From a3918be58d562f0c6b66abc4f219a5bf4f9e62fb Mon Sep 17 00:00:00 2001
From: matchboxbananasynergy
 <107055883+matchboxbananasynergy@users.noreply.github.com>
Date: Fri, 2 Feb 2024 00:04:37 +0000
Subject: [PATCH] add Widevine provisioning to other connections

---
 static/faq.html | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/static/faq.html b/static/faq.html
index 23338b7d..18f8599c 100644
--- a/static/faq.html
+++ b/static/faq.html
@@ -1117,6 +1117,17 @@
                     could hard-wire domains as verified if they did and we wanted to avoid more
                     default connections.</p>
 
+                    <p>GrapheneOS uses
+                    https://widevineprovisioning.grapheneos.org/certificateprovisioning/v1/devicecertificates/create
+                    by default which is a private reverse proxy to
+                    https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create
+                    as part of Widevine provisioning. This is another form of key provisioning for
+                    per-app keys that are used when playing DRM protected media. DRM support is
+                    enabled in the OS by default but we don't include any apps using it by default,
+                    since it's disabled in Vanadium. A setting is added at Settings ➔ Network &amp;
+                    Internet ➔ Widevine provisioning for switching to directly using the Google
+                    service if you prefer.</p>
+
                     <p>Most other connections made by the OS itself are made based on your chosen
                     carrier. The OS has a database of APN and other carrier configuration settings
                     which determines how this works by default. Normally, carriers can force their