security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

overhaul explanation of USB-C port control

Browse Source
This commit is contained in:
Daniel Micay 2024-06-21 13:50:40 -04:00
parent 7cb01fc3bd
commit f25155f056
2 changed files with 32 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
static/features.html
View File

@ -28,6 +28,7 @@
<link rel="manifest" href="/manifest.webmanifest"/> <link rel="manifest" href="/manifest.webmanifest"/>
<link rel="license" href="/LICENSE.txt"/> <link rel="license" href="/LICENSE.txt"/>
<link rel="me" href="https://grapheneos.social/@GrapheneOS"/> <link rel="me" href="https://grapheneos.social/@GrapheneOS"/>
[[js|/js/redirect.js]]
</head> </head>
<body> <body>
{% with current_page="features" %} {% with current_page="features" %}
@ -81,7 +82,7 @@
<li><a href="#attack-surface-reduction">Attack surface <li><a href="#attack-surface-reduction">Attack surface
reduction</a> reduction</a>
<ul> <ul>
<li><a href="#usb-c-port-control">USB-C port control</a></li> <li><a href="#usb-c-port-and-pogo-pins-control">USB-C port and pogo pins control</a></li>
</ul> </ul>
</li> </li>
<li><a href="#exploit-mitigations">Exploit <li><a href="#exploit-mitigations">Exploit
@ -254,16 +255,14 @@
settings screen.</li> settings screen.</li>
</ul> </ul>
<h5 id="usb-c-port-control"><a href="#usb-c-port-control">USB-C port control</a></h5> <h5 id="usb-c-port-and-pogo-pins-control"><a href="#usb-c-port-and-pogo-pins-control">USB-C port and pogo pins control</a></h5>
<p>Our USB-C port mode setting for Tensor Pixels offers precise control over <p>Our <b>USB-C port and pogo pins</b> setting protects against attacks
USB functions, allowing complete disabling of USB controller functionality through USB-C or pogo pins while the OS is booted. For the majority of
including data lines.</p> devices without pogo pins, the setting is labelled <b>USB-C port</b>. We
have a less advanced version of this feature on devices launched prior to
<p>Unlike the standard Android USB HAL and device administration API, our October 2021 (Pixel 5a and earlier) since it requires a hardware-specific
USB-C port control fully disables USB-C functionality at the hardware level implementation with driver changes.</p>
using device-specific kernel modifications. This greatly reduces the USB-C
attack surface based on the chosen setting.</p>
<p>The feature has five modes:</p> <p>The feature has five modes:</p>
@ -276,9 +275,26 @@
</ul> </ul>
<p>The default is <b>Charging-only when locked</b>, which significantly <p>The default is <b>Charging-only when locked</b>, which significantly
reduces attack surface when the device is locked. After locking, new reduces attack surface when the device is locked. After locking, it blocks
connections are blocked immediately, and data lines are disabled when any new USB connections immediately through either USB-C and pogo pins at
existing connections end.</p> both the hardware level via configuring the USB controller and also at the
OS level in the kernel to provide a second layer of defense. It disables the
data lines at a hardware level as soon as the existing connections end which
happens right away if there were new USB connections. It also disables USB-C
alternate modes including DisplayPort at both the OS and hardware level.</p>
<p>Our implementation is far more secure than Android's standard USB HAL
toggle available to device admin apps. The standard feature only disables
high level USB handling in the OS. It doesn't block new USB connections or
disable the data lines at a hardware level. It also leaves the handling of
the USB-C and pogo pins protocols enabled in the OS, and it doesn't deal
with USB-C alternate modes. The standard feature is also either blocking or
not blocking USB at a high level, without the ability to block new
connections and disable USB only once the existing connections end. Other
operating systems trying to implement a similar feature via the standard
toggle end up continuing to allow new USB connections in the OS until all
connections end instead of the 2 phase approach we use for our two
Charging-only when locked modes.</p>
</section> </section>
<section id="exploit-mitigations"> <section id="exploit-mitigations">

3
static/js/redirect.js
View File

@ -25,6 +25,9 @@ const redirects = new Map([
["/faq#dns", "/faq#custom-dns"], ["/faq#dns", "/faq#custom-dns"],
["/faq#when-devices", "/faq#future-devices"], ["/faq#when-devices", "/faq#future-devices"],
["/features#usb-c-port-control", "/features#usb-c-port-and-pogo-pins-control"],
["/hiring#qualitifations", "/hiring#qualifications"], ["/hiring#qualitifations", "/hiring#qualifications"],
["/install/cli#fastboot-as-non-root", "/install/cli#flashing-as-non-root"], ["/install/cli#fastboot-as-non-root", "/install/cli#flashing-as-non-root"],