move more content to the features page

This commit is contained in:
Daniel Micay 2020-12-17 01:32:46 -05:00
parent d981e60c2f
commit c3f5f59c45
2 changed files with 24 additions and 28 deletions

View File

@ -67,10 +67,18 @@
<li>Stronger app sandbox</li>
<li>Hardened libc providing defenses against the most common classes of vulnerabilities (memory
corruption)</li>
<li>Our own <a href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened malloc (memory allocator)</a>
<li>Our own <a href="https://github.com/GrapheneOS/hardened_malloc">hardened malloc (memory allocator)</a>
leveraging modern hardware capabilities to provide substantial defenses against
the most common classes of vulnerabilities (heap memory corruption) along with
reducing the lifetime of sensitive data in memory</li>
reducing the lifetime of sensitive data in memory. The hardened_malloc project is
portable to other Linux-based operating systems and is being adopted by other
security-focused operating systems like Whonix. The
<a href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened_malloc
README</a> has extensive documentation on it. Our allocator also heavily influenced the
design of the <a href="https://www.openwall.com/lists/musl/2020/05/13/1">next-generation
musl malloc implementation</a> which offers substantially better security than musl's
previous malloc while still having minimal memory usage and code size.</li>
<li>Hardened compiler toolchain</li>
<li>Hardened kernel</li>
<li>Prevention of dynamic native code execution in-memory or via the filesystem
for the base OS without going via the package manager, etc.</li>

View File

@ -64,33 +64,21 @@
foundation, but for now the developers represent the project.</p>
<p>GrapheneOS improves the privacy and security of the OS from the bottom up. It
has a hardened kernel, libc, malloc and compiler toolchain with many low-level
improvements. These changes are designed to eliminate whole classes of serious
vulnerabilities or provide meaningful barriers to exploitation. We avoid making
changes without a clear rationale and we regularly work towards simplifying and
replacing these low-level improvements. The malloc implementation is our own <a
href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened_malloc</a>
providing cutting edge security for modern systems. The hardened_malloc project is
portable to other Linux-based operating systems and is being adopted by other
security-focused operating systems like Whonix. The <a
href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened_malloc
README</a> has extensive documentation on it. Our work also heavily influenced the
design of the <a href="https://www.openwall.com/lists/musl/2020/05/13/1">next-generation
musl malloc implementation</a> which offers substantially better security than musl's
previous malloc while still having minimal memory usage and code size.</p>
deploys technologies to mitigate whole classes of vulnerabilities and make exploiting
the most common sources of vulnerabilities substantially more difficult. It improves
the security of both the OS and the apps running on it. The app sandbox and other
security boundaries are fortified. GrapheneOS tries to avoid impacting the user
experience with the privacy and security features. Ideally, the features can be
designed so that they're always enabled with no impact on the user experience and no
additional complexity like configuration options. It's not always feasible, and
GrapheneOS does add various toggles for features like the Network permission, Sensors
permission, restrictions when the device is locked (USB peripherals, camera, quick
tiles), etc. along with more complex user-facing privacy and security features with
their own UX.</p>
<p>There are also many under-the-hood changes at a higher level, including major
improvements to SELinux policies particularly for the app sandbox. GrapheneOS tries to
avoid impacting the user experience with the privacy and security features. Ideally,
the features can be designed so that they're always enabled with no impact on the user
experience and no additional complexity like configuration options. It's not always
feasible, and GrapheneOS does add various toggles for features like the Network
permission, Sensors permission, restrictions when the device is locked (USB
peripherals, camera, quick tiles), etc. along with more complex user-facing privacy
and security features with their own UX.</p>
<p>See the new <a href="/features">features page</a> for more details on GrapheneOS
features.</p>
<p>The <a href="/features">features page</a> provides an overview of the substantial
privacy and security improvements added by GrapheneOS to the Android Open Source
Project.</p>
<p>Official releases are available on the <a href="/releases">releases page</a> and
installation instructions are on the <a href="/install">install page</a>.</p>