Comment by subway

I'm not sure -- I haven't messed with a Pixelbook. On Chromebooks, the trust root lives in the bootloader's flash with no security beyond the write protect screw.

A quick googling led to a reddit post that indicates it's possible with the Pixelbook, but likely a PITA:

https://www.reddit.com/r/PixelBook/comments/7kv944/does_anyo...