mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2024-12-23 22:49:42 -05:00
Don't use "out of the box" phrase (#1070)
This commit is contained in:
parent
23d72ffc43
commit
4ea12e8831
@ -130,7 +130,7 @@ DivestOS has support for most OnePlus devices up to the **OnePlus 7T Pro**, with
|
||||
|
||||
!!! danger
|
||||
|
||||
Out of the box, Fairphone devices are incredibly insecure. [Fairphone's stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11), meaning any system can be installed and the phone will trust it as if it is the stock system. This essentially breaks verified boot on a stock Fairphone device.
|
||||
The Fairphone by default is not secure as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11), meaning any system can be installed and the phone will trust it as if it is the stock system. This essentially breaks verified boot on a stock Fairphone device.
|
||||
|
||||
This problem is solved when you install a custom operating system such as CalyxOS or DivestOS and trust the developer's signing keys rather than the stock system's. To reiterate, **you must install a custom operating system with custom boot keys to use Fairphone devices in a secure manner.**
|
||||
|
||||
|
@ -233,7 +233,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
??? info "Operating System Disk Encryption"
|
||||
|
||||
For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are available out of the box and typically utilize hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt will not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems.
|
||||
For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically utilize hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems.
|
||||
|
||||
[Learn more :material-arrow-right:](encryption.md##operating-system-included-full-disk-encryption-fde)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user