For example, various security features in the kernel including type-based Control Flow Integrity (CFI) and the shadow call stack are currently specific to the kernels for these devices. Pixel targets have a lot of device-specific hardening in the AOSP base along with some in GrapheneOS which needs to be ported over too. Shipping all of this is necessary for full security updates and is tied to enabling verified boot / attestation. Other than some special cases like the emulator, the generic targets rely on the device support code present on the device. Providing proper support for a device or generic device family requires providing an up-to-date kernel and device support code including driver libraries, firmware and device SELinux policy extensions. These targets don't receive full monthly security updates, don't offer all of the baseline security features and are intended for development usage. These generic targets can be used with the emulator along with many smartphones, tablets and other devices. We recommend using the sdk_phone_x86_64 target in either the userdebug or eng variant for most development work. These targets don't receive full monthly security updates, don't provide all of the baseline security features and are intended for development usage. These are extended versions of the generic targets with extra components for the SDK. The best development devices are the Pixel 6 and 7 series. It's not possible to work on everything via past generation devices. Newer generation devices have stronger hardware / firmware security and hardware-based OS security features and are better development devices for that reason. A fully signed user build for these devices is a proper GrapheneOS release. These are all fully supported production-ready targets supporting all the baseline security features and receiving full monthly security updates covering all firmware, kernel drivers, driver libraries / services and other device-specific code.
0 Comments
Leave a Reply. |