I am incredibly happy that Apple has added MTE support to the latest iPhones and perhaps the M5 chips as well (?). If that’s the case I don’t think any other personal computers have anything close to Apple machines in terms of memory safety and related topics (Secure Enclave etc).
Hope other vendors will ship MTE in their laptop and desktop chips soon enough. While I’m very positive about x86_64 adding support for this (ChkTag), it’ll definitely take a while…
In my opinion a worthwhile enough reason to upgrade but feels like a waste given my current devices work great.
abalone•4h ago
Not only does M5 have MTE, it has an "enhanced" version of it.
"We conducted a deep evaluation and research process to determine whether MTE, as designed, would meet our goals for hardware-assisted memory safety. Our analysis found that, when employed as a real-time defensive measure, the original Arm MTE release exhibited weaknesses that were unacceptable to us, and we worked with Arm to address these shortcomings in the new Enhanced Memory Tagging Extension (EMTE) specification, released in 2022."[1]
Do you know if macos has the changes needed to make use of MIE with M5? I assume that it has with iPadOS.
summa_tech•3h ago
It's MTE4. The "enhancements" mostly make it easier for Apple developers to hack XNU into continuing to operate with MTE.
astrange•48m ago
It's more like MTE was originally intended as a debugging tool (like ASan), and MTE4 makes it work as a security hardening measure.
contact9879•1h ago
do you have a citation for M5 having MTE?
astrange•49m ago
It does.
musicale•4h ago
Compiler/runtime support via clang and llvm should help I hope.
I'd like to get to the point where web browsers (for example) always run with memory-safe compilation and runtime features on every platform. OS kernels would be nice as well.
It will be nice to see more OSes ship with memory safety on by default for everything. Maybe OpenBSD is next?
throwawaymaths•2h ago
sel4 ships with memory safety on by default.
a-dub•4h ago
wouldn't it be like a crime against the crown to not have a cheri like thing in arm?
commandersaki•3h ago
I always see cheri brought up and admittedly I know very little about it, except that the ergonomics appear poor requiring twice the storage for each pointer and ground up rearchitecting of the OS, making it quite unappealing from an engineering standpoint.
Sooo, less reasons (more excuses) for people to move from C++ to Rust?
1718627440•3h ago
Honestly it feels at the right abstraction layer too. With Rust you rely on correctness in translation, it is much better to have defense in depth than in breadth.
kibwen•1h ago
Rust is already part of defense-in-depth. Despite its memory safety, Rust still turns on ASLR, guard pages, stack probes, etc.
dagmx•1h ago
If you don’t mind moving the whole issue to runtime, then sure. The value of rust is that you catch these issues at compile time so you’re not releasing these sorts of bugs in the first place and aren’t reliant on the capabilities of the users machine to catch it for you.
javierhonduco•5h ago
Hope other vendors will ship MTE in their laptop and desktop chips soon enough. While I’m very positive about x86_64 adding support for this (ChkTag), it’ll definitely take a while…
In my opinion a worthwhile enough reason to upgrade but feels like a waste given my current devices work great.
abalone•4h ago
"We conducted a deep evaluation and research process to determine whether MTE, as designed, would meet our goals for hardware-assisted memory safety. Our analysis found that, when employed as a real-time defensive measure, the original Arm MTE release exhibited weaknesses that were unacceptable to us, and we worked with Arm to address these shortcomings in the new Enhanced Memory Tagging Extension (EMTE) specification, released in 2022."[1]
The enhancements add:[2]
* Canonical tag checking
* Reporting of all non-address bits on a fault
* Store-only Tag checking
* Memory tagging with Address tagging disabled
[1] https://security.apple.com/blog/memory-integrity-enforcement...
[2] https://developer.arm.com/documentation/109697/0100/Feature-...
commandersaki•3h ago
summa_tech•3h ago
astrange•48m ago
contact9879•1h ago
astrange•49m ago
musicale•4h ago
I'd like to get to the point where web browsers (for example) always run with memory-safe compilation and runtime features on every platform. OS kernels would be nice as well.
It will be nice to see more OSes ship with memory safety on by default for everything. Maybe OpenBSD is next?
throwawaymaths•2h ago