If you want to know the difference between sync and async mode:

https://community.arm.com/arm-community-blogs/b/operating-systems-blog/posts/new-mte-user-guide

Synchronous mode (SYNC)

In synchronous mode, a mismatch between the tag in the address and the tag in memory causes a synchronous exception. This identifies the precise instruction and address that caused the failure, at the cost of a slight performance impact.

Asynchronous mode (ASYNC)

In asynchronous mode, when a tag mismatch occurs the processor continues execution until the next kernel entry, such as a syscall or timer interrupt. At this point, it terminates the process with SIGSEGV using code SEGV_MTEAERR. The processor does not record the faulting address or memory access. ASYNC mode has a smaller impact on performance than SYNC mode.

As synchronous mode prioritizes accuracy of bug detection over performance, it is most useful during development or as part of a continuous integration system. In these situations, the precise bug detection capability is more important than the performance overhead.

On other hand, ASYNC mode is optimized for performance over accuracy of bug reports. The information about where the bug occurred is less precise, but ASYNC mode provides a low overhead detection mechanism for memory safety bugs. It is useful for production systems when performance is more important than detailed bug information.

    What does MTE exactly protect you against? In what situations is this useful?

      [deleted] I have read the whole thread and also the link but it is a little bit too technical for me to understand it fully. Would be nice if someone could explain it little bit more easier as I want to learn :)

          PMUSR I second this, it sounds very exciting but I have got zero clue of what it means lol

          Can anyone give a very simple explanation that a consumer would understand?

          Thanks in advanced

            MTE protects against buffer overflow.

            An example of buffer overflow : I set a table of 4 elements in memory but I go checking the 5th element, 6th element and further --> I access, and potentially modify, willingly or not, more memory than expected with my initial small table.
            This problem is so common that we have the well known website named Stack Overflow.

            How is this discussion pinned but not actually pinned?

              Titan_M2 How is this discussion pinned but not actually pinned

              It is. Try opening a new incognito tab and visit discuss.grapheneos.org

              Keep in mind that the forum's sorting settings are most likely set to 'Latest' on your end by default. This means you'll see the posts sorted by the latest comments.

                  matchboxbananasynergy

                  Even if I don't fully understand how it works - just the fact that MTE addresses a gap that currently accounts for about 70% of severe security vulnerabilities sounds really great! 2 weeks seems like a really ambitious timeline - thank you for your great work, dear developers!

                    • [deleted]

                    • Post #17

                    hello, thanks to MTE you will be able to patch bugs related to memory much faster if I understood correctly, so even if generation 6 and 7 are not compatible, research on security will also be beneficial for them?

                      Titan_M2 Will GOS ever stand against softwares like Pegasus and such even when GOS will use its own hardware?

                          @

                          PMUSR @[deleted]

                          If you look at it realistically, there will probably always be ways and means to compromise a smartphone - if only an actor uses enough resources. It's more a matter of raising the bar significantly.

                          If you haven't heard of it, I highly recommend this interview from The Hated One with a GrapheneOS security researcher. It doesn't answer your question specifically, but it goes in that direction. From about minute 47, your question is addressed in general, later Gabe - that's the name of the security researcher - also talks about MTE.

                              Murcielago so I've heard of Pegasus before but don't know much about it.
                              Is that software pretty much able to hack pixels with graphene os now? Or is it still difficult?

                                  L8437 Pegasus itself can't hack anything. It's just the payload that is deployed after access has been gained to a device. It has to be combined with a complicated exploit chain. These can often be worth millions of dollars and are mostly by nation state actors and other advanced adversaries. Companies like Zerodium aggregate chains of zero-day exploits and then sell them to companies like the NSO Group, the makers of Pegasus, for astronomical sums of money, often millions of dollars. It's a very dirty market. It's not really possible to safely assume what devices/software can currently be exploited by Pegasus or any advanced malware, it depends on what zero-day exploits they currently know about. These zero-days are pretty much single-use though. After an exploit gets deployed, it's likely for the device to be sent to an organization like Citizen Lab where it is closely examined, the malware is inspected and the vulnerability is reported to the vendor of the device/software and fixed. The Hated One made a great video about malware like Pegasus and zero-day exploits in general: https://piped.video/watch?v=LOPWNJxdxWY
                                  You can also check out the Pegasus Project, it's a research group consisting of journalists in various countries who try to uncover as much information about Pegasus as possible.