move more content to the features page

static/features.html

@@ -67,10 +67,18 @@
                 <li>Stronger app sandbox</li>
                 <li>Hardened libc providing defenses against the most common classes of vulnerabilities (memory
   corruption)</li>
-                <li>Our own <a href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened malloc (memory allocator)</a>
+                <li>Our own <a href="https://github.com/GrapheneOS/hardened_malloc">hardened malloc (memory allocator)</a>
                 leveraging modern hardware capabilities to provide substantial defenses against
                 the most common classes of vulnerabilities (heap memory corruption) along with
-                reducing the lifetime of sensitive data in memory</li>
+                reducing the lifetime of sensitive data in memory. The hardened_malloc project is
+                portable to other Linux-based operating systems and is being adopted by other
+                security-focused operating systems like Whonix. The
+                <a href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened_malloc
+                README</a> has extensive documentation on it. Our allocator also heavily influenced the
+                design of the <a href="https://www.openwall.com/lists/musl/2020/05/13/1">next-generation
+                musl malloc implementation</a> which offers substantially better security than musl's
+                previous malloc while still having minimal memory usage and code size.</li>
+                <li>Hardened compiler toolchain</li>
                 <li>Hardened kernel</li>
                 <li>Prevention of dynamic native code execution in-memory or via the filesystem
                 for the base OS without going via the package manager, etc.</li>

static/index.html

@@ -64,33 +64,21 @@
             foundation, but for now the developers represent the project.</p>
 
             <p>GrapheneOS improves the privacy and security of the OS from the bottom up. It
-            has a hardened kernel, libc, malloc and compiler toolchain with many low-level
+            deploys technologies to mitigate whole classes of vulnerabilities and make exploiting
-            improvements. These changes are designed to eliminate whole classes of serious
+            the most common sources of vulnerabilities substantially more difficult. It improves
-            vulnerabilities or provide meaningful barriers to exploitation. We avoid making
+            the security of both the OS and the apps running on it. The app sandbox and other
-            changes without a clear rationale and we regularly work towards simplifying and
+            security boundaries are fortified. GrapheneOS tries to avoid impacting the user
-            replacing these low-level improvements. The malloc implementation is our own <a
+            experience with the privacy and security features. Ideally, the features can be
-            href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened_malloc</a>
+            designed so that they're always enabled with no impact on the user experience and no
-            providing cutting edge security for modern systems. The hardened_malloc project is
+            additional complexity like configuration options. It's not always feasible, and
-            portable to other Linux-based operating systems and is being adopted by other
+            GrapheneOS does add various toggles for features like the Network permission, Sensors
-            security-focused operating systems like Whonix. The <a
+            permission, restrictions when the device is locked (USB peripherals, camera, quick
-            href="https://github.com/GrapheneOS/hardened_malloc/blob/master/README.md">hardened_malloc
+            tiles), etc. along with more complex user-facing privacy and security features with
-            README</a> has extensive documentation on it. Our work also heavily influenced the
+            their own UX.</p>
-            design of the <a href="https://www.openwall.com/lists/musl/2020/05/13/1">next-generation
-            musl malloc implementation</a> which offers substantially better security than musl's
-            previous malloc while still having minimal memory usage and code size.</p>
 
-            <p>There are also many under-the-hood changes at a higher level, including major
+            <p>The <a href="/features">features page</a> provides an overview of the substantial
-            improvements to SELinux policies particularly for the app sandbox. GrapheneOS tries to
+            privacy and security improvements added by GrapheneOS to the Android Open Source
-            avoid impacting the user experience with the privacy and security features. Ideally,
+            Project.</p>
-            the features can be designed so that they're always enabled with no impact on the user
-            experience and no additional complexity like configuration options. It's not always
-            feasible, and GrapheneOS does add various toggles for features like the Network
-            permission, Sensors permission, restrictions when the device is locked (USB
-            peripherals, camera, quick tiles), etc. along with more complex user-facing privacy
-            and security features with their own UX.</p>
-
-            <p>See the new <a href="/features">features page</a> for more details on GrapheneOS
-            features.</p>
 
             <p>Official releases are available on the <a href="/releases">releases page</a> and
             installation instructions are on the <a href="/install">install page</a>.</p>