Further document GrapheneOS memory protections

Further detail hardened_malloc memory protections, and document MTE for supported devices.
2024-03-24 04:42:15 +00:00 · 2024-03-24 04:42:15 +00:00 · 0bd4bcecbe
commit 0bd4bcecbe
parent 8313349176
1 changed files with 6 additions and 2 deletions
--- a/about.xhtml
+++ b/about.xhtml
@ -1,7 +1,7 @@
 <!DOCTYPE html>

 <!-- Inferencium - Website - About -->
-<!-- Version: 10.2.0-alpha.9 -->
+<!-- Version: 10.2.0-alpha.10 -->

 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@ -653,7 +653,11 @@
 														<a href="https://github.com/GrapheneOS/kernel_gs-gs101/">hardened kernel</a>,
 														hardened memory allocator
 														(<a href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>)
-														to protect against common memory corruption vulnerabilities,
+														to protect against common heap memory corruption vulnerabilities
+														and reduce the lifetime of data in memory due to
+														zero-initialising memory on it being freed, Arm's Memory Tagging
+														Extension to provide protection against heap memory bugs such as
+														use-after-free and buffer overflow (supported devices only),
 														<a href="https://github.com/GrapheneOS/platform_bionic/">hardened Bionic standard C library</a>,
 														<a href="https://github.com/GrapheneOS/platform_system_sepolicy/">stricter SELinux policies</a>,
 														and local and remote hardware-backed attestation