document recent ARMv9 hardening improvements

This commit is contained in:
Daniel Micay 2024-03-12 10:56:37 -04:00
parent 9e1c1a731f
commit bd1b44724d

View File

@ -343,6 +343,12 @@
there's a deep userspace compromise.</li>
<li>Additional consistency / integrity checks are enabled for
frequently targeted kernel data structures.</li>
<li>On ARMv9, Branch Target Identification (BTI) is enabled in
addition to Clang type-based Control Flow Integrity (CFI) to
cover functions excluded from type-based CFI</li>
<li>On ARMv9, ShadowCallStack (SCS) is enabled in addition to
Pointer Authentication Code (PAC) return address protection
instead of only enabling SCS when PAC is unavailable</li>
</ul>
</li>
<li>Android Runtime Just-In-Time (JIT) compilation/profiling is fully