From f25155f056ca0476157cfa37e1cb7ffe9d11277f Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 21 Jun 2024 13:50:40 -0400 Subject: [PATCH] overhaul explanation of USB-C port control --- static/features.html | 42 +++++++++++++++++++++++++++++------------- static/js/redirect.js | 3 +++ 2 files changed, 32 insertions(+), 13 deletions(-) diff --git a/static/features.html b/static/features.html index 7955d807..ea4888f9 100644 --- a/static/features.html +++ b/static/features.html @@ -28,6 +28,7 @@ + [[js|/js/redirect.js]] {% with current_page="features" %} @@ -81,7 +82,7 @@
  • Attack surface reduction
  • Exploit @@ -254,16 +255,14 @@ settings screen.
    • -
    USB-C port control
    +
    USB-C port and pogo pins control
    -

    Our USB-C port mode setting for Tensor Pixels offers precise control over - USB functions, allowing complete disabling of USB controller functionality - including data lines.

    - -

    Unlike the standard Android USB HAL and device administration API, our - USB-C port control fully disables USB-C functionality at the hardware level - using device-specific kernel modifications. This greatly reduces the USB-C - attack surface based on the chosen setting.

    +

    Our USB-C port and pogo pins setting protects against attacks + through USB-C or pogo pins while the OS is booted. For the majority of + devices without pogo pins, the setting is labelled USB-C port. We + have a less advanced version of this feature on devices launched prior to + October 2021 (Pixel 5a and earlier) since it requires a hardware-specific + implementation with driver changes.

    The feature has five modes:

    @@ -276,9 +275,26 @@

    The default is Charging-only when locked, which significantly - reduces attack surface when the device is locked. After locking, new - connections are blocked immediately, and data lines are disabled when - existing connections end.

    + reduces attack surface when the device is locked. After locking, it blocks + any new USB connections immediately through either USB-C and pogo pins at + both the hardware level via configuring the USB controller and also at the + OS level in the kernel to provide a second layer of defense. It disables the + data lines at a hardware level as soon as the existing connections end which + happens right away if there were new USB connections. It also disables USB-C + alternate modes including DisplayPort at both the OS and hardware level.

    + +

    Our implementation is far more secure than Android's standard USB HAL + toggle available to device admin apps. The standard feature only disables + high level USB handling in the OS. It doesn't block new USB connections or + disable the data lines at a hardware level. It also leaves the handling of + the USB-C and pogo pins protocols enabled in the OS, and it doesn't deal + with USB-C alternate modes. The standard feature is also either blocking or + not blocking USB at a high level, without the ability to block new + connections and disable USB only once the existing connections end. Other + operating systems trying to implement a similar feature via the standard + toggle end up continuing to allow new USB connections in the OS until all + connections end instead of the 2 phase approach we use for our two + Charging-only when locked modes.

    diff --git a/static/js/redirect.js b/static/js/redirect.js index f1e88e13..1f8edead 100644 --- a/static/js/redirect.js +++ b/static/js/redirect.js @@ -25,6 +25,9 @@ const redirects = new Map([ ["/faq#dns", "/faq#custom-dns"], ["/faq#when-devices", "/faq#future-devices"], + + ["/features#usb-c-port-control", "/features#usb-c-port-and-pogo-pins-control"], + ["/hiring#qualitifations", "/hiring#qualifications"], ["/install/cli#fastboot-as-non-root", "/install/cli#flashing-as-non-root"],