Show threadyawnboxNov 26

"#Exclaves land in MacOS

Nobody is really surprised that the MacOS 26.0.1 firmware image of the about to be released MacBook Pro #M5 reveals that Memory Integrity Enforcement (#MIE) on top of the ARM64 Enhanced Memory Tagging Extension (#EMTE) is used. Extremely surprising is however that Apple is now shipping the Secure Kernel (#SK) and #ExclaveCore / #ExclaveOS with MacOS. This means Apple's newest security boundary #Exclaves has finally arrived in MacOS."

https://www.linkedin.com/posts/stefan-esser-903582240_exclaves-m5-mie-activity-7384980813031043073-EfhS

#MTE #MemorySafety #ExploitMitigation

N-gated Hacker NewsOct 13
🚀🐑 Apple's security gibberish—SPTM, #TXM, and Exclaves—because who needs clear communication when you can have an alphabet soup? 🤪 Dive deep into buzzwords and acronyms, and emerge none the wiser! 📚🔍
https://arxiv.org/abs/2510.09272 #AppleSecurity #SPTM #Exclaves #BuzzwordSoup #HackerNews #ngated
Modern iOS Security Features -- A Deep Dive into SPTM, TXM, and Exclaves

The XNU kernel is the basis of Apple's operating systems. Although labeled as a hybrid kernel, it is found to generally operate in a monolithic manner by defining a single privileged trust zone in which all system functionality resides. This has security implications, as a kernel compromise has immediate and significant effects on the entire system. Over the past few years, Apple has taken steps towards a more compartmentalized kernel architecture and a more microkernel-like design. To date, there has been no scientific discussion of SPTM and related security mechanisms. Therefore, the understanding of the system and the underlying security mechanisms is minimal. In this paper, we provide a comprehensive analysis of new security mechanisms and their interplay, and create the first conclusive writeup considering all current mitigations. SPTM acts as the sole authority regarding memory retyping. Our analysis reveals that, through SPTM domains based on frame retyping and memory mapping rule sets, SPTM introduces domains of trust into the system, effectively gapping different functionalities from one another. Gapped functionality includes the TXM, responsible for code signing and entitlement verification. We further demonstrate how this introduction lays the groundwork for the most recent security feature of Exclaves, and conduct an in-depth analysis of its communication mechanisms. We discover multifold ways of communication, most notably xnuproxy as a secure world request handler, and the Tightbeam IPC framework. The architecture changes are found to increase system security, with key and sensitive components being moved out of XNU's direct reach. This also provides additional security guarantees in the event of a kernel compromise, which is no longer an immediate threat at the highest trust level.

arXiv.org
Hacker NewsOct 13

Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves

https://arxiv.org/abs/2510.09272

#HackerNews #ModerniOSSecurity #DeepDive #SPTM #TXM #Exclaves

Modern iOS Security Features -- A Deep Dive into SPTM, TXM, and Exclaves

The XNU kernel is the basis of Apple's operating systems. Although labeled as a hybrid kernel, it is found to generally operate in a monolithic manner by defining a single privileged trust zone in which all system functionality resides. This has security implications, as a kernel compromise has immediate and significant effects on the entire system. Over the past few years, Apple has taken steps towards a more compartmentalized kernel architecture and a more microkernel-like design. To date, there has been no scientific discussion of SPTM and related security mechanisms. Therefore, the understanding of the system and the underlying security mechanisms is minimal. In this paper, we provide a comprehensive analysis of new security mechanisms and their interplay, and create the first conclusive writeup considering all current mitigations. SPTM acts as the sole authority regarding memory retyping. Our analysis reveals that, through SPTM domains based on frame retyping and memory mapping rule sets, SPTM introduces domains of trust into the system, effectively gapping different functionalities from one another. Gapped functionality includes the TXM, responsible for code signing and entitlement verification. We further demonstrate how this introduction lays the groundwork for the most recent security feature of Exclaves, and conduct an in-depth analysis of its communication mechanisms. We discover multifold ways of communication, most notably xnuproxy as a secure world request handler, and the Tightbeam IPC framework. The architecture changes are found to increase system security, with key and sensitive components being moved out of XNU's direct reach. This also provides additional security guarantees in the event of a kernel compromise, which is no longer an immediate threat at the highest trust level.

arXiv.org
Show threadIndieterminacyJun 30, 2025

@strypey Do you know this anomaly?:

> Baarle-Nassau is a municipality and town in the southern Netherlands, located in the province of North Brabant. It had a population of 6,899 in 2019. The town is the site of a complicated borderline between Belgium and the Netherlands: it encloses 22 small exclaves of the Belgian town Baarle-Hertog, of which the two largest contain seven counter-enclaves of Baarle-Nassau, and the main body of Belgium contains another.

https://en.wikipedia.org/wiki/Baarle-Nassau #exclaves

Baarle-Nassau - Wikipedia

st1nger  🏴‍☠️  Mar 10, 2025
On #Apple #Exclaves (M4 and A18 based systems). Exclaves are a new set of #security features that represent a significant enhancement for XNU’s traditional monolithic kernel. Exclaves refer to resources that are isolated from #XNU, protected even if the #kernel is compromised. These resources are pre-defined when the OS is built, are identified by name or id, have different types, are initialised at boot time, and are organized into unique domains. #SPTM protects exclave memory from XNU with new exclave-specific page types. https://randomaugustine.medium.com/on-apple-exclaves-d683a2c37194
On Apple Exclaves - Random Augustine - Medium

Modern operating systems typically divide their operations into two main protection domains: the unprivileged domain (user mode) and the privileged domain (kernel mode). Software spends most of its…

Medium
卡拉今天看了什麼Mar 10, 2025

On Apple Exclaves. Enhancing kernel isolation, one step at… | by Random Augustine | Feb, 2025 | Medium

Link

# 蘋果 Exclaves 系統安全機制解析

## 📌 Summary:
本文深入分析了蘋果在 2024 年導入的 Exclaves 安全機制,這是為瞭解決傳統單體核心作業系統的安全漏洞問題。蘋果透過將敏感資源與功能從 XNU 核心中隔離,建立了一個基於 seL4 微核心的「安全核心」(Secure Kernel),運行在與主系統隔離的「安全世界」(Secure World)中。這種設計能在主核心被入侵時仍保護關鍵資源,包括攝影機、麥克風指示燈、神經引擎功能等。Exclaves 代表了蘋果為增強 iOS、macOS 等系統安全所做的重大投資,提供了比其他終端裝置製造商更強大的安全防護機制。

## 🎯 Key Points:
- 現代作業系統通常採用單體核心設計,一旦發生漏洞可能導致整個系統被入侵,蘋果的 XNU 核心同樣面臨這個問題
- 蘋果自 2013 年起逐步建立安全隔離方案:先有安全隔離區(Secure Enclave),後有頁面保護層(PPL)和安全頁表監控(SPTM)
- 2024 年,蘋果在 M4 和 A18 處理器上推出 Exclaves,將敏感資源隔離到安全區域
- Exclaves 運行在名為「安全核心」(Secure Kernel)的微核心上,很可能基於 seL4 開發
- 系統通過建立「安全世界」(可能基於 ARM TrustZone 技術)來隔離 Exclaves,即使 XNU 被入侵也能保護敏感功能
- Exclaves 分為多種資源類型:共享記憶體緩衝區、音訊緩衝區、感測器、Conclaves(多資源分組)及服務
- 執行緒可以從不安全世界切換到安全世界執行代碼(Downcall),也能反向請求 XNU 服務(Upcall)
- 蘋果使用 Exclaves 保護攝影機/麥克風指示燈、Apple 神經引擎功能、與安全隔離區通訊的組件等

## 🔖 Keywords:
#Exclaves #安全核心 #ARM_TrustZone #單體核心安全 #seL4

On Apple Exclaves - Random Augustine - Medium

Modern operating systems typically divide their operations into two main protection domains: the unprivileged domain (user mode) and the privileged domain (kernel mode). Software spends most of its…

Medium
Hacker NewsMar 9, 2025
Apple Exclaves — https://randomaugustine.medium.com/on-apple-exclaves-d683a2c37194
#HackerNews #Apple #Exclaves #technology #innovation #digital #privacy #tech #news
On Apple Exclaves - Random Augustine - Medium

Modern operating systems typically divide their operations into two main protection domains: the unprivileged domain (user mode) and the privileged domain (kernel mode). Software spends most of its…

Medium
Hacker NewsMar 9, 2025
Apple rearranged its XNU kernel with exclaves — https://www.theregister.com/2025/03/08/kernel_sanders_apple_rearranges_xnu/
#HackerNews #Apple #XNU #kernel #exclaves #tech #news #software #development
We call this kernel saunters: How Apple rearranged its XNU core with exclaves

: iPhone giant compartmentalizes OS for the sake of security

The Register
Houston Public MediaOct 27, 2023

Engines of Our Ingenuity 2993: Enclaves & Exclaves

Episode: 2993 Enclaves, Exclaves, and other ways that land becomes disconnected. Today, enclaves and exclaves.

Read More >>

#BedloeSIsland #crimea #disconnectedLandMass #ElmPoint #enclaves #exclaves #MinnesotaBump #NorthwestAngle #peneExclaves #PointRoberts #statueOfLiberty #TaalLake #terminology #vaticanCity #VulcanPoint

Engines of Our Ingenuity 2993: Enclaves & Exclaves

Episode: 2993 Enclaves, Exclaves, and other ways that land becomes disconnected.  Today, enclaves and exclaves.

Houston Public Media