fix wording for deny_new_usb2 integration

This commit is contained in:
Daniel Micay 2024-06-20 22:31:32 -04:00
parent d92f0e0475
commit 7cb01fc3bd

View File

@ -808,7 +808,7 @@
<li>remove our USB peripheral security setting on devices supporting our much better USB-C port mode (Pixel 6 and later)</li>
<li>extend USB-C port setting to also handle pogo pins on the Pixel Tablet</li>
<li>kernel (5.10, 5.15, 6.1, 6.6): replace our deny_new_usb feature with a new deny_new_usb2 feature also disabling USB gadgets</li>
<li>extend USB-C port setting to enable deny_new_usb2 as a second layer of defense disabling new USB connections and then USB data at a hardware level, in case the USB controller is compromised or doesn't work correctly</li>
<li>extend USB-C port setting to enable deny_new_usb2 as a second layer of defense disabling new USB connections in the kernel (the existing implementation disables new connections and USB data at a hardware level via the USB controller, which disables more attack surface, but we want to keep around the higher level kernel approach too)</li>
<li>Files: fix upstream null pointer exception triggered on resuming activity</li>
<li>Settings: require user authentication for changing auto-reboot, USB peripheral and USB-C port security settings</li>
<li>Settings: avoid prompting for user authentication when selecting the same value as before for GrapheneOS settings requiring it</li>