From 0cd29b55b3f5ed151db6cfe199be2571bc977525 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sun, 14 Jul 2019 13:40:44 -0400 Subject: [PATCH] improve kernel build documentation --- static/build.html | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/static/build.html b/static/build.html index b5252991..20a8e55f 100644 --- a/static/build.html +++ b/static/build.html @@ -252,10 +252,29 @@ git am ../*.patch

The kernel needs to be built in advance, since it uses a separate build system.

+

List of kernels corresponding to officially supported devices:

+ + + +

As part of the hardening in GrapheneOS, it uses fully monolithic kernel builds with + dynamic kernel modules disabled. This improves the effectiveness of mitigations like + Control Flow Integrity benefiting from whole program analysis. It also reduces attack + surface and complexity somewhat including making the build system simpler. The kernel + trees marked as using a split build above need to have the device variant passed to + the GrapheneOS kernel build script to select the device.

+

For the Pixel 3, Pixel 3 XL, Pixel 3a and Pixel 3a XL, the kernel repository uses submodules for building in out-of-tree modules. You need to make sure the submodule sources are updated before building. In the future, this should end up being handled - automatically by repo.

+ automatically by repo. There's no harm in running the submodule commands + for other devices as they will simply not do anything.

+ +

For example, to build the kernel for marlin:

For example, to build the kernel for blueline: