Improve link formatting.
This commit is contained in:
parent
fb3892e7f5
commit
8db774a400
84
about.html
84
about.html
@ -57,33 +57,35 @@
|
|||||||
Google Pixel 6</td>
|
Google Pixel 6</td>
|
||||||
<td>Google Pixel devices are the best Android devices available on
|
<td>Google Pixel devices are the best Android devices available on
|
||||||
the market for
|
the market for
|
||||||
<a class="table-link" href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.<br>
|
<a class="table-link" href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html"
|
||||||
|
>security and privacy</a>.<br>
|
||||||
<br>
|
<br>
|
||||||
They allow locking the bootloader with a
|
They allow locking the bootloader with a
|
||||||
<a class="table-link" href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB)
|
<a class="table-link" href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later"
|
||||||
key</a> in order to preserve security and privacy features when installing a custom
|
>custom Android Verified Boot (AVB) key</a> in order to preserve security and privacy features when installing a custom
|
||||||
operating system, such as
|
operating system, such as
|
||||||
<a class="table-link" href="https://source.android.com/docs/security/features/verifiedboot/">verified boot</a>
|
<a class="table-link" href="https://source.android.com/docs/security/features/verifiedboot/"
|
||||||
which verifies that the OS has not been corrupted or tampered with, and
|
>verified boot</a> which verifies that the OS has not been corrupted or tampered with, and
|
||||||
<a class="table-link" href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>
|
<a class="table-link" href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection"
|
||||||
which prevents an adversary from rolling back the OS or firmware version to a
|
>rollback protection</a> which prevents an adversary from rolling back the OS or firmware version to a
|
||||||
previous version with known security vulnerabilities.<br>
|
previous version with known security vulnerabilities.<br>
|
||||||
<br>
|
<br>
|
||||||
They also include a
|
They also include a
|
||||||
<a class="table-link" href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a>
|
<a class="table-link" href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule"
|
||||||
(Titan M2, improving on the previous generation
|
>hardware security module</a> (Titan M2, improving on the previous generation
|
||||||
<a class="table-link" href="https://security.googleblog.com/2018/10/building-titan-better-security-through.html">Titan M</a>)
|
<a class="table-link" href="https://security.googleblog.com/2018/10/building-titan-better-security-through.html"
|
||||||
which is extremely resistant to both remote and physical attacks due to being
|
>Titan M</a>) which is extremely resistant to both remote and physical attacks due to being
|
||||||
completely isolated from the rest of the system, including the operating system.
|
completely isolated from the rest of the system, including the operating system.
|
||||||
Titan M2 ensures that the device cannot be remotely compromised by requiring the
|
Titan M2 ensures that the device cannot be remotely compromised by requiring the
|
||||||
side buttons of the device to be physically pressed for some sensitive operations.
|
side buttons of the device to be physically pressed for some sensitive operations.
|
||||||
Titan M2 also takes the role of
|
Titan M2 also takes the role of
|
||||||
<a class="table-link" href="https://source.android.com/docs/security/best-practices/hardware#strongbox-keymaster">Android StrongBox Keymaster</a>,
|
<a class="table-link" href="https://source.android.com/docs/security/best-practices/hardware#strongbox-keymaster"
|
||||||
a <a class="table-link" href="https://source.android.com/docs/security/features/keystore">hardware-backed Keystore</a>
|
>Android StrongBox Keymaster</a>,
|
||||||
containing sensitive user keys which are unavailable to
|
a <a class="table-link" href="https://source.android.com/docs/security/features/keystore"
|
||||||
|
>hardware-backed Keystore</a> containing sensitive user keys which are unavailable to
|
||||||
the OS or apps running on it without authorisation from Titan M2 itself.
|
the OS or apps running on it without authorisation from Titan M2 itself.
|
||||||
<a class="table-link" href="https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html">Insider attack
|
<a class="table-link" href="https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html"
|
||||||
resistance</a> ensures that Titan M2 firmware can be flashed only if the user PIN/password
|
>Insider attack resistance</a> ensures that Titan M2 firmware can be flashed only if the user PIN/password
|
||||||
is already known, making it impossible to backdoor the device without already knowing
|
is already known, making it impossible to backdoor the device without already knowing
|
||||||
these secrets.<br>
|
these secrets.<br>
|
||||||
<br>
|
<br>
|
||||||
@ -147,7 +149,8 @@
|
|||||||
hardened_malloc memory allocator.<br>
|
hardened_malloc memory allocator.<br>
|
||||||
<br>
|
<br>
|
||||||
You can find my personal Gentoo Linux configuration in my personal
|
You can find my personal Gentoo Linux configuration in my personal
|
||||||
<a class="table-link" href="https://git.inferencium.net/inference/cfg/">configuration respository</a>.</td>
|
<a class="table-link" href="https://git.inferencium.net/inference/cfg/"
|
||||||
|
>configuration respository</a>.</td>
|
||||||
<td>Open source<br>
|
<td>Open source<br>
|
||||||
<br>
|
<br>
|
||||||
(GPLv2-only)</td>
|
(GPLv2-only)</td>
|
||||||
@ -160,17 +163,21 @@
|
|||||||
<td>Chromium is a highly secure web browser which is often ahead of other
|
<td>Chromium is a highly secure web browser which is often ahead of other
|
||||||
web browsers in security aspects. It has a dedicated security team and a
|
web browsers in security aspects. It has a dedicated security team and a
|
||||||
very impressive
|
very impressive
|
||||||
<a class="table-link" href="https://www.chromium.org/Home/chromium-security/brag-sheet/">security brag sheet</a>.
|
<a class="table-link" href="https://www.chromium.org/Home/chromium-security/brag-sheet/"
|
||||||
|
>security brag sheet</a>.
|
||||||
Chromium's security features include a strong
|
Chromium's security features include a strong
|
||||||
<a class="table-link" href="https://code.google.com/p/chromium/wiki/LinuxSandboxing">multi-layer sandbox</a>,
|
<a class="table-link" href="https://code.google.com/p/chromium/wiki/LinuxSandboxing"
|
||||||
strong <a class="table-link" href="https://www.chromium.org/Home/chromium-security/site-isolation">site isolation</a>,
|
>multi-layer sandbox</a>,
|
||||||
<a class="table-link" href="https://www.chromium.org/Home/chromium-security/binding-integrity">Binding Integrity</a>
|
strong <a class="table-link" href="https://www.chromium.org/Home/chromium-security/site-isolation"
|
||||||
memory hardening, and
|
>site isolation</a>,
|
||||||
<a class="table-link" href="https://www.chromium.org/developers/testing/control-flow-integrity/">control-flow integrity (CFI)</a>.<br>
|
<a class="table-link" href="https://www.chromium.org/Home/chromium-security/binding-integrity"
|
||||||
|
>Binding Integrity</a> memory hardening, and
|
||||||
|
<a class="table-link" href="https://www.chromium.org/developers/testing/control-flow-integrity/"
|
||||||
|
>control-flow integrity (CFI)</a>.<br>
|
||||||
<br>
|
<br>
|
||||||
You can learn more about Chromium by visiting its
|
You can learn more about Chromium by visiting its
|
||||||
<a class="table-link" href="https://www.chromium.org/Home/">official website</a>
|
<a class="table-link" href="https://www.chromium.org/Home/"
|
||||||
which provides extensive documentation.</td>
|
>official website</a> which provides extensive documentation.</td>
|
||||||
<td>Open source<br>
|
<td>Open source<br>
|
||||||
<br>
|
<br>
|
||||||
(BSD 3-Clause)</td>
|
(BSD 3-Clause)</td>
|
||||||
@ -198,21 +205,23 @@
|
|||||||
system information, a secure app spawning feature which avoids sharing address
|
system information, a secure app spawning feature which avoids sharing address
|
||||||
space layout and other secrets AOSP's default Zygote app spawning model would
|
space layout and other secrets AOSP's default Zygote app spawning model would
|
||||||
share,
|
share,
|
||||||
<a class="table-link" href="https://github.com/GrapheneOS/kernel_gs-gs101/">hardened kernel</a>,
|
<a class="table-link" href="https://github.com/GrapheneOS/kernel_gs-gs101/"
|
||||||
hardened memory allocator
|
>hardened kernel</a>, hardened memory allocator
|
||||||
(<a class="table-link" href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>)
|
(<a class="table-link" href="https://github.com/GrapheneOS/hardened_malloc/"
|
||||||
to protect against common memory corruption vulnerabilties,
|
>hardened_malloc</a>) to protect against common memory corruption vulnerabilties,
|
||||||
<a class="table-link" href="https://github.com/GrapheneOS/platform_bionic/">hardened Bionic standard C library</a>,
|
<a class="table-link" href="https://github.com/GrapheneOS/platform_bionic/"
|
||||||
<a class="table-link" href="https://github.com/GrapheneOS/platform_system_sepolicy/">stricter SELinux policies</a>,
|
>hardened Bionic standard C library</a>,
|
||||||
and local and remote hardware-backed attestation
|
<a class="table-link" href="https://github.com/GrapheneOS/platform_system_sepolicy/"
|
||||||
(<a class="table-link" href="https://attestation.app/">Auditor</a>) to ensure the OS has
|
>stricter SELinux policies</a>, and local and remote hardware-backed attestation
|
||||||
not been corrupted or tampered with. GrapheneOS only supports devices which receive
|
(<a class="table-link" href="https://attestation.app/"
|
||||||
|
>Auditor</a>) to ensure the OS has not been corrupted or tampered with.
|
||||||
|
GrapheneOS only supports devices which receive
|
||||||
full support from their manufacturers, including firmware updates, long support
|
full support from their manufacturers, including firmware updates, long support
|
||||||
lifecycles, secure hardware, and overall high security practices.<br>
|
lifecycles, secure hardware, and overall high security practices.<br>
|
||||||
<br>
|
<br>
|
||||||
For an extensive list of features GrapheneOS provides, visit its
|
For an extensive list of features GrapheneOS provides, visit its
|
||||||
<a class="table-link" href="https://grapheneos.org/">official website</a>
|
<a class="table-link" href="https://grapheneos.org/"
|
||||||
which provides extensive documentation.</td>
|
>official website</a> which provides extensive documentation.</td>
|
||||||
<td>Open source<br>
|
<td>Open source<br>
|
||||||
<br>
|
<br>
|
||||||
(MIT)</td>
|
(MIT)</td>
|
||||||
@ -230,7 +239,8 @@
|
|||||||
and always-on Incognito mode as an option.<br>
|
and always-on Incognito mode as an option.<br>
|
||||||
<br>
|
<br>
|
||||||
Vanadium's source code, including its Chromium patchset, can be found in its
|
Vanadium's source code, including its Chromium patchset, can be found in its
|
||||||
<a class="table-link" href="https://github.com/GrapheneOS/Vanadium/">official repository</a>.</td>
|
<a class="table-link" href="https://github.com/GrapheneOS/Vanadium/"
|
||||||
|
>official repository</a>.</td>
|
||||||
<td>Open source<br>
|
<td>Open source<br>
|
||||||
<br>
|
<br>
|
||||||
(GPLv2-only)</td>
|
(GPLv2-only)</td>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user