clarify attack surface reduction a bit

This commit is contained in:
Daniel Micay 2020-12-05 12:06:23 -05:00
parent 93a197fd6b
commit 2d516a56f7

View File

@ -82,8 +82,8 @@
<li>Enhanced hardware-based attestation with more precise version information</li>
<li>Eliminates remaining holes for apps to access hardware-based identifiers</li>
<li>Greatly reduced remote, local and proximity-based attack surface by stripping out unnecessary
code, making more features optional and disabling optional features by default or when the
screen is locked</li>
code, making more features optional and disabling optional features by default (NFC, Bluetooth, etc.) or when the
screen is locked (connecting new USB peripherals, camera access)</li>
<li>Low-level improvements to the filesystem-based full disk encryption used on
modern Android</li>
<li>Support for logging out of user profiles without needing a device manager: makes them inactive so that they can't continue running code while using another profile, purges disk encryption keys (which are per-profile) from memory and hardware registers</li>