diff --git a/static/faq.html b/static/faq.html index 50d5d277..d153981a 100644 --- a/static/faq.html +++ b/static/faq.html @@ -96,6 +96,7 @@
  • How do I keep the OS updated?
    • +
  • Does GrapheneOS provide Factory Reset Protection?

    • @@ -580,6 +581,32 @@

    Updates can be sideloaded via recovery.

    + +

    + Does GrapheneOS provide Factory Reset Protection? +

    + +

    No, since this is strictly a theft deterrence feature, not a security feature, and + the standard implementation depends on having the device tied to an account on an + online service. The only advantage would be encouraging thieves to return a stolen + device for a potential reward after realizing that it has no value beyond scrapping it + for parts.

    + +

    Google's Factory Reset Protection ties devices to a Google account using a tiny, + special region of persistent state not wiped by a factory reset. It prevents a thief + from wiping the device to a fresh state for resale without being stuck at a screen for + authenticating with the Google account persisted on the device after wiping.

    + +

    It would be possible to make an implementation not reliant upon an online service + where the user has the optional to enable Factory Reset Protection and is given a seed + phrase required to use the device after wiping data from recovery. However, since this + has no security value and the ability to deter theft is questionable, implementing + this is an extremely low priority.

    + +

    Providing the option to disable wiping from recovery would be simpler, but would be + incompatible with features designed to wipe data automatically in certain cases. This + will not be implemented by GrapheneOS since it isn't a good approach and it conflicts + with other planned features.