explicitly list userspace compiler hardening flags

Most of these features are now done upstream other than enabling PAC, BTI and making signed integer overflow well-defined when overflow checking isn't enabled. There are other things which could be considered to be part of this set of features but are covered elsewhere already.
2024-03-12 11:08:53 -04:00 · 2024-03-12 11:08:53 -04:00 · 214f5f3d2b
commit 214f5f3d2b
parent bd1b44724d
1 changed files with 5 additions and 1 deletions
--- a/static/features.html
+++ b/static/features.html
@ -305,7 +305,11 @@
                                    been reused once and gone through the quarantines twice</li>
                                </ul>
                            </li>
-                            <li>Hardened compiler toolchain</li>
+                            <li>On ARMv9, Branch Target Identification (BTI) and Pointer
+                            Authentication Code (PAC) return address protection are enabled for
+                            userspace OS code we build instead of only specific apps</li>
+                            <li>Signed integer overflow is made well defined in C and C++ for code
+                            where automatic overflow checking is disabled</li>
                            <li>
                                Hardened kernel
                                <ul>