Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2024-07-11 13:51:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't use "out of the box" phrase (#1070)

Browse Source
This commit is contained in:
Daniel Gray 2022-04-22 08:12:11 +00:00
parent 23d72ffc43
commit 4ea12e8831
No known key found for this signature in database
GPG Key ID: 41911F722B0F9AE3
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/android.en.md
View File

@ -130,7 +130,7 @@ DivestOS has support for most OnePlus devices up to the **OnePlus 7T Pro**, with
!!! danger
Out of the box, Fairphone devices are incredibly insecure. [Fairphone's stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11), meaning any system can be installed and the phone will trust it as if it is the stock system. This essentially breaks verified boot on a stock Fairphone device.
The Fairphone by default is not secure as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11), meaning any system can be installed and the phone will trust it as if it is the stock system. This essentially breaks verified boot on a stock Fairphone device.
This problem is solved when you install a custom operating system such as CalyxOS or DivestOS and trust the developer's signing keys rather than the stock system's. To reiterate, **you must install a custom operating system with custom boot keys to use Fairphone devices in a secure manner.**

2
docs/tools.en.md
View File

@ -233,7 +233,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
??? info "Operating System Disk Encryption"
For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are available out of the box and typically utilize hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt will not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems.
For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically utilize hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems.
[Learn more :material-arrow-right:](encryption.md##operating-system-included-full-disk-encryption-fde)