Memory Tagging vs remote hacking

K8y

Hello,
I read that the new Pixels have memory tagging MTE features, which help fight remote hacking. Is this any different with graphene OS?

Is the Graphene MTE memory tagging any better at preventing remote hacking than the google stock version?

Thank you.

Xtreix

K8y From what I know, MTE is not enabled on Pixels with stock Android that support it, it's an option for developers only.

GrapheneOS is the only OS to fully support MTE for compatible devices.

Or maybe MTE is activated for the Pixel 9 serie ?

Carlos-Anso

Xtreix
As far as Im aware MTE is only enabled by default on GrapheneOS. By default all the apps that come bundled use it, including Vanadium. Can enable it for 3rd party apps but it can cause some apps with memory bugs to have issues. Many apps work fine. Can turn it off for individual apps that are impacted due to memory bugs.

On stock MTE is implemented as a feature developers can enable and use to check for memory bugs in apps. Have to switch it on in Dev options and set it up via adb.

Xtreix

Carlos-Anso Yes, MTE is only enabled by default in GOS from what I know too, now based on the OP's question, because he talk about the “new Pixels”, I asked myself the question, I haven't looked into it regarding the Pixel 9 series but I also don't remember reading that Google has enabled MTE by reading the google security blog, I'm going to assume it's still not enabled and only GrapheneOS fully supports it by default.

fid02

I recently experimented with MTE on stock PixelOS (stable Nov. release and 15 QPR1) and can confirm that it's not enabled by default. Needed to run commands with adb* to enable it. There's a developer option to enable it but not sure it's sufficient; a GrapheneOS developer wrote on Github that it's not, so I used adb. After enabling MTE on stock PixelOS you will have to manually capture a bug report either with adb or from developer options in order to get a stacktrace; PixelOS won't show you a crash notification with logs. That is probably useful to do on GrapheneOS as well if a developer needs complete system logs to debug an issue, but GrapheneOS also provides a crash notification where the user can save a stacktrace (tombstone) directly without enabling developer options to create a full bugreport. That's very nice.

Worth noting that GrapheneOS' MTE usage aims at additional hardening compared to the stock PixelOS; some more information about that here. In my experience it does catch more bugs in daily usage compared to MTE usage with Android's stock allocator (Scudo; also used on stock PixelOS).

Also worth noting that GrapheneOS forces usage of memory tagging for apps that use custom crash handlers: https://github.com/GrapheneOS/platform_art/commit/83ca0f414896bd9fd49c56adbe789e205e03c43c
Likely that this feature helped me to provide a stacktrace to Onlyoffice developers even when MTE usage on stock PixelOS did not give me a crash report (although it did crash the process).
For third-party apps run on GrapheneOS you will of course need to enable memory tagging for an app for this to come into effect.

For anyone interested in experimenting with MTE on PixelOS, I used these commands to enable it (taken from an article by Google Project Zero):

adb shell
shiba:/ $ setprop arm64.memtag.bootctl memtag
shiba:/ $ setprop persist.arm64.memtag.app_default sync
shiba:/ $ setprop persist.arm64.memtag.default sync
shiba:/ $ reboot

*adb shouldn't really be used with an OS you run as a "daily driver", because of the security implications of giving a computer large control over your device, which means you are placing a large amount of trust into that computer.

K8y

Thank you all. Is there a link that Graphene OS has that shows new users how to use or optimize the MTE? Or is it all automatically taken care of, nothing needs to be done after Graphene is downloaded?

For example, if someone walks home with a new device and downloads Graphene OS, is there like a basic checklist of suggested things to do & download? It might be a good idea for us types who are still learning. Maybe have 2 separate beginner and expert level checklists of suggested things to do.

Thank you again and Happy Thanksgiving 🦃

fid02

K8y Thank you all. Is there a link that Graphene OS has that shows new users how to use or optimize the MTE? Or is it all automatically taken care of, nothing needs to be done after Graphene is downloaded?

You don't need to do anything. MTE is enabled by default on GrapheneOS for devices that support it (currently Pixel 8 and 9 series devices). There are toggles to enable/disable MTE for apps that are not preinstalled (third-party apps) though. Can easily be toggled.

Carlos-Anso

K8y
If you want to have MTE used as much as possible its best to switch the toggle in security settings in owner user to have memory tagging enabled by default for 3rd party apps which have native libraries. By default MTE is not enabled for this type of 3rd party app.

K8y

Carlos-Anso thank you, just a clarification request: does MTE actively protect against/block remote intruders (like antivirus), or is it rather simply a tool that helps developers more easily find corruptions in memory logs that could later (or currently) be exploited by hackers, so the good guys can patch the problem quicker than before MTE was available?

de0u

K8y Does MTE actively protect against/block remote intruders (like antivirus), or is it rather simply a tool that helps developers more easily find corruptions in memory logs that could later (or currently) be exploited by hackers, so the good guys can patch the problem quicker than before MTE was available?

It does both to some extent (and does neither perfectly).

If MTE detects an illegal memory use and crashes an application, and the application was illegally using memory due to an exploit, the exploit was stopped from running. It may not have been stopped right away, but it was stopped before it was planning to stop. In such a case MTE provided some protection to the owner of the device where the crash occurred.

If MTE detects an illegal memory use and crashes an application, and the application was illegally using memory due to regular old bug (not an exploit), then the information is useful to the developers of the app so that they can fix a bug which has a fair likelihood of being exploitable.

There is no easy way to tell whether any specific MTE crash was due to an attack or a bug. Probably most of the time it's due to a bug.