Inferencium/website
1
0
Fork 0
Code Issues Activity

Add Google Pixel section "Security/Privacy"

Browse Source
This commit is contained in:
inference 2023-11-22 17:16:30 +00:00
parent 981e1d536f
commit 89e0ba937f
Signed by: inference
SSH Key Fingerprint: SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
1 changed files with 118 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
about.html
View File

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<!-- Inferencium - Website - About --> <!-- Inferencium - Website - About -->
<!-- Version: 6.3.0-alpha.8 --> <!-- Version: 6.3.0-alpha.9 -->
<!-- Copyright 2022 Jake Winters --> <!-- Copyright 2022 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause --> <!-- SPDX-License-Identifier: BSD-3-Clause -->
@ -242,97 +242,123 @@
Google Pixel Google Pixel
</td> </td>
<td class="desc"> <td class="desc">
<p>Google Pixel devices are <h5>Security/Privacy</h5>
the best Android devices <p>Google Pixel devices
available on the market are the best Android
for devices available on the
market for
<a href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.</p> <a href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.</p>
<p>They allow locking the <p>They allow locking
bootloader with a the bootloader with a
<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB) key</a> <a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB) key</a>
in order to preserve security in order to preserve
and privacy features when security and privacy
installing a custom operating features when installing
a custom operating
system, such as system, such as
<a href="https://source.android.com/docs/security/features/verifiedboot/">verified boot</a> <a href="https://source.android.com/docs/security/features/verifiedboot/">verified boot</a>
which verifies that the OS has which verifies that the
not been corrupted or tampered OS has not been
corrupted or tampered
with, and with, and
<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a> <a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>
which prevents an adversary from which prevents an
rolling back the OS or firmware adversary from rolling
version to a previous version back the OS or firmware
with known security vulnerabilities.</p> version to a previous
version with known
security vulnerabilities.</p>
<p>They also include a <p>They also include a
<a href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a> <a href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a>
(Titan M2, improving on the (Titan M2, improving on
previous generation the previous generation
<a href="https://security.googleblog.com/2018/10/building-titan-better-security-through.html">Titan M</a>) <a href="https://security.googleblog.com/2018/10/building-titan-better-security-through.html">Titan M</a>)
which is extremely resistant to which is extremely
both remote and physical attacks resistant to both remote
due to being completely isolated and physical attacks due
from the rest of the system, to being completely
including the operating system. isolated from the rest
Titan M2 ensures that the device of the system, including
cannot be remotely compromised the operating system.
by requiring the side buttons of Titan M2 ensures that
the device to be physically the device cannot be
pressed for some sensitive remotely compromised by
operations. Titan M2 also takes requiring the side
the role of buttons of the device to
be physically pressed
for some sensitive
operations. Titan M2
also takes the role of
<a href="https://source.android.com/docs/security/best-practices/hardware#strongbox-keymaster">Android StrongBox Keymaster</a>, <a href="https://source.android.com/docs/security/best-practices/hardware#strongbox-keymaster">Android StrongBox Keymaster</a>,
a a
<a href="https://source.android.com/docs/security/features/keystore">hardware-backed Keystore</a> <a href="https://source.android.com/docs/security/features/keystore">hardware-backed Keystore</a>
containing sensitive user keys containing sensitive
which are unavailable to the OS user keys which are
or apps running on it without unavailable to the OS or
authorisation from Titan M2 itself. apps running on it
without authorisation
from Titan M2 itself.
<a href="https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html">Insider attack resistance</a> <a href="https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html">Insider attack resistance</a>
ensures that Titan M2 firmware ensures that Titan M2
can be flashed only if the user firmware can be flashed
PIN/password is already known, only if the user
making it impossible to backdoor PIN/password is already
the device without already known, making it
knowing these secrets.</p> impossible to backdoor
<p>Google Pixel device kernels the device without
are compiled with already knowing these
secrets.</p>
<p>Google Pixel device
kernels are compiled
with
<a href="https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html">forward-edge control-flow integrity</a> <a href="https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html">forward-edge control-flow integrity</a>
and and
<a href="https://security.googleblog.com/2019/10/protecting-against-code-reuse-in-linux_30.html">backward-edge control-flow integrity</a> <a href="https://security.googleblog.com/2019/10/protecting-against-code-reuse-in-linux_30.html">backward-edge control-flow integrity</a>
to prevent code reuse attacks to prevent code reuse
against the kernel. MAC address attacks against the
kernel. MAC address
randomisation is randomisation is
<a href="https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html">implemented well, along with minimal probe requests and randomised initial sequence numbers</a>.</p> <a href="https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html">implemented well, along with minimal probe requests and randomised initial sequence numbers</a>.</p>
<p>Google releases <p>Google releases
<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>, <a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>,
ensuring Google Pixel devices ensuring Google Pixel
are up-to-date and quickly devices are up-to-date
protected against security and quickly protected
against security
vulnerabilities.</p> vulnerabilities.</p>
<p>Pixel 6-series and 7-series <p>Pixel 6-series and
devices are a large improvement 7-series devices are a
over the already very secure and large improvement over
private previous generation the already very secure
Pixel devices. They replace and private previous
generation Pixel
devices. They replace
ARM-based Titan M with ARM-based Titan M with
RISC-V-based Titan M2, reducing RISC-V-based Titan M2,
trust by removing ARM from the reducing trust by
equation. Titan M2 is more removing ARM from the
resiliant to attacks than Titan equation. Titan M2 is
M, and is more resiliant to
attacks than Titan M,
and is
<a href="https://www.tuv-nederland.nl/assets/files/cerfiticaten/2022/09/nscib-cc-22-0228971-cert-final.pdf">AVA_VAN.5 certified</a>, <a href="https://www.tuv-nederland.nl/assets/files/cerfiticaten/2022/09/nscib-cc-22-0228971-cert-final.pdf">AVA_VAN.5 certified</a>,
the highest level of the highest level of
vulnerability assessment. vulnerability
Google's in-house Tensor assessment. Google's
System-on-Chip includes Tensor in-house Tensor
Security Core, further improving System-on-Chip includes
device security.<br> Tensor Security Core,
Pixel 8-series includes Armv9's further improving device
security.</p>
<p>Pixel 8-series
includes Armv9's
<a href="https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enhanced-security-through-mte">Memory Tagging Extension</a>, <a href="https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enhanced-security-through-mte">Memory Tagging Extension</a>,
which dramatically increases which dramatically
device security by eliminating increases device
up to 95% of all security issues security by eliminating
caused by memory-unsafety.</p> up to 95% of all
security issues caused
by memory-unsafety.</p>
<h5>Support</h5> <h5>Support</h5>
<p>Pixel 4a (5G), Pixel <p>Pixel 4a (5G), Pixel
5, and Pixel 5a, are 5, and Pixel 5a, are