Inferencium/website
1
0
Fork 0
Code Issues Activity

Add Google Pixel section "Security/Privacy"

Browse Source
This commit is contained in:
inference 2023-11-22 17:16:30 +00:00
parent 981e1d536f
commit 89e0ba937f
Signed by: inference
SSH Key Fingerprint: SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
1 changed files with 118 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
about.html
View File

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<!-- Inferencium - Website - About --> <!-- Inferencium - Website - About -->
<!-- Version: 6.3.0-alpha.8 --> <!-- Version: 6.3.0-alpha.9 -->
<!-- Copyright 2022 Jake Winters --> <!-- Copyright 2022 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause --> <!-- SPDX-License-Identifier: BSD-3-Clause -->
@ -242,97 +242,123 @@
Google Pixel Google Pixel
</td> </td>
<td class="desc"> <td class="desc">
<p>Google Pixel devices are <h5>Security/Privacy</h5>
the best Android devices <p>Google Pixel devices
available on the market are the best Android
for devices available on the
<a href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.</p> market for
<p>They allow locking the <a href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.</p>
bootloader with a <p>They allow locking
<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB) key</a> the bootloader with a
in order to preserve security <a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB) key</a>
and privacy features when in order to preserve
installing a custom operating security and privacy
system, such as features when installing
<a href="https://source.android.com/docs/security/features/verifiedboot/">verified boot</a> a custom operating
which verifies that the OS has system, such as
not been corrupted or tampered <a href="https://source.android.com/docs/security/features/verifiedboot/">verified boot</a>
with, and which verifies that the
<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a> OS has not been
which prevents an adversary from corrupted or tampered
rolling back the OS or firmware with, and
version to a previous version <a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>
with known security vulnerabilities.</p> which prevents an
<p>They also include a adversary from rolling
<a href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a> back the OS or firmware
(Titan M2, improving on the version to a previous
previous generation version with known
<a href="https://security.googleblog.com/2018/10/building-titan-better-security-through.html">Titan M</a>) security vulnerabilities.</p>
which is extremely resistant to <p>They also include a
both remote and physical attacks <a href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a>
due to being completely isolated (Titan M2, improving on
from the rest of the system, the previous generation
including the operating system. <a href="https://security.googleblog.com/2018/10/building-titan-better-security-through.html">Titan M</a>)
Titan M2 ensures that the device which is extremely
cannot be remotely compromised resistant to both remote
by requiring the side buttons of and physical attacks due
the device to be physically to being completely
pressed for some sensitive isolated from the rest
operations. Titan M2 also takes of the system, including
the role of the operating system.
<a href="https://source.android.com/docs/security/best-practices/hardware#strongbox-keymaster">Android StrongBox Keymaster</a>, Titan M2 ensures that
a the device cannot be
<a href="https://source.android.com/docs/security/features/keystore">hardware-backed Keystore</a> remotely compromised by
containing sensitive user keys requiring the side
which are unavailable to the OS buttons of the device to
or apps running on it without be physically pressed
authorisation from Titan M2 itself. for some sensitive
<a href="https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html">Insider attack resistance</a> operations. Titan M2
ensures that Titan M2 firmware also takes the role of
can be flashed only if the user <a href="https://source.android.com/docs/security/best-practices/hardware#strongbox-keymaster">Android StrongBox Keymaster</a>,
PIN/password is already known, a
making it impossible to backdoor <a href="https://source.android.com/docs/security/features/keystore">hardware-backed Keystore</a>
the device without already containing sensitive
knowing these secrets.</p> user keys which are
<p>Google Pixel device kernels unavailable to the OS or
are compiled with apps running on it
<a href="https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html">forward-edge control-flow integrity</a> without authorisation
and from Titan M2 itself.
<a href="https://security.googleblog.com/2019/10/protecting-against-code-reuse-in-linux_30.html">backward-edge control-flow integrity</a> <a href="https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html">Insider attack resistance</a>
to prevent code reuse attacks ensures that Titan M2
against the kernel. MAC address firmware can be flashed
randomisation is only if the user
<a href="https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html">implemented well, along with minimal probe requests and randomised initial sequence numbers</a>.</p> PIN/password is already
<p>Google releases known, making it
<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>, impossible to backdoor
ensuring Google Pixel devices the device without
are up-to-date and quickly already knowing these
protected against security secrets.</p>
vulnerabilities.</p> <p>Google Pixel device
<p>Pixel 6-series and 7-series kernels are compiled
devices are a large improvement with
over the already very secure and <a href="https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html">forward-edge control-flow integrity</a>
private previous generation and
Pixel devices. They replace <a href="https://security.googleblog.com/2019/10/protecting-against-code-reuse-in-linux_30.html">backward-edge control-flow integrity</a>
ARM-based Titan M with to prevent code reuse
RISC-V-based Titan M2, reducing attacks against the
trust by removing ARM from the kernel. MAC address
equation. Titan M2 is more randomisation is
resiliant to attacks than Titan <a href="https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html">implemented well, along with minimal probe requests and randomised initial sequence numbers</a>.</p>
M, and is <p>Google releases
<a href="https://www.tuv-nederland.nl/assets/files/cerfiticaten/2022/09/nscib-cc-22-0228971-cert-final.pdf">AVA_VAN.5 certified</a>, <a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>,
the highest level of ensuring Google Pixel
vulnerability assessment. devices are up-to-date
Google's in-house Tensor and quickly protected
System-on-Chip includes Tensor against security
Security Core, further improving vulnerabilities.</p>
device security.<br> <p>Pixel 6-series and
Pixel 8-series includes Armv9's 7-series devices are a
<a href="https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enhanced-security-through-mte">Memory Tagging Extension</a>, large improvement over
which dramatically increases the already very secure
device security by eliminating and private previous
up to 95% of all security issues generation Pixel
caused by memory-unsafety.</p> devices. They replace
ARM-based Titan M with
RISC-V-based Titan M2,
reducing trust by
removing ARM from the
equation. Titan M2 is
more resiliant to
attacks than Titan M,
and is
<a href="https://www.tuv-nederland.nl/assets/files/cerfiticaten/2022/09/nscib-cc-22-0228971-cert-final.pdf">AVA_VAN.5 certified</a>,
the highest level of
vulnerability
assessment. Google's
in-house Tensor
System-on-Chip includes
Tensor Security Core,
further improving device
security.</p>
<p>Pixel 8-series
includes Armv9's
<a href="https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enhanced-security-through-mte">Memory Tagging Extension</a>,
which dramatically
increases device
security by eliminating
up to 95% of all
security issues caused
by memory-unsafety.</p>
<h5>Support</h5> <h5>Support</h5>
<p>Pixel 4a (5G), Pixel <p>Pixel 4a (5G), Pixel
5, and Pixel 5a, are 5, and Pixel 5a, are