AD5029: EnableArmMTEMachO¶
Summary¶
| Property | Value |
|---|---|
| ID | AD5029 |
| Name | EnableArmMTEMachO |
| Category | Security |
| Severity | Warning |
| Applies to | Mach-O (macOS, iOS, ARM64) |
Description¶
ARM64 Mach-O binaries should consider enabling Memory Tagging Extension (MTE) when available for hardware-accelerated memory safety.
How It Works¶
The rule checks for MTE-related indicators:
- MTE-aware memory allocations
- ARM64 MTE instructions
- Compiler MTE support flags
Why This Matters¶
MTE provides hardware-enforced memory safety with minimal overhead, catching use-after-free and buffer overflows.
MTE Availability¶
| Platform | MTE Status |
|---|---|
| Apple Silicon | Not currently supported |
| ARMv8.5-A+ | Hardware support |
| iOS devices | Future potential |
Note: As of 2026, Apple Silicon does not expose MTE. This rule prepares for future support.
How MTE Works¶
Memory tagging:
Each 16-byte region: 4-bit tag (0-15)
Each pointer: 4-bit tag in upper bits
Access check:
Pointer tag must match memory tag
Mismatch → hardware exception
Comparison with Software Solutions¶
| Feature | ASAN | MTE |
|---|---|---|
| Overhead | ~100% | ~3% |
| Granularity | 8 bytes | 16 bytes |
| Production use | No | Yes |
| Hardware | Any | ARMv8.5+ |
Future-Proofing¶
| Action | Benefit |
|---|---|
| Avoid tag-incompatible code | Ready for MTE |
| Use standard allocators | Automatic tagging |
| Test on MTE hardware | Early bug detection |
Performance Considerations¶
MTE is designed for production use with minimal overhead:
| Metric | Impact |
|---|---|
| Sync mode | 3-5% |
| Async mode | <1% |
| Memory overhead | 3% (tag storage) |
Comparison with software alternatives:
| Solution | CPU Overhead | Production Use |
|---|---|---|
| ASAN | 100-200% | No |
| HWASAN | 10-15% | Limited |
| MTE (async) | <1% | Yes |
Note on Apple Silicon:
Apple Silicon currently uses PAC (Pointer Authentication) instead of MTE. PAC has: - Near-zero overhead (<1%) - Hardware support on all Apple Silicon - Different protection model (signatures vs tags)
This rule anticipates future MTE support on Apple platforms.
Resolution¶
Prepare code for MTE compatibility:
// Avoid storing metadata in pointer upper bits
// Use standard allocation functions
void* ptr = malloc(size); // MTE-compatible
// Avoid custom pointer manipulation
// ptr = (void*)((uintptr_t)ptr | 0xFF00...); // MTE-incompatible