security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

further explanation for generic targets

Browse Source
This commit is contained in:
Daniel Micay 2019-09-26 18:25:41 -04:00
parent 2fb11baf67
commit 1adc4ad6f5
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
static/build.html
View File

@ -139,8 +139,18 @@
<p>These generic targets can be used with the emulator along with many smartphones, <p>These generic targets can be used with the emulator along with many smartphones,
tablets and other devices. These targets don't receive full monthly security updates, tablets and other devices. These targets don't receive full monthly security updates,
don't provide all of the baseline security features like verified boot and are don't offer all of the baseline security features and are intended for development
intended for development usage.</p> usage.</p>
<p>Providing proper support for a device or generic device family requires providing
an up-to-date kernel and device support code including driver libraries, firmware and
device SELinux policy extensions. Other than some special cases like the emulator, the
generic targets rely on the device support code present on the device. Shipping all of
this is necessary for full security updates and is tied to enabling verified boot /
attestation. Pixel targets have a lot of device-specific hardening in the AOSP base
along with some in GrapheneOS which needs to be ported over too. For example, various
security features in the kernel including type-based Control Flow Integrity (CFI) and
the shadow call stack are currently specific to the kernels for these devices.</p>
<p>SDK emulator targets:</p> <p>SDK emulator targets:</p>
@ -155,8 +165,7 @@
<p>These are extended versions of the generic targets with extra components for the <p>These are extended versions of the generic targets with extra components for the
SDK. These targets don't receive full monthly security updates, don't provide all of SDK. These targets don't receive full monthly security updates, don't provide all of
the baseline security features like verified boot and are intended for development the baseline security features and are intended for development usage.</p>
usage.</p>
<p>Board targets:</p> <p>Board targets:</p>
@ -170,7 +179,7 @@
are major issues with the graphics drivers among other problems. The intention is to are major issues with the graphics drivers among other problems. The intention is to
support them, but the necessary time has not yet been dedicated to it. These targets support them, but the necessary time has not yet been dedicated to it. These targets
don't receive full monthly security updates, don't provide all of the baseline don't receive full monthly security updates, don't provide all of the baseline
security features like verified boot and are intended for development usage.</p> security features and are intended for development usage.</p>
<h2 id="build-dependencies"> <h2 id="build-dependencies">
<a href="#build-dependencies">Build dependencies</a> <a href="#build-dependencies">Build dependencies</a>