forced kernel module signing for 4th/5th gen

2022-10-22 05:22:28 -04:00 · 2022-10-22 05:22:28 -04:00 · 2dd17cd389
commit 2dd17cd389
parent e0e7f4504d
1 changed files with 1 additions and 0 deletions
--- a/static/releases.html
+++ b/static/releases.html
@ -639,6 +639,7 @@
                        <li>GmsCompatConfig: stub out privileged BluetoothDevice#setSilenceMode</li>
                        <li>GmsCompatConfig: disable CAST_CONNECTION_NOTIFY popup dialogs</li>
                        <li>GmsCompatConfig: fix crash in FastPair service</li>
+                        <li>kernel (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a): enable forced kernel module signing with a per-build signing key (RSA 4096 / sha256) as an additional lower level layer of security beyond the verification already provided by dm-verity and SELinux</li>
                        <li>kernel (Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a): disable IP_SCTP</li>
                        <li>kernel (Pixel 4a): enable REFCOUNT_FULL</li>
                        <li>Pixel 7, Pixel 7 Pro: fix bug in detection of the camera service executable (inconsequential in practice for this specific case of the bug)</li>