What actually is the memory tagging feature and is it worth turning on?

KKurt · Jan 24, 2024

I keep hearing its an important new feature of the new pixel 8 phones but I don't actually know what it is.

Do I need to have this switched on in the settings somewhere?

[deleted] · Jan 24, 2024

Its automatically enabled. Its for preventing memory buffer overflow exploits.

[deleted] · Jan 24, 2024

A bug chunk of exploits come from buffer overflows.

KKurt · Jan 24, 2024

[deleted] OK thanks. Should I also have it enabled for third party apps? Its toggled off at the moment

[deleted] · Jan 24, 2024

Kurt Yes, you can turn it off on an ap by app basis if you encounter issues whih a specific app. App info > Memory tagging

Xtreix · Jan 24, 2024

Kurt

On Pixel 8, hardened_malloc, memory tagging and native code debugging are enabled for all applications by default, if an apps don't work properly, you can enabled Exploit protection compatibility mode but you reduce security.

MMurcielago · Jan 24, 2024

Some of the advantages of memory tagging have already been mentioned in this discussion.

GrapheneOS itself describes it on X as:

one of the biggest hardware-based security features in the history of computing: hardware memory tagging.

and also:

GrapheneOS will be making heavy use of the hardware memory tagging on the new ARMv9 cores in hardened_malloc.Going to be a massive improvement to exploit protections provided by GrapheneOS and will increase gap with stock Pixel OS even with their memory tagging dev option on.

You can find a good overview of how MTE works here.

Since release 2023112600, memory tagging is activated by default also for apps installed by the user. I personally would leave it like this: If there occur problems with MTE in an app (which rarely seems to be the case - in my case, for example, it only affects a single app), you will receive an error message and can still deactivate MTE for the effected app: App Info> Memory Tagging> disabled.