From b93d86fca1851614d8fb29d9302e2322978af159 Mon Sep 17 00:00:00 2001
From: r3g_5z <june@girlboss.ceo>
Date: Sun, 8 Jan 2023 22:23:22 -0500
Subject: [PATCH] Add more various misc features

Signed-off-by: r3g_5z <june@girlboss.ceo>
---
 static/features.html | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/static/features.html b/static/features.html
index 707446a4..152343c7 100644
--- a/static/features.html
+++ b/static/features.html
@@ -338,11 +338,11 @@
                                     including many which we played a part in developing and
                                     landing upstream as part of our linux-hardened project (which
                                     we intend to revive as a more active project again).</li>
-                                    <li>Forced kernel module signing with per-build keys and
-                                    lockdown mode set to forced confidentiality mode help to
-                                    enforce a low-level boundary between the kernel and userspace
-                                    even if mistakes are made in SELinux policy or there's a deep
-                                    userspace compromise.</li>
+                                    <li>Forced kernel module signing with per-build RSA 4096 /
+                                    SHA256 keys and lockdown mode set to forced confidentiality
+                                    mode help to enforce a low-level boundary between the kernel
+                                    and userspace even if mistakes are made in SELinux policy or
+                                    there's a deep userspace compromise.</li>
                                     <li>Additional consistency / integrity checks are enabled for
                                     frequently targeted kernel data structures.</li>
                                 </ul>
@@ -815,8 +815,8 @@
                     <h3><a href="#grapheneos-pdf-viewer">GrapheneOS PDF Viewer</a></h3>
 
                     <p><a href="https://github.com/GrapheneOS/PdfViewer">GrapheneOS PDF Viewer</a>
-                    is sandboxed, hardened PDF viewer using HiDPI rendering with pinch to zoom,
-                    text selection, etc.</p>
+                    is a sandboxed, hardened PDF viewer using HiDPI rendering with features like
+                    pinch to zoom, text selection, viewing encrypted PDFs, etc.</p>
                 </section>
 
                 <section id="encrypted-backups">
@@ -902,6 +902,18 @@
                         useful in Canada where the government abuses the system and sends every
                         type of alert as a presidential alert to stop users from being able to opt
                         out of weather and amber alerts.</li>
+                        <li>Removal of TrustCor root certificate authority as a trusted system CA.</li>
+                        <li>Secure-by-default Android 12 PendingIntent security check (FLAG_IMMUTABLE)
+                        instead of crash-by-default improving older app compatibility and security.</li>
+                        <li>Fixed UART debugging enabled warning on offical release builds.</li>
+                        <li>Engineering / Prototype ("EVT", "PVT" or "DVT") device warning as these
+                        devices typically have relaxed security controls for development, mainly
+                        the secure boot state property <code>ro.boot.secure_boot</code> not set
+                        to <code>PRODUCTION</code>.</li>
+                        <li>Enable bootloader, radio, and boot partition version / fingerprint
+                        checks.</li>
+                        <li>Remove code automatically granting the location permission to system
+                        browsers.</li>
                     </ul>
                 </section>
             </section>