phasing out monolithic kernel builds for now

Monolithic kernel builds are currently impractical due to frequent compatibility issues when drivers are built into the kernel instead of as dynamic kernel modules. We also benefit from using GKIs too much to switch to using the device kernel tree for the kernel image for 6th gen Pixels.
2022-08-17 20:27:46 -04:00 · 2022-08-17 20:27:46 -04:00 · b54b2305a9
commit b54b2305a9
parent 8b673da903
1 changed files with 3 additions and 4 deletions
--- a/static/features.html
+++ b/static/features.html
@ -310,10 +310,9 @@
                            <li>
                                Hardened kernel
                                <ul>
-                                    <li>Support for dynamically loaded kernel modules is disabled and
-                                    the minimal set of modules for the device model are built into the
-                                    kernel to substantially improve the granularity of Control Flow
-                                    Integrity (CFI) and reduce attack surface.</li>
+                                    <li>Full LTO (Link Time Optimization) is used instead of
+                                    ThinLTO to provide improved Control Flow Integrity (CFI)
+                                    granularity.</li>
                                    <li>4-level page tables are enabled on arm64 to provide a much larger
                                    address space (48-bit instead of 39-bit) with significantly higher
                                    entropy Address Space Layout Randomization (33-bit instead of