public release of Project Crostini, limited to their high-end Chromebook, the Pixelbook. At the time, I assumed this was going to be a feature available only on the pricey models, so I did not pay too much attention to it.
Fast-forward to November, when while browsing the /r/Crouton reddit I stumbled upon a link to an official Crostini page that included a list of supported devices. As of today there are about 30 or so devices listed. My jaw dropped when I saw my Samsung Chromebook 3 in the list!
If you have a Chromebook and have it updated to the latest version of ChromeOS, all you need to do to check if you have access to Crostini is to open the settings and look for a "Linux (Beta)" section (click on the screenshots to see them in full size):
If you have this option in the settings, then just enable it to start the Linux installer:
Some new components will be downloaded and installed, and at the end of it you will be sent to a terminal window with a bash shell in it:
The entire installation process is what I described above. It took me just four clicks of the mouse to get Linux installed and ready to go!
How Does Crostini Work?
Crostini runs Linux environments inside a virtual machine (VM), which eliminates the risk of any malicious code running inside Linux from compromising the Chromebook hardware or software. The VM image used by Crostini is called Termina VM and is a component of ChromeOS that is regularly updated with security fixes.
To ensure that the VM image can be easily upgraded with fixes, Crostini does not provide access to it, instead it runs the actual Linux environment inside a container. The VM image comes with LXC installed, which is used to spawn one (or more if you like) containers running Linux environments where you have unlimited access to the system, while being completely isolated from the host.
Does this "container inside a VM" trick have a performance effect compared to Crouton's chroots? Yes, it does have a small performance degradation, since you are running in a virtualized environment. This is the price you have to pay to have a full Linux installation on which you can run any code while the rest of the system stays secure. For the type of work that I do (web development), the performance difference isn't noticeable at all.
Crostini versus Crouton
Given that up until now Crouton was in my opinion the best option to run Linux on a Chromebook, I think it is a good idea to compare it against Crostini.
Developer Mode: This is the most important difference between the two. Crouton is an unofficial solution that can only run in developer mode, while Crostini is official and available with the stock configuration. I mentioned this already but I think it is important to repeat it. Chromebooks are very secure machines, much more than other laptops. If you put it in developer mode, you are downgrading the security of your device to about the same as an average Windows or Mac laptop. For me being able to run Linux while keeping all the security options enabled is an important benefit.
CLI Tools: With respect to coding, I mentioned in the previous article that I was able to run CLI Linux tools under Crouton. In particular, I constantly use vim, tmux and zsh, along with some of my own customizations to them. I'm happy to report that I was able to set up my environment under Crostini with absolutely no problems. The Linux environment is Debian based, so you have access to
apt-get to install packages. The little script that I use to configure a new Ubuntu or Debian account with all my customizations worked unchanged under Crostini (as it did under Crouton).
GUI Applications: Crouton uses a little Chrome extension to display GUI apps inside Chrome tabs or windows. I was excited when I was able to run Visual Studio Code with the Python extension in this way. Crostini does not require any extensions to run GUI applications, you just install them and run them, and each runs in its own window. Visual Studio Code and PyCharm run both just fine under Crostini, and feel a bit faster running in a window versus being embedded inside Chrome.
File Sharing: Crouton makes the
Downloads folder from the system accessible inside chroots, so it is easy to transfer files in and out of Linux through this folder. Crostini has a nicer integration which exposes your Linux home directory in the standard Files app as a
Linux Files virtual folder:
Networking: One aspect that was nice in Crouton was that starting a process that listens for network connections such as a web server worked exactly like in other systems. You just start the server listening on any
localhost port and then connect to it with your web browser or other client. With Crostini this works in the same way, any servers listening on
localhost can be accessed by applications outside the Linux environment, such as the Chrome browser. Connecting to these network servers from another machine never worked for me, neither with Crouton nor Crostini, and while it would be nice to be able to run a server that can be seen by other machines, it is something that I almost never need to do, so I don't really mind.
Containers: I mentioned in the first article that one of the few things I was unable to do under Crouton is to run Docker. Instead, I was able to install rkt and run Docker containers with it, but with limited networking support. The good news is that the Crostini VM under which Linux runs comes with LXC installed, so you are free to use it to start as many containers as you want. It is also possible to install Docker inside one of these containers, and do some containers-inside-containers inception type stuff.
Hardware: This is where Crouton wins, because it has access to all the hardware, while Crostini is severely limited in what it can do. At the time I'm writing this, access to the webcam, microphone and speakers isn't possible under Crostini (they are currently working on audio playback support). But with Crouton this is not a problem, all the hardware is accessible through standard Linux apps.
Crostini is a great new feature that I hope will continue to be evolved. At this point I think I can do most of my coding on it, but there's going to be the occasional project that will not work. A good example would be my Flask based video streaming project, which relies on access to the webcam.
Crostini seems robust enough that I will definitely use it as much as I can. As a leap of faith, I have removed Crouton and developer mode from my Chromebook and will try to work with Crostini from now on. The nice thing about Chromebooks is that nothing is permanent, if I find that I miss Crouton I can go back to it easily.
Have you tried to write code on a Chromebook? Let me know below in the comments if your experience has been different than mine!