clarify separate kernel builds
This commit is contained in:
Daniel Micay
parent
3669cfe990
commit
9caedd8eb1
@ -286,15 +286,15 @@ cd ../..</pre>
|
|||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
<li>Pixel, Pixel XL: marlin - shared build</li>
|
<li>Pixel, Pixel XL: marlin - shared build</li>
|
||||||
<li>Pixel 2, Pixel 2 XL: wahoo - split build due to hardening</li>
|
<li>Pixel 2, Pixel 2 XL: wahoo - separate taimen and walleye builds due to hardening</li>
|
||||||
<li>Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL: crosshatch - split build due to hardening</li>
|
<li>Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL: crosshatch - separate crosshatch, blueline and bonito builds due to hardening</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<p>As part of the hardening in GrapheneOS, it uses fully monolithic kernel builds with
|
<p>As part of the hardening in GrapheneOS, it uses fully monolithic kernel builds with
|
||||||
dynamic kernel modules disabled. This improves the effectiveness of mitigations like
|
dynamic kernel modules disabled. This improves the effectiveness of mitigations like
|
||||||
Control Flow Integrity benefiting from whole program analysis. It also reduces attack
|
Control Flow Integrity benefiting from whole program analysis. It also reduces attack
|
||||||
surface and complexity somewhat including making the build system simpler. The kernel
|
surface and complexity somewhat including making the build system simpler. The kernel
|
||||||
trees marked as using a split build above need to have the device variant passed to
|
trees marked as using a separate build above need to have the device variant passed to
|
||||||
the GrapheneOS kernel build script to select the device.</p>
|
the GrapheneOS kernel build script to select the device.</p>
|
||||||
|
|
||||||
<p>For the Pixel 3, Pixel 3 XL, Pixel 3a and Pixel 3a XL, the kernel repository uses
|
<p>For the Pixel 3, Pixel 3 XL, Pixel 3a and Pixel 3a XL, the kernel repository uses
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user