lucasmz-dev
commented
2 months ago As far as I know it's really an AOSP feature, so a lot of others here should also be marked as "Yes" as well; but I can only really say that for Calyx.
Closed lucasmz-dev closed 2 months ago
lucasmz-dev
commented
2 months ago As far as I know it's really an AOSP feature, so a lot of others here should also be marked as "Yes" as well; but I can only really say that for Calyx.
matchboxbananasynergy
commented
2 months ago How is it supported? If you're referring to the developer option in AOSP, that's not nearly complete or production ready (unfortunately).
https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html you can see here what's said about the upstream implementation of this. This is not at all how memory tagging is implemented on GrapheneOS, so depending on what CalyxOS and other options are doing, there should be a clear differentiator between the various options to explain the nuance.
Edit: I figured I would add more context here to compliment the above. Enabling the developer option for this doesn't really do anything useful. It requires enabling it via ADB, and is a bug finding feature for developers. It has no per-app toggle (that means that one app with a memory corruption bug will lead to people having to disable it). More importantly, it doesn't use the security asymmetric mode.
SkewedZeppelin
commented
2 months ago There are additional issues with this developer toggle.
For instance A14 will randomly sample programs with GWP-ASAN which bypasses MTE in that case: https://developer.android.com/ndk/guides/gwp-asan#recoverable
Recoverable GWP-ASan is enabled only on approximately 1% of app launches, rather than every application launch.
Additionally without per-app toggles, apps like Orbot and Tor Browser cannot be used currently.
It supports it, on supported devices. (which are the 8 series only ofc since it's a armv9 feature)