Protecting data and simplifying IT management with Chrome OS
The hardware security module
All Chrome OS devices encrypt user data and settings by default. This encryption cannot be disabled by users (or anyone else).
In addition, each user’s data and settings are encrypted with a unique key. To use that key, an attacker would almost always need both the user password and access to the security module. That makes it very hard for bad actors to read any user’s data, and even if bad actors have possession of a Chrome OS device and one user’s passcode, they cannot decrypt and read the data from other users.
Separating user data has another benefit as well: it makes it safer to share devices with colleagues and family members, and to adopt leading-edge practices such as “Grab and Go” sharing for loaner devices and temporary workers.
