Inferencium/website
1
0
Fork 0
Code Issues Activity

Improve link formatting.

Browse Source
This commit is contained in:
inference 2022-11-07 08:55:02 +00:00
parent fb3892e7f5
commit 8db774a400
1 changed files with 47 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
about.html
View File

@ -57,33 +57,35 @@
Google Pixel 6</td> Google Pixel 6</td>
<td>Google Pixel devices are the best Android devices available on <td>Google Pixel devices are the best Android devices available on
the market for the market for
<a class="table-link" href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.<br> <a class="table-link" href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html"
>security and privacy</a>.<br>
<br> <br>
They allow locking the bootloader with a They allow locking the bootloader with a
<a class="table-link" href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB) <a class="table-link" href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later"
key</a> in order to preserve security and privacy features when installing a custom >custom Android Verified Boot (AVB) key</a> in order to preserve security and privacy features when installing a custom
operating system, such as operating system, such as
<a class="table-link" href="https://source.android.com/docs/security/features/verifiedboot/">verified boot</a> <a class="table-link" href="https://source.android.com/docs/security/features/verifiedboot/"
which verifies that the OS has not been corrupted or tampered with, and >verified boot</a> which verifies that the OS has not been corrupted or tampered with, and
<a class="table-link" href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a> <a class="table-link" href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection"
which prevents an adversary from rolling back the OS or firmware version to a >rollback protection</a> which prevents an adversary from rolling back the OS or firmware version to a
previous version with known security vulnerabilities.<br> previous version with known security vulnerabilities.<br>
<br> <br>
They also include a They also include a
<a class="table-link" href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a> <a class="table-link" href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule"
(Titan M2, improving on the previous generation >hardware security module</a> (Titan M2, improving on the previous generation
<a class="table-link" href="https://security.googleblog.com/2018/10/building-titan-better-security-through.html">Titan M</a>) <a class="table-link" href="https://security.googleblog.com/2018/10/building-titan-better-security-through.html"
which is extremely resistant to both remote and physical attacks due to being >Titan M</a>) which is extremely resistant to both remote and physical attacks due to being
completely isolated from the rest of the system, including the operating system. completely isolated from the rest of the system, including the operating system.
Titan M2 ensures that the device cannot be remotely compromised by requiring the Titan M2 ensures that the device cannot be remotely compromised by requiring the
side buttons of the device to be physically pressed for some sensitive operations. side buttons of the device to be physically pressed for some sensitive operations.
Titan M2 also takes the role of Titan M2 also takes the role of
<a class="table-link" href="https://source.android.com/docs/security/best-practices/hardware#strongbox-keymaster">Android StrongBox Keymaster</a>, <a class="table-link" href="https://source.android.com/docs/security/best-practices/hardware#strongbox-keymaster"
a <a class="table-link" href="https://source.android.com/docs/security/features/keystore">hardware-backed Keystore</a> >Android StrongBox Keymaster</a>,
containing sensitive user keys which are unavailable to a <a class="table-link" href="https://source.android.com/docs/security/features/keystore"
>hardware-backed Keystore</a> containing sensitive user keys which are unavailable to
the OS or apps running on it without authorisation from Titan M2 itself. the OS or apps running on it without authorisation from Titan M2 itself.
<a class="table-link" href="https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html">Insider attack <a class="table-link" href="https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html"
resistance</a> ensures that Titan M2 firmware can be flashed only if the user PIN/password >Insider attack resistance</a> ensures that Titan M2 firmware can be flashed only if the user PIN/password
is already known, making it impossible to backdoor the device without already knowing is already known, making it impossible to backdoor the device without already knowing
these secrets.<br> these secrets.<br>
<br> <br>
@ -147,7 +149,8 @@
hardened_malloc memory allocator.<br> hardened_malloc memory allocator.<br>
<br> <br>
You can find my personal Gentoo Linux configuration in my personal You can find my personal Gentoo Linux configuration in my personal
<a class="table-link" href="https://git.inferencium.net/inference/cfg/">configuration respository</a>.</td> <a class="table-link" href="https://git.inferencium.net/inference/cfg/"
>configuration respository</a>.</td>
<td>Open source<br> <td>Open source<br>
<br> <br>
(GPLv2-only)</td> (GPLv2-only)</td>
@ -160,17 +163,21 @@
<td>Chromium is a highly secure web browser which is often ahead of other <td>Chromium is a highly secure web browser which is often ahead of other
web browsers in security aspects. It has a dedicated security team and a web browsers in security aspects. It has a dedicated security team and a
very impressive very impressive
<a class="table-link" href="https://www.chromium.org/Home/chromium-security/brag-sheet/">security brag sheet</a>. <a class="table-link" href="https://www.chromium.org/Home/chromium-security/brag-sheet/"
>security brag sheet</a>.
Chromium's security features include a strong Chromium's security features include a strong
<a class="table-link" href="https://code.google.com/p/chromium/wiki/LinuxSandboxing">multi-layer sandbox</a>, <a class="table-link" href="https://code.google.com/p/chromium/wiki/LinuxSandboxing"
strong <a class="table-link" href="https://www.chromium.org/Home/chromium-security/site-isolation">site isolation</a>, >multi-layer sandbox</a>,
<a class="table-link" href="https://www.chromium.org/Home/chromium-security/binding-integrity">Binding Integrity</a> strong <a class="table-link" href="https://www.chromium.org/Home/chromium-security/site-isolation"
memory hardening, and >site isolation</a>,
<a class="table-link" href="https://www.chromium.org/developers/testing/control-flow-integrity/">control-flow integrity (CFI)</a>.<br> <a class="table-link" href="https://www.chromium.org/Home/chromium-security/binding-integrity"
>Binding Integrity</a> memory hardening, and
<a class="table-link" href="https://www.chromium.org/developers/testing/control-flow-integrity/"
>control-flow integrity (CFI)</a>.<br>
<br> <br>
You can learn more about Chromium by visiting its You can learn more about Chromium by visiting its
<a class="table-link" href="https://www.chromium.org/Home/">official website</a> <a class="table-link" href="https://www.chromium.org/Home/"
which provides extensive documentation.</td> >official website</a> which provides extensive documentation.</td>
<td>Open source<br> <td>Open source<br>
<br> <br>
(BSD 3-Clause)</td> (BSD 3-Clause)</td>
@ -198,21 +205,23 @@
system information, a secure app spawning feature which avoids sharing address system information, a secure app spawning feature which avoids sharing address
space layout and other secrets AOSP's default Zygote app spawning model would space layout and other secrets AOSP's default Zygote app spawning model would
share, share,
<a class="table-link" href="https://github.com/GrapheneOS/kernel_gs-gs101/">hardened kernel</a>, <a class="table-link" href="https://github.com/GrapheneOS/kernel_gs-gs101/"
hardened memory allocator >hardened kernel</a>, hardened memory allocator
(<a class="table-link" href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>) (<a class="table-link" href="https://github.com/GrapheneOS/hardened_malloc/"
to protect against common memory corruption vulnerabilties, >hardened_malloc</a>) to protect against common memory corruption vulnerabilties,
<a class="table-link" href="https://github.com/GrapheneOS/platform_bionic/">hardened Bionic standard C library</a>, <a class="table-link" href="https://github.com/GrapheneOS/platform_bionic/"
<a class="table-link" href="https://github.com/GrapheneOS/platform_system_sepolicy/">stricter SELinux policies</a>, >hardened Bionic standard C library</a>,
and local and remote hardware-backed attestation <a class="table-link" href="https://github.com/GrapheneOS/platform_system_sepolicy/"
(<a class="table-link" href="https://attestation.app/">Auditor</a>) to ensure the OS has >stricter SELinux policies</a>, and local and remote hardware-backed attestation
not been corrupted or tampered with. GrapheneOS only supports devices which receive (<a class="table-link" href="https://attestation.app/"
>Auditor</a>) to ensure the OS has not been corrupted or tampered with.
GrapheneOS only supports devices which receive
full support from their manufacturers, including firmware updates, long support full support from their manufacturers, including firmware updates, long support
lifecycles, secure hardware, and overall high security practices.<br> lifecycles, secure hardware, and overall high security practices.<br>
<br> <br>
For an extensive list of features GrapheneOS provides, visit its For an extensive list of features GrapheneOS provides, visit its
<a class="table-link" href="https://grapheneos.org/">official website</a> <a class="table-link" href="https://grapheneos.org/"
which provides extensive documentation.</td> >official website</a> which provides extensive documentation.</td>
<td>Open source<br> <td>Open source<br>
<br> <br>
(MIT)</td> (MIT)</td>
@ -230,7 +239,8 @@
and always-on Incognito mode as an option.<br> and always-on Incognito mode as an option.<br>
<br> <br>
Vanadium's source code, including its Chromium patchset, can be found in its Vanadium's source code, including its Chromium patchset, can be found in its
<a class="table-link" href="https://github.com/GrapheneOS/Vanadium/">official repository</a>.</td> <a class="table-link" href="https://github.com/GrapheneOS/Vanadium/"
>official repository</a>.</td>
<td>Open source<br> <td>Open source<br>
<br> <br>
(GPLv2-only)</td> (GPLv2-only)</td>