Add more various misc features

Signed-off-by: r3g_5z <june@girlboss.ceo>
2023-01-08 22:23:22 -05:00 · 2023-01-08 22:23:22 -05:00 · b93d86fca1
commit b93d86fca1
parent 883505ec12
1 changed files with 19 additions and 7 deletions
--- a/static/features.html
+++ b/static/features.html
@ -338,11 +338,11 @@
                                    including many which we played a part in developing and
                                    landing upstream as part of our linux-hardened project (which
                                    we intend to revive as a more active project again).</li>
-                                    <li>Forced kernel module signing with per-build keys and
-                                    lockdown mode set to forced confidentiality mode help to
-                                    enforce a low-level boundary between the kernel and userspace
-                                    even if mistakes are made in SELinux policy or there's a deep
-                                    userspace compromise.</li>
+                                    <li>Forced kernel module signing with per-build RSA 4096 /
+                                    SHA256 keys and lockdown mode set to forced confidentiality
+                                    mode help to enforce a low-level boundary between the kernel
+                                    and userspace even if mistakes are made in SELinux policy or
+                                    there's a deep userspace compromise.</li>
                                    <li>Additional consistency / integrity checks are enabled for
                                    frequently targeted kernel data structures.</li>
                                </ul>
@ -815,8 +815,8 @@
                    <h3><a href="#grapheneos-pdf-viewer">GrapheneOS PDF Viewer</a></h3>

                    <p><a href="https://github.com/GrapheneOS/PdfViewer">GrapheneOS PDF Viewer</a>
-                    is sandboxed, hardened PDF viewer using HiDPI rendering with pinch to zoom,
-                    text selection, etc.</p>
+                    is a sandboxed, hardened PDF viewer using HiDPI rendering with features like
+                    pinch to zoom, text selection, viewing encrypted PDFs, etc.</p>
                </section>

                <section id="encrypted-backups">
@ -902,6 +902,18 @@
                        useful in Canada where the government abuses the system and sends every
                        type of alert as a presidential alert to stop users from being able to opt
                        out of weather and amber alerts.</li>
+                        <li>Removal of TrustCor root certificate authority as a trusted system CA.</li>
+                        <li>Secure-by-default Android 12 PendingIntent security check (FLAG_IMMUTABLE)
+                        instead of crash-by-default improving older app compatibility and security.</li>
+                        <li>Fixed UART debugging enabled warning on offical release builds.</li>
+                        <li>Engineering / Prototype ("EVT", "PVT" or "DVT") device warning as these
+                        devices typically have relaxed security controls for development, mainly
+                        the secure boot state property <code>ro.boot.secure_boot</code> not set
+                        to <code>PRODUCTION</code>.</li>
+                        <li>Enable bootloader, radio, and boot partition version / fingerprint
+                        checks.</li>
+                        <li>Remove code automatically granting the location permission to system
+                        browsers.</li>
                    </ul>
                </section>
            </section>