GrapheneOS v2023103000: Infrastructure for Hardware Memory Tagging Support

GrapheneOS is an open-source, privacy and security-focused mobile operating system based on the Android Open Source Project (AOSP).

GrapheneOS v2023103000: Infrastructure for Hardware Memory Tagging Support
  • "Pixel 8 and Pixel 8 Pro are ARMv9 devices supporting hardware memory tagging. Stock OS currently has a very primitive experimental implementation available as a developer option. We're going to be deploying a more advanced implementation for hardened_malloc in production soon."
"Hardware memory tagging is going to provide a massive increase to protection against remote exploitation for GrapheneOS users. It's the biggest security feature we'll be shipping since we started in 2014. We want to have it enabled by default in async (fast) mode for the base OS."

Changes since the 2023102300 release:

  • add infrastructure for hardware memory tagging support
  • hardened_malloc: add support for hardware memory tagging launched with the ARMv9 cores on the Pixel 8 and Pixel 8 Pro
  • Settings: enable memory tagging toggle at Settings ➔ Security ➔ More security settings ➔ Advanced memory protection beta on supported devices (Pixel 8 and Pixel 8 Pro)
  • Pixel 8, Pixel 8 Pro: enable memory tagging support for everything built by GrapheneOS (other than Vanadium, since Chromium currently disables it) and also user installed apps without native libraries (will be expanded to Vanadium later along with the option to use it for all user installed apps)
  • Pixel 8, Pixel 8 Pro: use asymmetric memory tagging mode on all cores to provide much higher security than asynchronous mode without much more overhead unlike the very expensive synchronous mode without any clear security benefits over asymmetric
  • enable parallel compilation of non-precompiled bytecode to native code for first-boot and first-boot-after-update with 2 processes for now (can be increased later)
  • improve user interface for reporting background package compilation progress
  • show crash dialog for first crash of an app since boot instead of waiting until the second crash like upstream Android
  • Gallery: fix low resolution image preview in editor
  • restore Android 13 behavior for installing APKs from the file manager by requesting permission for the app which created the APK (current Google Files behavior is a bit different and requests permission for Google Files, but the AOSP Files approach seems more useful)
  • SELinux policy: use per-app-instance MLS level for the update client domain as used for regular apps to provide better isolation from other system components
  • kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.198
  • kernel (Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.137
  • Vanadium: update to version 118.0.5993.111.0
  • Vanadium: update to version 119.0.6045.53.0
  • Vanadium: update to version 119.0.6045.53.1
  • GmsCompatConfig: update to version 80

Changes since the 2023101300 release:

  • initial non-experimental release for Pixel 8 and Pixel 8 Pro support
  • speed up skipping compilation of system packages with dexpreopt (precompilation to native code) to improve post-update boot time
  • backport assorted dexpreopt fixes to make it work for more system packages again to improve verified boot security, free up wasted disk space and reduce post-update boot time
  • use speed-profile compilation for user installed packages for first boot of an update to significantly improve boot time, then recompile with full speed optimization in the background with a progress notification and a notification when it's finished for respawning apps
  • temporarily disable otapreopt (precompilation of apps in the background in update Finalizing step) due to it being broken in Android 14
  • Gallery: remove optional dependency to fix dexpreopt (precompilation to native code)
  • Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold: fix support for Widevine L1 on Android 14
  • fix PIN scrambling for SIM PIN (regression from port to Android 14)
  • handle new Android 14 network time code path for our feature making the automatic time toggle control whether network time connections are made
  • remove standard special case enabling Android 14 auto-confirm PIN by default for 6 digit PINs
  • allow system apps to make sticky notifications again (important for System Updater to avoid users missing the notice to reboot after update installation)
  • System Updater: add option to require that the device is charging
  • kernel (Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.134
  • Apps: update to version 21
  • Vanadium: update to version 118.0.5993.80.0
  • GmsCompatConfig: update to version 79
  • improve GrapheneOS system_server infrastructure

Full Changelog / Archive
Progress Update