move more content to the features page

2020-12-17 01:32:46 -05:00 · 2020-12-17 01:32:46 -05:00 · c3f5f59c45
commit c3f5f59c45
parent d981e60c2f
2 changed files with 24 additions and 28 deletions
--- a/static/features.html
+++ b/static/features.html
@ -67,10 +67,18 @@
                <li>Stronger app sandbox</li>
                <li>Hardened libc providing defenses against the most common classes of vulnerabilities (memory
  corruption)</li>
-                <li>Our own <a href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened malloc (memory allocator)</a>
+                <li>Our own <a href="https://github.com/GrapheneOS/hardened_malloc">hardened malloc (memory allocator)</a>
                leveraging modern hardware capabilities to provide substantial defenses against
                the most common classes of vulnerabilities (heap memory corruption) along with
-                reducing the lifetime of sensitive data in memory</li>
+                reducing the lifetime of sensitive data in memory. The hardened_malloc project is
+                portable to other Linux-based operating systems and is being adopted by other
+                security-focused operating systems like Whonix. The
+                <a href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened_malloc
+                README</a> has extensive documentation on it. Our allocator also heavily influenced the
+                design of the <a href="https://www.openwall.com/lists/musl/2020/05/13/1">next-generation
+                musl malloc implementation</a> which offers substantially better security than musl's
+                previous malloc while still having minimal memory usage and code size.</li>
+                <li>Hardened compiler toolchain</li>
                <li>Hardened kernel</li>
                <li>Prevention of dynamic native code execution in-memory or via the filesystem
                for the base OS without going via the package manager, etc.</li>
--- a/static/index.html
+++ b/static/index.html
@ -64,33 +64,21 @@
            foundation, but for now the developers represent the project.</p>

            <p>GrapheneOS improves the privacy and security of the OS from the bottom up. It
-            has a hardened kernel, libc, malloc and compiler toolchain with many low-level
-            improvements. These changes are designed to eliminate whole classes of serious
-            vulnerabilities or provide meaningful barriers to exploitation. We avoid making
-            changes without a clear rationale and we regularly work towards simplifying and
-            replacing these low-level improvements. The malloc implementation is our own <a
-            href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened_malloc</a>
-            providing cutting edge security for modern systems. The hardened_malloc project is
-            portable to other Linux-based operating systems and is being adopted by other
-            security-focused operating systems like Whonix. The <a
-            href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened_malloc
-            README</a> has extensive documentation on it. Our work also heavily influenced the
-            design of the <a href="https://www.openwall.com/lists/musl/2020/05/13/1">next-generation
-            musl malloc implementation</a> which offers substantially better security than musl's
-            previous malloc while still having minimal memory usage and code size.</p>
+            deploys technologies to mitigate whole classes of vulnerabilities and make exploiting
+            the most common sources of vulnerabilities substantially more difficult. It improves
+            the security of both the OS and the apps running on it. The app sandbox and other
+            security boundaries are fortified. GrapheneOS tries to avoid impacting the user
+            experience with the privacy and security features. Ideally, the features can be
+            designed so that they're always enabled with no impact on the user experience and no
+            additional complexity like configuration options. It's not always feasible, and
+            GrapheneOS does add various toggles for features like the Network permission, Sensors
+            permission, restrictions when the device is locked (USB peripherals, camera, quick
+            tiles), etc. along with more complex user-facing privacy and security features with
+            their own UX.</p>

-            <p>There are also many under-the-hood changes at a higher level, including major
-            improvements to SELinux policies particularly for the app sandbox. GrapheneOS tries to
-            avoid impacting the user experience with the privacy and security features. Ideally,
-            the features can be designed so that they're always enabled with no impact on the user
-            experience and no additional complexity like configuration options. It's not always
-            feasible, and GrapheneOS does add various toggles for features like the Network
-            permission, Sensors permission, restrictions when the device is locked (USB
-            peripherals, camera, quick tiles), etc. along with more complex user-facing privacy
-            and security features with their own UX.</p>
-
-            <p>See the new <a href="/features">features page</a> for more details on GrapheneOS
-            features.</p>
+            <p>The <a href="/features">features page</a> provides an overview of the substantial
+            privacy and security improvements added by GrapheneOS to the Android Open Source
+            Project.</p>

            <p>Official releases are available on the <a href="/releases">releases page</a> and
            installation instructions are on the <a href="/install">install page</a>.</p>