2828 < link rel ="manifest " href ="/manifest.webmanifest "/>
2929 < link rel ="license " href ="/LICENSE.txt "/>
3030 < link rel ="me " href ="https://grapheneos.social/@GrapheneOS "/>
31+ [[js|/js/redirect.js]]
3132 </ head >
3233 < body >
3334 {% with current_page="features" %}
@@ -81,7 +82,7 @@ <h2><a href="#table-of-contents">Table of contents</a></h2>
8182 < li > < a href ="#attack-surface-reduction "> Attack surface
8283 reduction</ a >
8384 < ul >
84- < li > < a href ="#usb-c-port-control "> USB-C port control</ a > </ li >
85+ < li > < a href ="#usb-c-port-and-pogo-pins- control "> USB-C port and pogo pins control</ a > </ li >
8586 </ ul >
8687 </ li >
8788 < li > < a href ="#exploit-mitigations "> Exploit
@@ -254,16 +255,14 @@ <h4><a href="#attack-surface-reduction">Attack surface reduction</a></h4>
254255 settings screen.</ li >
255256 </ ul >
256257
257- < h5 id ="usb-c-port-control "> < a href ="#usb-c-port-control "> USB-C port control</ a > </ h5 >
258+ < h5 id ="usb-c-port-and-pogo-pins- control "> < a href ="#usb-c-port-and-pogo-pins- control "> USB-C port and pogo pins control</ a > </ h5 >
258259
259- < p > Our USB-C port mode setting for Tensor Pixels offers precise control over
260- USB functions, allowing complete disabling of USB controller functionality
261- including data lines.</ p >
262-
263- < p > Unlike the standard Android USB HAL and device administration API, our
264- USB-C port control fully disables USB-C functionality at the hardware level
265- using device-specific kernel modifications. This greatly reduces the USB-C
266- attack surface based on the chosen setting.</ p >
260+ < p > Our < b > USB-C port and pogo pins</ b > setting protects against attacks
261+ through USB-C or pogo pins while the OS is booted. For the majority of
262+ devices without pogo pins, the setting is labelled < b > USB-C port</ b > . We
263+ have a less advanced version of this feature on devices launched prior to
264+ October 2021 (Pixel 5a and earlier) since it requires a hardware-specific
265+ implementation with driver changes.</ p >
267266
268267 < p > The feature has five modes:</ p >
269268
@@ -276,9 +275,26 @@ <h5 id="usb-c-port-control"><a href="#usb-c-port-control">USB-C port control</a>
276275 </ ul >
277276
278277 < p > The default is < b > Charging-only when locked</ b > , which significantly
279- reduces attack surface when the device is locked. After locking, new
280- connections are blocked immediately, and data lines are disabled when
281- existing connections end.</ p >
278+ reduces attack surface when the device is locked. After locking, it blocks
279+ any new USB connections immediately through either USB-C and pogo pins at
280+ both the hardware level via configuring the USB controller and also at the
281+ OS level in the kernel to provide a second layer of defense. It disables the
282+ data lines at a hardware level as soon as the existing connections end which
283+ happens right away if there were new USB connections. It also disables USB-C
284+ alternate modes including DisplayPort at both the OS and hardware level.</ p >
285+
286+ < p > Our implementation is far more secure than Android's standard USB HAL
287+ toggle available to device admin apps. The standard feature only disables
288+ high level USB handling in the OS. It doesn't block new USB connections or
289+ disable the data lines at a hardware level. It also leaves the handling of
290+ the USB-C and pogo pin protocols enabled in the OS, and it doesn't deal with
291+ USB-C alternate modes. The standard feature is also either blocking or not
292+ blocking USB at a high level, without the ability to block new connections
293+ and disable USB only once the existing connections end. Other operating
294+ systems trying to implement a similar feature via the standard toggle end up
295+ continuing to allow new USB connections in the OS until all connections end
296+ instead of the 2 phase approach we use for our two Charging-only when locked
297+ modes.</ p >
282298 </ section >
283299
284300 < section id ="exploit-mitigations ">
0 commit comments