Initial hardware memory tagging support now available for Pixel 8 and Pixel 8 Pro in the latest release:
https://grapheneos.org/releases#2023103000
- add infrastructure for hardware memory tagging support
- hardened_malloc: add support for hardware memory tagging launched with the ARMv9 cores on the Pixel 8 and Pixel 8 Pro
- Settings: enable memory tagging toggle at Settings ➔ Security ➔ More security settings ➔ Advanced memory protection beta on supported devices (Pixel 8 and Pixel 8 Pro)
- Pixel 8, Pixel 8 Pro: enable memory tagging support for everything built by GrapheneOS (other than Vanadium, since Chromium currently disables it) and also user installed apps without native libraries (will be expanded to Vanadium later along with the option to use it for all user installed apps)
- Pixel 8, Pixel 8 Pro: use asymmetric memory tagging mode on all cores to provide much higher security than asynchronous mode without much more overhead unlike the very expensive synchronous mode without any clear security benefits over asymmetric