MTE feature is now available to developers

RadxaYuntian · August 8, 2025, 7:48am

Arm v9 introduced the Arm Memory Tagging Extension (MTE) to help catch common memory bugs. As the first open source Arm v9 platform, we are pleased to announce that this feature is now enabled on Orion O6.

This feature is currently only available in source code form. We are still working on the next release, which will include MTE support, but developers can build their own BIOS to start testing today.

As the feature is not yet binary released, interested users need to run git submodule update --remote after checking out edk2-cix repository to update the EDK2 code to the latest development HEAD. More information about build and installing BIOS can be found on edk2-cix's GitHub Pages.

In addition to the BIOS update, the kernel also needs to enable several configs to make use of MTE:

CONFIG_ARM64_MTE
CONFIG_KASAN
CONFIG_KASAN_HW_TAGS

Not all distros have those options enabled, as they also carry a performance penalty. For example, with NixOS 25.05 Arm64 ISO, the CONFIG_KASAN option is not enabled on the 6.16 kernel.

We have enabled those configs for our upcoming kernel release. You can also download prebuilt kernel from the CI pipeline’s artifact list (require GitHub login).

Take a look how system changes with MTE/KASAN enabled and disabled:

cam · August 10, 2025, 11:20am

Excellent work Yuntian! Glad to see more and more features getting supported.

Is the linux-sky1 kernel you linked (github actions artifact) the 6.1 or 6.6 cix release? Also, does this contain the cix kernel modules (gpu vpu …), or do those need to be built separately? Sorry for dumb questions, I haven’t played with the vendor kernel at all yet.

Big thanks for managing edk2 build environment with Nix, that should make it a lot simpler to get up and running. I’d love to try this with the latest MultiArchUefiPkg version too if possible.

P.S. in video, no need to zcat ... | grep ..., that’s what zgrep is for ; )

RadxaYuntian · August 11, 2025, 2:54am

6.6 ACPI release.

We always include them as DKMS modules.

For now it is still mostly handled by devcontainer. devenv just provides some additional niceties but nothing super critical.

volyrique · August 12, 2025, 12:01am

AFAIK if the goal is to use MTE purely with userspace applications, then it is not necessary to enable KASAN, thus avoiding that particular performance hit. As for CONFIG_ARM64_MTE, all major Linux distributions enable it by default in their recent releases.

Otherwise as the video demonstrates, there is a memory overhead caused by the way MTE operates in Cix CD8180 - it associates a 4-bit allocation tag with every tag granule, i.e. aligned 128-bit region of physical memory, which means that roughly 3% of RAM is lost to normal usage by being repurposed for tag storage. With 64 GiB memory that ends up being approximately 2 GiB.