re: Apple Memory Integrity Enforcement
Pixels have provided hardware memory tagging (MTE) support since the Pixel 8. GrapheneOS deployed it in production around a month after the launch of the Pixel 8 and we use it for the kernel and nearly the entire base OS. We use it for some third party apps and users can opt-in to using it for all.
There have been multiple revisions of ARM MTE. FEAT_MTE4 (Enhanced Memory Tagging Extension) is the 4th generation of ARM MTE improvements, not the beginning of it. The baseline feature was already a game changer for defending devices. The improvements will make their way to devices providing it.
Being able to leak data via side channels is a known issue with modern CPUs with many rounds of issues being discovered and addressed. ARM has been working on fully resolving it for MTE itself. Apple CPUs have had much more severe issues with side channels than Cortex, so it's a strange jab by them.
Unlike iPhone users, #GrapheneOS users have been well protected by attacks from Cellebrite and other exploit development companies.
Apple talks a big game but consistently fails to protect their users against broadly deployed exploits used at a large scale.
ARM shipped MTE support multiple years before Apple in their Cortex cores. Yes, it was discovered to have a side channel usable by local attackers. This doesn't ruin it. MTE only has 4 bit tags which is a bigger weakness than the side channel. MTE still paves the way for stronger future features.
Apple has far more severe side channels in their hardware which leak user data. It's strange to portray leaking tags as a severe issue ruining a feature when they've consistently downplayed the impact of endless side channels vulnerabilities directly leaking sensitive user data on iPhones and Macs.
GrapheneOS Discussion Forum
Cellebrite Premium July 2024 documentation - GrapheneOS Discussion Forum
GrapheneOS discussion forum