enable BTI for baseline kernel CFI

GrapheneOS · Feb 1, 2024 · 82f0387 · 82f0387
1 parent 620ca46
commit 82f0387
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/static/releases.html b/static/releases.html
@@ -731,6 +731,7 @@ <h3><a href="#2024012600">2024012600</a></h3>
                     <ul>
                         <li>kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.209</li>
                         <li>kernel (Pixel 8, Pixel 8 Pro, Generic 5.15): update to latest GKI LTS branch revision</li>
+                        <li>kernel (Pixel 8, Pixel 8 Pro, Generic 5.15, Generic 6.1): enable kernel arm64 Branch Target Identification (BTI) kernel protection to provide baseline coarse-grained Control Flow Integrity (CFI) for indirect calls with fine-grained CFI disabled (BTI reuses the existing PAC instructions included in non-leaf functions so it only needs to add BTI instructions to leaf functions)</li>
                         <li>kernel (Generic 6.1): apply sysrq hardening changes</li>
                         <li>kernel (Generic 6.1): update to latest GKI LTS branch revision including update to 6.1.74</li>
                         <li>Vanadium: update to <a href="https://github.com/GrapheneOS/Vanadium/releases/tag/121.0.6167.101.2">version 121.0.6167.101.2</a></li>