> <@concat:spitetech.com> strcat Anyway, I personally don't agree with the general notion which was mostly red herring and induction. But I understand where you're coming from, acknowledgling the suboptimal verified boot is fine (I don't disagree with the complaint) but to conclude because of that the entire security model was probably tampered with is at best an assertion and not to be used as a general conclusion in my opinion.
> 
> Now I can only speak anecdotally but I've noticed little difference when grepping the kernel previously. You may give it a thumbs down to CR but with it being one of the more trustable at face value thus being the best option which ships Crostini (along with the rest of the security model in tact which should be taken with a grain of salt until either of us can fully verify so) I still stand by them and my personal notion.
> 
> But sure, we can both agree the verified boot sucks. Admittetly up until now I haven't heard of disabling rootfs via crosh, but given my ``shell`` malfunctioning preventing me from doing that I don't really know what to say. Anyway, not to drag on the conversation any longer. Just my final comments.

It's not just that they break verified boot. It's obvious that they also expose root. It's not a stretch to assume they've fucked up even more things too.

Just grepping for some patterns in the kernel gives you very little information and is not enough to tell if it's overall good or not. How have you even grepped it when CR only provides images and not source code?