Final on Nostr: In April 2024, Pixels shipped a partial implementation of our January 2024 proposal ...
In April 2024, Pixels shipped a partial implementation of our January 2024 proposal for firmware-based reset attack protection. Fastboot mode now zeroes RAM before enabling USB. This successfully wiped out the After First Unlock state exploit capabilities of two commercial exploit tools for the stock OS.
Several other improvements were made based on our January 2024 vulnerability reports and proposals including an implementation of wiping data before rebooting when a wipe is triggered. We shipped an improved version of this for our duress PIN/password feature before the feature shipped for Android.
We made massive improvements in #GrapheneOS to defend against these attacks since January 2024.
For ARMv9 devices, we greatly improved our hardware memory tagging implementation in hardened_malloc, deployed it for the Linux kernel allocators and greatly expanded the use of PAC and BTI across the OS.
We replaced our decade old feature for blocking new USB peripherals while locked with a greatly expanded and far more secure feature. The new approach blocks USB-C connections and USB-C data at a hardware level with expanded software-based blocking as a fallback.
We started deploying RANDSTRUCT for the kernel, which will eventually be used to have multiple possible struct memory layouts for each device model chosen randomly at boot. Our work on reducing kernel attack surface also continued. We plan to focus more on Linux kernel security going forward.
Our locked device auto-reboot feature from 2021 was replaced with a more secure approach preventing bypasses via crashes. It also avoids chain reboots without introducing a security weakness which makes low timer values such as the minimum 10 minutes far more usable.
We shipped our 2-factor fingerprint unlock feature planned since 2015. It allows people to avoid reliance on secure element security with a strong passphrase while keeping convenience. Fingerprint + scrambled PIN also defends well against being recorded while unlocking.
Several more major improvements specifically against the physical data extraction attack vector are planned. Our next release adds an implementation of zeroing RAM at boot in the kernel to match what fastboot mode does. We also plan to add a toggle for essentially toggling off Device Encrypted data.
Several other improvements were made based on our January 2024 vulnerability reports and proposals including an implementation of wiping data before rebooting when a wipe is triggered. We shipped an improved version of this for our duress PIN/password feature before the feature shipped for Android.
We made massive improvements in #GrapheneOS to defend against these attacks since January 2024.
For ARMv9 devices, we greatly improved our hardware memory tagging implementation in hardened_malloc, deployed it for the Linux kernel allocators and greatly expanded the use of PAC and BTI across the OS.
We replaced our decade old feature for blocking new USB peripherals while locked with a greatly expanded and far more secure feature. The new approach blocks USB-C connections and USB-C data at a hardware level with expanded software-based blocking as a fallback.
We started deploying RANDSTRUCT for the kernel, which will eventually be used to have multiple possible struct memory layouts for each device model chosen randomly at boot. Our work on reducing kernel attack surface also continued. We plan to focus more on Linux kernel security going forward.
Our locked device auto-reboot feature from 2021 was replaced with a more secure approach preventing bypasses via crashes. It also avoids chain reboots without introducing a security weakness which makes low timer values such as the minimum 10 minutes far more usable.
We shipped our 2-factor fingerprint unlock feature planned since 2015. It allows people to avoid reliance on secure element security with a strong passphrase while keeping convenience. Fingerprint + scrambled PIN also defends well against being recorded while unlocking.
Several more major improvements specifically against the physical data extraction attack vector are planned. Our next release adds an implementation of zeroing RAM at boot in the kernel to match what fastboot mode does. We also plan to add a toggle for essentially toggling off Device Encrypted data.