explain that updates are signed internally

2019-05-07 08:57:40 -04:00 · 2019-05-07 08:57:40 -04:00 · c3534cede2
commit c3534cede2
parent afbda11dad
1 changed files with 6 additions and 0 deletions
--- a/static/releases.html
+++ b/static/releases.html
@ -42,6 +42,12 @@
            but may be in the future once they're being used more consistently. Update packages
            are not for performing the initial installation and you should ignore incorrect guides
            trying to use them to install the OS.</p>
+            <p>The update packages have a internal signature verified by the update client (or
+            recovery image when sideloading). Downgrade attacks are also prevented, and downgrades
+            cannot be done unless a special downgrade update package has been signed with the
+            release key. The internal payload for `update_engine` is also signed, providing
+            another layer of signature verification and downgrade protection. Verified boot and
+            the hardware-backed keystore also act as a final layer of protection.</p>
            <p>Releases are tested by the developers and are then pushed out via the Beta channel.
            The release is then pushed out via the Stable channel after being tested by some users
            using the Beta channel. In some cases, problems are caught during Beta channel testing