From dc411390220e9ede95ff81c92705ad2a8da608d6 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Wed, 8 Sep 2021 03:09:28 -0400
Subject: [PATCH] note about new devices/keys for attestation

---
 static/articles/attestation-compatibility-guide.html | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/static/articles/attestation-compatibility-guide.html b/static/articles/attestation-compatibility-guide.html
index e54a54fc..a15c0b54 100644
--- a/static/articles/attestation-compatibility-guide.html
+++ b/static/articles/attestation-compatibility-guide.html
@@ -96,6 +96,9 @@
             key is in the permitted set when <code>verifiedBootState</code> is
             <code>SelfSigned</code>.</p>
 
+            <p>GrapheneOS regularly adds support for new devices so you should have a process for
+            regularly adding the new verified boot key fingerprints from this page.</p>
+
             <p>The hardware attestation API also provides other useful information signed by the
             hardware including the OS patch level, in a way that even an attacker exploiting the
             OS after boot to gain root cannot trivially bypass. It's a better feature than the