security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

apply SCS/PAC/BTI changes to 6.1 kernel too

Browse Source
This commit is contained in:
Daniel Micay 2024-02-04 00:20:33 -05:00
parent 83420b2b2a
commit 8508523ab3
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
static/releases.html
View File

@ -732,8 +732,8 @@
<li>run full explicit GC in SystemUI and system_server after locking (this is already done after unlocking to purge the lock method and derived data, but it makes sense to do it after locking too)</li> <li>run full explicit GC in SystemUI and system_server after locking (this is already done after unlocking to purge the lock method and derived data, but it makes sense to do it after locking too)</li>
<li>kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.209</li> <li>kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.209</li>
<li>kernel (Pixel 8, Pixel 8 Pro, Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.148</li> <li>kernel (Pixel 8, Pixel 8 Pro, Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.148</li>
<li>kernel (Pixel 8, Pixel 8 Pro, Generic 5.15): enable both software Shadow Call Stack (SCS) and Pointer Authentication Code (PAC) protection for kernel return addresses instead of only using SCS when PAC is unavailable</li> <li>kernel (Pixel 8, Pixel 8 Pro, Generic 5.15, Generic 6.1): enable both software Shadow Call Stack (SCS) and Pointer Authentication Code (PAC) protection for kernel return addresses instead of only using SCS when PAC is unavailable</li>
<li>kernel (Pixel 8, Pixel 8 Pro, Generic 5.15): enable Branch Target Identification (BTI) protection for the kernel in addition to Clang type-based CFI to provide coarse-grained CFI coverage for calls excluded from CFI</li> <li>kernel (Pixel 8, Pixel 8 Pro, Generic 5.15, Generic 6.1): enable Branch Target Identification (BTI) protection for the kernel in addition to Clang type-based CFI to provide coarse-grained CFI coverage for calls excluded from CFI</li>
<li>kernel (Generic 6.1): apply sysrq hardening changes</li> <li>kernel (Generic 6.1): apply sysrq hardening changes</li>
<li>kernel (Generic 6.1): update to latest GKI LTS branch revision including update to 6.1.74</li> <li>kernel (Generic 6.1): update to latest GKI LTS branch revision including update to 6.1.74</li>
<li>Vanadium: update to <a href="https://github.com/GrapheneOS/Vanadium/releases/tag/121.0.6167.101.2">version 121.0.6167.101.2</a></li> <li>Vanadium: update to <a href="https://github.com/GrapheneOS/Vanadium/releases/tag/121.0.6167.101.2">version 121.0.6167.101.2</a></li>