The crosshatch kernel repository (github.com/GrapheneOS/ker) is now used for the Pixel 3a and Pixel 3a XL in addition to the Pixel 3 and Pixel 3 XL. GrapheneOS will still use specialized kernel builds for each device with varying modules to improve CFI and reduce attack surface.
Conversation
Qualcomm's audio and Wi-Fi drivers are maintained in separate Git repositories from the core kernel, and Wi-Fi is split across 3 repositories (fw-api, qcacld-3.0, qca-wifi-host-cmn). It's quite nice that these are now properly unified. Still have a lot of past work to restore.
Replying to
There was an upstream regression preventing disabling the infrastructure for dynamic kernel modules even though GrapheneOS avoids using them along with a regression preventing using the slab canary feature. Resolving these is a high priority and help would be greatly appreciated.
1
1
Android 10 introduced ShadowCallStack support for these devices alongside the existing support for type-based forward edge CFI. Both of these are entirely downstream features. It would help if upstream would stop creating political barriers to security features and Clang support.
1
1