Add section Hardware I Use. Add Google Pixel 6 table row. Improve text.

about.html

@@ -35,6 +35,62 @@
 		being affected.</p>
 		<br>
 		<br>
+		<h3>Hardware I Use</h3>
+		<h4>Smartphone</h4>
+				<table>
+						<tr>
+								<td>Type</td>
+								<td>Hardware</td>
+								<td>Description</td>
+								<td>Source model<br>
+								<br>
+								(License)</td>
+						</tr>
+						<tr>
+								<td>Smartphone</td>
+								<td><img src="img/google-pixel_6.png" width="100px" height="100px"/><br>
+								<br>
+								Google Pixel 6</td>
+								<td>Google Pixel devices are the best Android devices available on
+								the market for security and privacy.<br>
+								<br>
+								They allow locking the bootloader with a custom Android Verified Boot (AVB)
+								key in order to preserve security and privacy features when installing a custom
+								operating system, such as verified boot which verifies that the OS has not been
+								corrupted or tampered with, and rollback protection which prevents an adversary
+								from rolling back the OS or firmware version to a previous version with known
+								security vulnerabilities.<br>
+								<br>
+								They also include a hardware security module (Titan M2) which is extremely resistant
+								to both remote and physical attacks due to being completely isolated from
+								the rest of the system, including the operating system. Titan M2 ensures that
+								the device cannot be remotely compromised by requiring the side buttons of the
+								device to be physically pressed for some sensitive operations. Titan M2 also
+								takes the role of Android Strongbox keystore, containing sensitive user keys which
+								are unavailable to the OS or apps running on it without authorisation from Titan M2
+								itself. Insider attack resistance ensures that Titan M2 firmware can be flashed only
+								if the user PIN/password is already known, making it impossible to backdoor the device
+								without already knowing these secrets.<br>
+								<br>
+								Google Pixel device kernels are compiled with fine-grained, forward-edge control-flow
+								integrity and backward-edge control-flow integrity to prevent code reuse attacks against
+								the kernel. MAC address randomisation is implemented well, with minimal probe requests
+								and randomised initial sequence numbers.<br>
+								<br>
+								Google releases guaranteed monthly security updates, ensuring Google Pixel devices are
+								up-to-date and quickly protected against security vulnerabilities.<br>
+								<br>
+								Pixel 6-series devices are a large improvement over the already very secure and private
+								previous generation Pixel devices. They replace ARM-based Titan M with RISC-V-based Titan M2,
+								reducing trust by removing ARM from the equation. Titan M2 is more resiliant to attacks than
+								Titan M, and is AVA_VAN.5 certified, the highest level of vulnerability assessment. Google's
+								in-house Tensor SoC includes Tensor Security Core, further improving device security.<br>
+								Pixel 6-series devices are supported for a minimum of 5 years from launch, an increase from
+								previous generations' support lifecycles of 3 years.</td>
+						</tr>
+				</table>
+		<br>
+		<br>
 		<h3>Software I Use</h3>
 		<h4>Desktop</h4>
 				<table>
@@ -43,6 +99,7 @@
 								<td>Software</td>
 								<td>Description</td>
 								<td>Source model<br>
+								<br>
 								(License)</td>
 						</tr>
 						<tr>
@@ -56,12 +113,13 @@
 								being the ability to optimise the software for security, privacy, performance,
 								or power usage; however, there are effectively unlimited other use cases, or a
 								combination of multiple use cases.<br>
+								<br>
 								I have focused on security hardening and privacy hardening, placing performance below
 								those aspects, although my system is still very performant. Some of the hardening I
 								apply includes stack protection, signed integer overflow wrapping, and GrapheneOS'
 								hardened_malloc memory allocator.<br>
 								<br>
-								You can find my personal Gentoo Linux hardening configuration
+								You can find my personal Gentoo Linux configuration
 								<a class="table-link" href="https://git.inferencium.net/inference/cfg/">here</a>.</td>
 								<td>Open source<br>
 								<br>
@@ -133,10 +191,10 @@
 								Vanadium</td>
 								<td>Vanadium is a security-hardened, privacy-hardened Chromium-based web browser
 								which utilises GrapheneOS' operating system hardening to implement stronger
-								defenses to the already very secure Chromium web browser. Its hardening includes
+								defenses to the already very secure Chromium web browser. Its hardening alongside
-								disabling JavaScript just-in-time (JIT) compilation by default, stubbing out the
+								Chromium's base security features includes disabling JavaScript just-in-time (JIT)
-								battery status API to prevent abuse of it, and always-on
+								compilation by default, stubbing out the battery status API to prevent abuse of it,
-								Incognito mode as an option.<br>
+								and always-on Incognito mode as an option.<br>
 								<br>
 								Vanadium's source code repository, including its Chromium patchset, can be found
 								<a class="table-link" href="https://github.com/GrapheneOS/Vanadium/">here</a>.</td>