forced module signing for 6th / 7th gen Pixels

2022-10-25 04:42:22 -04:00 · 2022-10-25 04:42:22 -04:00 · 53683e1382
commit 53683e1382
parent 9dcfb51aae
1 changed files with 2 additions and 0 deletions
--- a/static/releases.html
+++ b/static/releases.html
@ -637,6 +637,8 @@
                    <p>Changes since the 2022102300 release:</p>

                    <ul>
+                        <li>kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro): fix upstream compatibility issue preventing using better hashing algorithms than sha1 for kernel module signing with BoringSSL</li>
+                        <li>kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro): switch from standard GKI kernel module signing (used to enforce protected symbol rules for vendor modules) to forced kernel module signing as an additional lower level layer of security beyond the verification already provided by dm-verity and SELinux</li>
                        <li>Pixel 7, Pixel 7 Pro: handle readlink system call failing in a friendlier way for detection of the camera service executable</li>
                        <li>Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro: add back Pixel charger mode image overrides removed in the <a href="#2022101600">2022101600</a> release (fallback images aren't included on the Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7 and Pixel 7 Pro so these images were completely missing on those devices)
                    </ul>