Actually the pixel 7 should already get it. I would be very disappointed if the 8 doesn't get it. Too bad the way they are going to use it won't guarantee 100 percent memory safety.
Pixel 8 Pro
Here's an article covering the differences between Pixel 8 and current/older generation Pixels in regards to memory tagging. The feature is expected in Android 14, which is to release later this year.
https://www.androidauthority.com/android-14-advanced-memory-protection-3281197/
Nuttso The Pixel 7 does not have the mte instruction on it's SoC. It will never get memory tagging.
- Edited
Nuttso I can't find any reference that the Pixel 7's Arm 8.2 supports MTE functionality. It appears that some MTE functionality exists for Arm v8.5+ with "full" (or mature) functionality in Arm v9+.
It appears that Arm v8.5 introduced MTE and ABI, which is a way for the system/OS to inform the bootloader to override its default MTE configuration. (I think)
Armv8.5-A incorporates a new feature called Memory Tagging.
If Arm v8.2 (Pixel 7) does in fact support some MTE functionality, then in theory (I am not an Android developer), the Pixel 7 should be able to have MTE enabled by the GrapheneOS developers through its build configuration. However, the Pixel 7 will likely lack the ability for an OS settings toggle due to the lack of the ABI capability (introduced in 8.5).
In Android 13, Google added an ABI for the userspace to communicate the requested MTE operating mode to the bootloader.
https://www.xda-developers.com/android-14-advanced-memory-protection/
An additional feature in Arm v8.7-A, Asymmetric MTE mode provides synchronous checking on memory reads, and asynchronous checking of memory writes, with performance similar to that of the ASYNC mode.
https://source.android.com/docs/security/test/memory-safety/arm-mte
flawedworld i know. But it was supposed to.
Same for the 7a?
- Edited
Get the Pixel 8
My present plan is to buy a Pixel 8 to replace my Pixel 5 when it goes EOL, as my GrapheneOS phone, and keep my 7 Pro as my Googly phone.
Blastoidea The 7a uses the same SoC as the 7. It also will never get mte.
flawedworld
That’s why the 7 Pro will be my Googly phone, and the 8 will be my No-Google phone.
matchboxbananasynergy
@flawedworld
Confirming my understanding and a few questions: am I correct in my understanding that MTE is only a probabilistic measure, i.e. a mitigation measure, against Spectre? Project Zero
It says that the random assignment of tag parts can be achieved using compression techniques (e.g. EA0) to achieve more assignments, but will GrapheneOS developers ever modify this on their own?
Also, is the idea of having the tag generation, compression, and allocation calculations implemented in a sandbox within a TEE (v8 TrustZone, v9 RME, etc.) realistic?Implement MTE tag compression for swapped pages
- Edited
Well the Pixel 8/8 Pro is here and im gonna buy a Pixel phone for the first time and also first time to install GOS and use it and have some noob questions.
1: If I install apps in Owner profile, will those apps show up in User profiles as installed or available for install in User profile?
2: If you install new apps in User profiles, will those apps show up in Owner profile like in "apps" in settings and on screen?
3: If you want a clean Owner profile and all privacy apps in a User profile, from what profile should you install the privacy apps?
4: If you connect the phone to a desktop and need to export and import files. How does it work when you have several profiles? Does each profile has its "own" storage?
Thanks in advance :)
- Edited
If you have an app installed in the owner profile, you can pass it on to a secondary profile by using the "Install available apps" feature in the user profile's configurations settings.
Apps installed on all profiles will show up in Settings > Apps in the Owner profile, the same is not true in reverse, however (you won't see apps from other profiles in secondary profiles).
Two ways to go about it. You can either keep owner completely blank and just create a secondary user profile and install them there, or you can use the owner profile as the profile where you install all of the apps you'd want to use in all other user profiles you create, which you can then distribute to them via the "Install available apps" feature. So your owner profile would contain all apps that you're using among all of your profiles, but you would only be updating them in owner, not using them. GrapheneOS allows you to also disable user installed apps instead of just system apps, so you can install and immediately disable apps in the owner profile, which will still keep them updated, but without them having the ability to run at all in the owner profile.
I'm pretty sure you'd only be seeing the files of the profile you're currently logged into. Profiles have their own user and app data that's separate from other profiles.
matchboxbananasynergy point number 3 is what I've done, but I didn't know about disabling them. Thanks alot for this answer, very helpful
matchboxbananasynergy another question regarding point number 3.
If you have owner profile, signed into a throwaway Gmail.
Install apps.
Disable them
Install them to user profile by going through the multiple user settings.
Now on the user profile, it has play store,services and frame work installed, activated BUT not signed into a Google account.
Will the apps being used in the user profile, associate with the Google account signed into play store of the owner profile ?
Sorry if this is confusing
[deleted]
- Edited
L8437 Will the apps being used in the user profile, associate with the Google account signed into play store of the owner profile ?
Apps installed in an user profile will not be able to associate with the Signed in Google account of other profiles, including the Owner user profile.
Thanks a lot for the reply :)
Lets say if you install an app in first user profile. Would you have to install it also in second user profile to use that same app in the second user profile?
What about updates. If you have installed an app in first user profile and updating it, would the same app also be updated in second user profile? How does that work?
UPS just dropped off my Google Pixel 8 Pro Oct/12/23 that I pre-ordered on the 4th.
For anyone that knows, in the past when a new Pixel came out, was it less than a month before GrapheneOS developers had a new image tuned up and ready? I was just curious about what to expect or what happened in previous timelines.
It's hard to say. sometimes they're quick with it, other times bugs are uncovered and they need a bit to fix them. also depends how quickly devs get their devices in the mail I'd imagine.
The 8 Pro kernel repository was created a couple hours ago though: https://github.com/GrapheneOS/device_google_shusky-kernel
So definitely in the works. Takes time, can't rush these things and they are resource limited.