From 30055d41283d69a2aa078f3c2b75024572eee48d Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Fri, 14 Feb 2020 14:31:38 -0500
Subject: [PATCH] move device support section to FAQ

---
 static/faq.html   | 89 ++++++++++++++++++++++++++++++++++++++++++++++-
 static/index.html | 44 +----------------------
 2 files changed, 89 insertions(+), 44 deletions(-)

diff --git a/static/faq.html b/static/faq.html
index be38605d..6524a64d 100644
--- a/static/faq.html
+++ b/static/faq.html
@@ -47,9 +47,21 @@
                 <a href="#table-of-contents">Table of contents</a>
             </h2>
             <ul>
-                <li><a href="#supported-devices">Which devices are supported?</a></li>
+                <li>
+                    <a href="#device-support">Device support</a>
+                    <ul>
+                        <li><a href="#supported-devices">Which devices are supported?</a></li>
+                        <li><a href="#recommended-devices">Which devices are recommended?</a></li>
+                        <li><a href="#future-devices">Which devices will be supported in the future?</a></li>
+                        <li><a href="#when-devices">When will more devices be supported?</a></li>
+                    </ul>
+                </li>
             </ul>
 
+            <h2 id="device-support">
+                <a href="#device-support">Device support</a>
+            </h2>
+
             <h2 id="supported-devices">
                 <a href="#supported-devices">Which devices are supported?</a>
             </h2>
@@ -80,6 +92,81 @@
             GrapheneOS is the only party involved in providing the updates. For the same reason,
             it has little use for the ability to provide out-of-band updates to system image
             components including all the apps and many other components.</p>
+
+            <p>Some of the GrapheneOS sub-projects support other operating systems on a broader
+            range of devices. Device support for Auditor and AttestationServer is documented in
+            the <a href="https://attestation.app/about">overview of those projects</a>. The
+            <a href="https://github.com/GrapheneOS">hardened_malloc</a> project supports nearly
+            any Linux-based environment due to official support for musl, glibc and Bionic along
+            with easily added support for other environments. It can easily run on non-Linux-based
+            operating systems too, and supporting some like HardenedBSD is planned but depends on
+            contributors from those communities.</p>
+
+            <h2 id="recommended-devices">
+                <a href="#recommended-devices">Which devices are recommended?</a>
+            </h2>
+
+            <p>The recommended devices with the best hardware, firmware and software security
+            along with the longest future support time are the Pixel 3a, Pixel 3a XL, Pixel 3 and
+            Pixel 3 XL. The Pixel 3a and 3a XL are budget devices meeting the same security
+            standards as the more expensive flagship devices.</p>
+
+            <h2 id="future-devices">
+                <a href="#future-devices">Which devices will be supported in the future?</a>
+            </h2>
+
+            <p>Devices are carefully chosen based on their merits rather than the project aiming
+            to have broad device support. Broad device support is counter to the aims of the
+            project, and the project will eventually be engaging in hardware and firmware level
+            improvements rather than only offering suggestions and bug reports upstream for those
+            areas. Much of the work on the project involves changes that are specific to different
+            devices, and officially supported devices are the ones targeted by most of this
+            ongoing work.</p>
+
+            <p>Devices need to be meet the standards of the project in order to be considered as
+            potential targets. In addition to support for installing other operating systems,
+            standard hardware-based security features like the hardware-backed keystores, verified
+            boot, attestation and various hardware-based exploit mitigations need to be available.
+            Devices also need to have decent integration of IOMMUs for isolating components such
+            as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image
+            processor, etc. as if the hardware / firmware support is missing or broken, there's
+            not much that the OS can do to provide an alternative. Devices with support for
+            alternative operating systems as an afterthought will not be considered. Devices need
+            to have proper ongoing support for their firmware and software specific to the
+            hardware like drivers in order to provide proper full security updates too. Devices
+            that are end-of-life and no longer receiving these updates will not be supported.</p>
+
+            <p>In order to support a device, the appropriate resources also need to be available
+            and dedicated towards it. Releases for each supported device need to be robust and
+            stable, with all standard functionality working properly and testing for each of the
+            releases.</p>
+
+            <p>Hardware, firmware and software specific to devices like drivers play a huge role
+            in the overall security of a device. The goal of the project is not to slightly
+            improve some aspects of insecure devices and supporting a broad set of devices would
+            be directly counter to the values of the project. A lot of the low-level work also
+            ends up being fairly tied to the hardware.</p>
+
+            <h2 id="when-devices">
+                <a href="#when-devices">When will more devices be supported?</a>
+            </h2>
+
+            <p>Broader device support can only happen after the community (companies,
+            organizations and individuals) steps up to make substantial, ongoing contributions to
+            making the existing device support sustainable. Once the existing device support is
+            more sustainable, early research and development work for other devices can begin.
+            Once a device is deemed to be a worthwhile target, the project needs maintainers to
+            develop and maintain support for it including addressing device-specific issues that
+            are uncovered, which will include issues uncovered in the device support code by
+            GrapheneOS hardening features.</p>
+
+            <p>It's not really a matter of time but rather depends on community support for the
+            project increasing. As an open source project, the way the get something to happen in
+            GrapheneOS is to contribute to it, and this is particularly true for device support
+            since it's very self-contained and can be delegated to separate teams for each
+            device. If you want to see more devices supported sooner, you should get to work on
+            identifying good devices with full support for alternative operating systems with
+            verified boot, etc. and then start working on integrating and testing support.</p>
         </div>
         <footer>
             <a href="/"><img src="https://grapheneos.org/logo.png" width="512" height="512" alt=""/>GrapheneOS</a>
diff --git a/static/index.html b/static/index.html
index 69507396..d72a85fa 100644
--- a/static/index.html
+++ b/static/index.html
@@ -104,49 +104,7 @@
             <h2 id="device-support">
                 <a href="#device-support">Device support</a>
             </h2>
-            <p>In the current early stage of the project, GrapheneOS provides production releases
-            for the Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a and Pixel
-            3a XL. <strong>The recommended devices with the best hardware, firmware and software
-            security along with the longest future support time are the Pixel 3a, Pixel 3a XL,
-            Pixel 3 and Pixel 3 XL.</strong> It will support other devices in the future, but
-            devices are carefully chosen based on their merits rather than the project aiming to
-            have broad device support. Broad device support is counter to the aims of the
-            project, and the project will eventually be engaging in hardware and firmware level
-            improvements rather than only offering suggestions and bug reports upstream for those
-            areas. Much of the work on the project involves changes that are specific to different
-            devices, and officially supported devices are the ones targeted by most of this
-            ongoing work. GrapheneOS also has source level support without device-specific
-            hardening for the Android emulator, HiKey, HiKey 960 and also generic targets
-            providing basic support for many other devices.</p>
-            <p>Devices need to be meet the standards of the project in order to be considered as
-            potential targets. In addition to support for installing other operating systems,
-            standard hardware-based security features like the hardware-backed keystores, verified
-            boot, attestation and various hardware-based exploit mitigations need to be available.
-            Devices also need to have decent integration of IOMMUs for isolating components such
-            as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image
-            processor, etc. as if the hardware / firmware support is missing or broken, there's
-            not much that the OS can do to provide an alternative. Devices with support for
-            alternative operating systems as an afterthought will not be considered. Devices need
-            to have proper ongoing support for their firmware and software specific to the
-            hardware like drivers in order to provide proper full security updates too. Devices
-            that are end-of-life and no longer receiving these updates will not be supported.</p>
-            <p>In order to support a device, the appropriate resources also need to be available
-            and dedicated towards it. Releases for each supported device need to be robust and
-            stable, with all standard functionality working properly and testing for each of the
-            releases.</p>
-            <p>Hardware, firmware and software specific to devices like drivers play a huge role
-            in the overall security of a device. The goal of the project is not to slightly
-            improve some aspects of insecure devices and supporting a broad set of devices would
-            be directly counter to the values of the project. A lot of the low-level work also
-            ends up being fairly tied to the hardware.</p>
-            <p>Some of the GrapheneOS sub-projects support other operating systems on a broader
-            range of devices. Device support for Auditor and AttestationServer is documented in
-            the <a href="https://attestation.app/about">overview of those projects</a>. The
-            <a href="https://github.com/GrapheneOS">hardened_malloc</a> project supports nearly
-            any Linux-based environment due to official support for musl, glibc and Bionic along
-            with easily added support for other environments. It can easily run on non-Linux-based
-            operating systems too, and supporting some like HardenedBSD is planned but depends on
-            contributors from those communities.</p>
+            <p>See <a href="/faq#device-support">the FAQ section on device support</a>.</p>
         </div>
         <footer>
             <a href="/"><img src="https://grapheneos.org/logo.png" width="512" height="512" alt=""/>GrapheneOS</a>