From eafec813aca7124253625f1bb3f4e2c8f303e726 Mon Sep 17 00:00:00 2001 From: inference Date: Thu, 3 Nov 2022 05:24:14 +0000 Subject: [PATCH] Add sources. --- about.html | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/about.html b/about.html index 05f0aa8..93ae207 100644 --- a/about.html +++ b/about.html @@ -65,17 +65,22 @@ which prevents an adversary from rolling back the OS or firmware version to a previous version with known security vulnerabilities.

- They also include a hardware security module - (Titan M2, improving on the first generation Titan M) + They also include a + hardware security module + (Titan M2, improving on the first generation + Titan M) which is extremely resistant to both remote and physical attacks due to being completely isolated from the rest of the system, including the operating system. Titan M2 ensures that the device cannot be remotely compromised by requiring the side buttons of the device to be physically pressed for some sensitive operations. - Titan M2 also takes the role of Android Strongbox keystore, containing sensitive user - keys which are unavailable to the OS or apps running on it without authorisation from - Titan M2 itself. Insider attack resistance ensures that Titan M2 firmware can be flashed - only if the user PIN/password is already known, making it impossible to backdoor the device - without already knowing these secrets.
+ Titan M2 also takes the role of + Android Strongbox Keymaster, + a hardware-backed Keystore + containing sensitive user keys which are unavailable to + the OS or apps running on it without authorisation from Titan M2 itself. Insider attack + resistance ensures that Titan M2 firmware can be flashed only if the user PIN/password + is already known, making it impossible to backdoor the device without already knowing + these secrets.

Google Pixel device kernels are compiled with fine-grained, forward-edge control-flow integrity and backward-edge control-flow integrity to prevent code reuse attacks against