#exclaves — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #exclaves, aggregated by home.social.
-
"#Exclaves land in MacOS
Nobody is really surprised that the MacOS 26.0.1 firmware image of the about to be released MacBook Pro #M5 reveals that Memory Integrity Enforcement (#MIE) on top of the ARM64 Enhanced Memory Tagging Extension (#EMTE) is used. Extremely surprising is however that Apple is now shipping the Secure Kernel (#SK) and #ExclaveCore / #ExclaveOS with MacOS. This means Apple's newest security boundary #Exclaves has finally arrived in MacOS."
-
"#Exclaves land in MacOS
Nobody is really surprised that the MacOS 26.0.1 firmware image of the about to be released MacBook Pro #M5 reveals that Memory Integrity Enforcement (#MIE) on top of the ARM64 Enhanced Memory Tagging Extension (#EMTE) is used. Extremely surprising is however that Apple is now shipping the Secure Kernel (#SK) and #ExclaveCore / #ExclaveOS with MacOS. This means Apple's newest security boundary #Exclaves has finally arrived in MacOS."
-
"#Exclaves land in MacOS
Nobody is really surprised that the MacOS 26.0.1 firmware image of the about to be released MacBook Pro #M5 reveals that Memory Integrity Enforcement (#MIE) on top of the ARM64 Enhanced Memory Tagging Extension (#EMTE) is used. Extremely surprising is however that Apple is now shipping the Secure Kernel (#SK) and #ExclaveCore / #ExclaveOS with MacOS. This means Apple's newest security boundary #Exclaves has finally arrived in MacOS."
-
"#Exclaves land in MacOS
Nobody is really surprised that the MacOS 26.0.1 firmware image of the about to be released MacBook Pro #M5 reveals that Memory Integrity Enforcement (#MIE) on top of the ARM64 Enhanced Memory Tagging Extension (#EMTE) is used. Extremely surprising is however that Apple is now shipping the Secure Kernel (#SK) and #ExclaveCore / #ExclaveOS with MacOS. This means Apple's newest security boundary #Exclaves has finally arrived in MacOS."
-
🚀🐑 Apple's security gibberish—SPTM, #TXM, and Exclaves—because who needs clear communication when you can have an alphabet soup? 🤪 Dive deep into buzzwords and acronyms, and emerge none the wiser! 📚🔍
https://arxiv.org/abs/2510.09272 #AppleSecurity #SPTM #Exclaves #BuzzwordSoup #HackerNews #ngated -
Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves
https://arxiv.org/abs/2510.09272
#HackerNews #ModerniOSSecurity #DeepDive #SPTM #TXM #Exclaves
-
On #Apple #Exclaves (M4 and A18 based systems). Exclaves are a new set of #security features that represent a significant enhancement for XNU’s traditional monolithic kernel. Exclaves refer to resources that are isolated from #XNU, protected even if the #kernel is compromised. These resources are pre-defined when the OS is built, are identified by name or id, have different types, are initialised at boot time, and are organized into unique domains. #SPTM protects exclave memory from XNU with new exclave-specific page types. https://randomaugustine.medium.com/on-apple-exclaves-d683a2c37194
-
On Apple Exclaves. Enhancing kernel isolation, one step at… | by Random Augustine | Feb, 2025 | Medium
Link
# 蘋果 Exclaves 系統安全機制解析
## 📌 Summary:
本文深入分析了蘋果在 2024 年導入的 Exclaves 安全機制,這是為瞭解決傳統單體核心作業系統的安全漏洞問題。蘋果透過將敏感資源與功能從 XNU 核心中隔離,建立了一個基於 seL4 微核心的「安全核心」(Secure Kernel),運行在與主系統隔離的「安全世界」(Secure World)中。這種設計能在主核心被入侵時仍保護關鍵資源,包括攝影機、麥克風指示燈、神經引擎功能等。Exclaves 代表了蘋果為增強 iOS、macOS 等系統安全所做的重大投資,提供了比其他終端裝置製造商更強大的安全防護機制。
## 🎯 Key Points:
- 現代作業系統通常採用單體核心設計,一旦發生漏洞可能導致整個系統被入侵,蘋果的 XNU 核心同樣面臨這個問題
- 蘋果自 2013 年起逐步建立安全隔離方案:先有安全隔離區(Secure Enclave),後有頁面保護層(PPL)和安全頁表監控(SPTM)
- 2024 年,蘋果在 M4 和 A18 處理器上推出 Exclaves,將敏感資源隔離到安全區域
- Exclaves 運行在名為「安全核心」(Secure Kernel)的微核心上,很可能基於 seL4 開發
- 系統通過建立「安全世界」(可能基於 ARM TrustZone 技術)來隔離 Exclaves,即使 XNU 被入侵也能保護敏感功能
- Exclaves 分為多種資源類型:共享記憶體緩衝區、音訊緩衝區、感測器、Conclaves(多資源分組)及服務
- 執行緒可以從不安全世界切換到安全世界執行代碼(Downcall),也能反向請求 XNU 服務(Upcall)
- 蘋果使用 Exclaves 保護攝影機/麥克風指示燈、Apple 神經引擎功能、與安全隔離區通訊的組件等
## 🔖 Keywords:
#Exclaves #安全核心 #ARM_TrustZone #單體核心安全 #seL4