From 2a31c7291b973771a7da7c8766966fed6aac9192 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Thu, 4 Oct 2018 03:15:55 -0400
Subject: [PATCH] add basic documentation on configuration

---
 README.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/README.md b/README.md
index 315bcd9..3d2aaab 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,26 @@ and 9.0 but only the active AOSP branches (8.1 and 9.0) are supported by this
 project and it doesn't make much sense to use much older releases with far
 less privacy and security hardening.
 
+# Configuration
+
+Compile-time configuration is available in the `config.h` file for controlling
+the balance between security and performance / memory usage. By default, all
+the optional security features are enabled. Options are only provided for the
+features with a significant performance or memory usage cost.
+
+```
+#define GUARD_SLABS true
+#define WRITE_AFTER_FREE_CHECK true
+#define SLOT_RANDOMIZE true
+#define ZERO_ON_FREE true
+#define SLAB_CANARY true
+```
+
+There will be more control over enabled features in the future along with
+control over fairly arbitrarily chosen values like the size of empty slab
+caches (making them smaller improves security), the maximum size of guard
+regions for large allocations and the proportion of slabs to guard slabs.
+
 # Basic design
 
 The current design is very simple and will become a bit more sophisticated as