move more content to the features page
This commit is contained in:
parent
d981e60c2f
commit
c3f5f59c45
@ -67,10 +67,18 @@
|
||||
<li>Stronger app sandbox</li>
|
||||
<li>Hardened libc providing defenses against the most common classes of vulnerabilities (memory
|
||||
corruption)</li>
|
||||
<li>Our own <a href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened malloc (memory allocator)</a>
|
||||
<li>Our own <a href="https://github.com/GrapheneOS/hardened_malloc">hardened malloc (memory allocator)</a>
|
||||
leveraging modern hardware capabilities to provide substantial defenses against
|
||||
the most common classes of vulnerabilities (heap memory corruption) along with
|
||||
reducing the lifetime of sensitive data in memory</li>
|
||||
reducing the lifetime of sensitive data in memory. The hardened_malloc project is
|
||||
portable to other Linux-based operating systems and is being adopted by other
|
||||
security-focused operating systems like Whonix. The
|
||||
<a href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened_malloc
|
||||
README</a> has extensive documentation on it. Our allocator also heavily influenced the
|
||||
design of the <a href="https://www.openwall.com/lists/musl/2020/05/13/1">next-generation
|
||||
musl malloc implementation</a> which offers substantially better security than musl's
|
||||
previous malloc while still having minimal memory usage and code size.</li>
|
||||
<li>Hardened compiler toolchain</li>
|
||||
<li>Hardened kernel</li>
|
||||
<li>Prevention of dynamic native code execution in-memory or via the filesystem
|
||||
for the base OS without going via the package manager, etc.</li>
|
||||
|
@ -64,33 +64,21 @@
|
||||
foundation, but for now the developers represent the project.</p>
|
||||
|
||||
<p>GrapheneOS improves the privacy and security of the OS from the bottom up. It
|
||||
has a hardened kernel, libc, malloc and compiler toolchain with many low-level
|
||||
improvements. These changes are designed to eliminate whole classes of serious
|
||||
vulnerabilities or provide meaningful barriers to exploitation. We avoid making
|
||||
changes without a clear rationale and we regularly work towards simplifying and
|
||||
replacing these low-level improvements. The malloc implementation is our own <a
|
||||
href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened_malloc</a>
|
||||
providing cutting edge security for modern systems. The hardened_malloc project is
|
||||
portable to other Linux-based operating systems and is being adopted by other
|
||||
security-focused operating systems like Whonix. The <a
|
||||
href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened_malloc
|
||||
README</a> has extensive documentation on it. Our work also heavily influenced the
|
||||
design of the <a href="https://www.openwall.com/lists/musl/2020/05/13/1">next-generation
|
||||
musl malloc implementation</a> which offers substantially better security than musl's
|
||||
previous malloc while still having minimal memory usage and code size.</p>
|
||||
deploys technologies to mitigate whole classes of vulnerabilities and make exploiting
|
||||
the most common sources of vulnerabilities substantially more difficult. It improves
|
||||
the security of both the OS and the apps running on it. The app sandbox and other
|
||||
security boundaries are fortified. GrapheneOS tries to avoid impacting the user
|
||||
experience with the privacy and security features. Ideally, the features can be
|
||||
designed so that they're always enabled with no impact on the user experience and no
|
||||
additional complexity like configuration options. It's not always feasible, and
|
||||
GrapheneOS does add various toggles for features like the Network permission, Sensors
|
||||
permission, restrictions when the device is locked (USB peripherals, camera, quick
|
||||
tiles), etc. along with more complex user-facing privacy and security features with
|
||||
their own UX.</p>
|
||||
|
||||
<p>There are also many under-the-hood changes at a higher level, including major
|
||||
improvements to SELinux policies particularly for the app sandbox. GrapheneOS tries to
|
||||
avoid impacting the user experience with the privacy and security features. Ideally,
|
||||
the features can be designed so that they're always enabled with no impact on the user
|
||||
experience and no additional complexity like configuration options. It's not always
|
||||
feasible, and GrapheneOS does add various toggles for features like the Network
|
||||
permission, Sensors permission, restrictions when the device is locked (USB
|
||||
peripherals, camera, quick tiles), etc. along with more complex user-facing privacy
|
||||
and security features with their own UX.</p>
|
||||
|
||||
<p>See the new <a href="/features">features page</a> for more details on GrapheneOS
|
||||
features.</p>
|
||||
<p>The <a href="/features">features page</a> provides an overview of the substantial
|
||||
privacy and security improvements added by GrapheneOS to the Android Open Source
|
||||
Project.</p>
|
||||
|
||||
<p>Official releases are available on the <a href="/releases">releases page</a> and
|
||||
installation instructions are on the <a href="/install">install page</a>.</p>
|
||||
|
Loading…
x
Reference in New Issue
Block a user