From 4ea12e883175f909c5a72a44983d4285c9931e46 Mon Sep 17 00:00:00 2001 From: Daniel Gray Date: Fri, 22 Apr 2022 08:12:11 +0000 Subject: [PATCH] Don't use "out of the box" phrase (#1070) --- docs/android.en.md | 2 +- docs/tools.en.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/android.en.md b/docs/android.en.md index 25bfe27f..6f67eb86 100644 --- a/docs/android.en.md +++ b/docs/android.en.md @@ -130,7 +130,7 @@ DivestOS has support for most OnePlus devices up to the **OnePlus 7T Pro**, with !!! danger - Out of the box, Fairphone devices are incredibly insecure. [Fairphone's stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11), meaning any system can be installed and the phone will trust it as if it is the stock system. This essentially breaks verified boot on a stock Fairphone device. + The Fairphone by default is not secure as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11), meaning any system can be installed and the phone will trust it as if it is the stock system. This essentially breaks verified boot on a stock Fairphone device. This problem is solved when you install a custom operating system such as CalyxOS or DivestOS and trust the developer's signing keys rather than the stock system's. To reiterate, **you must install a custom operating system with custom boot keys to use Fairphone devices in a secure manner.** diff --git a/docs/tools.en.md b/docs/tools.en.md index 46eff732..5beb32a7 100644 --- a/docs/tools.en.md +++ b/docs/tools.en.md @@ -233,7 +233,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b ??? info "Operating System Disk Encryption" - For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are available out of the box and typically utilize hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt will not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems. + For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically utilize hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems. [Learn more :material-arrow-right:](encryption.md##operating-system-included-full-disk-encryption-fde)