Unlike the stock Pixel OS, we enable pointer authentication (PAC) return protection for userspace instead of only the kernel. Similar to BTI, this is easy to enable and doesn't cause regressions. Unlike the stock Pixel OS, we use Shadow Call Stack as an extra layer on top of PAC in the kernel.
=> More informations about this toot | View the thread | More toots from GrapheneOS@grapheneos.social
text/geminiThis content has been proxied by September (ba2dc).