Further detail compile-time options.

security/hardened_malloc.adoc

@@ -1,6 +1,6 @@
 = GrapheneOS hardened_malloc
 
-Version: 0.1.0.11
+Version: 0.1.0.12
 
 
 This documentation contains instructions to use
@@ -37,9 +37,19 @@ no impact on the security properties of hardened_malloc.
 * Minimum number of arenas: 1
 * Maximum number of arenas: 256
 
+For extra security, `CONFIG_SEAL_METADATA=true` can be used in order to control whether Memory
+Protection Keys are used to disable access to all writable allocator state outside of the memory
+allocator code. It's currently disabled by default due to a significant performance cost for this
+use case on current generation hardware. Whether or not this feature is enabled, the metadata is all
+contained within an isolated memory region with high entropy random guard regions around it.
+
 For low-memory systems, `VARIANT=light` can be used to compile the light variant of hardened_malloc,
 which sacrifices some security for much less memory usage.
 
+For all compile-time options, see the
+https://github.com/GrapheneOS/hardened_malloc#configuration[configuration section] of
+hardened_malloc's extensive official documentation.
+
 == Copy Compiled hardened_malloc Library
 
 `# cp out/libhardened_malloc.so <target_path>`