This is a really interesting deep dive but why does the article hedge so much? For example, in the first few sections it says things like "... typically reveals the following sequence" or "The Boot ROM sets a specific control bit in the AES configuration register (e.g., AES_CMD_USE_GID)", which makes it sound like the author wasn't actually sure if any of this was accurate and was guessing.
I smell AI writing assistance. Which is a shame because this is otherwise very good and well-collated information about Apple's security. But AI loves to use bullet point lists just for the hell of it and it makes the information here smell way less reliable than it actually is.
I'm also not sure if it's 100% accurate. My (possibly wrong) understanding of the guarded execution feature is that each GL is paired with a normal ARM EL. i.e. GL2 constrains EL2, GL1 constrains EL1, etc. XNU lives in EL2 so SPTM lives in GL2, and GENTER/GEXIT move you between ELx and GLx through a secure call vector. In contrast, this guide refers to GL0 being the "standard XNU kernel context" even though XNU lives in EL2 on macOS. Furthermore, on device OSes (iOS/iPadOS/etc) they put a second kernel in GL1 and various enforcement policy tools (i.e. code signing policy, camera indicator policy) in GL0[0]. So I'm not sure how macOS putting XNU in GL0 makes sense?
[0] XNU source refers to this concept as an Exclave, which itself can be grouped with other isolated resources as a Conclave.
It's basically all AI-generated. There are significant omissions and errors for any flow that hasn't previously been reversed engineered. The launchd stuff has details that are just wrong.
The security of the Apple ecosystem is miles ahead of others. Every time I reverse engineer some component of their OS, it is very different from what I've seen before. I always find myself surprised by their thoughtfulness and engineering craft.
Recently I've taken on their code signing component. The concepts they've created, such as identifying applications by their "designated requirements" is a stroke of genius. It makes the system completely stateless and capable of almost anything without auxiliary data structure or additional code.
I've seen other engineering teams try and fail at building something similar, and never with such powerful simplicity.
Will this enable someone who buys an apple laptop to boot directly into a third-party OS, from a thumb drive? Last I heard, they were still too locked down to allow it.
Final Thought:
macOS is no longer just a Unix system. It is a distributed system running on a single die, governed by a hypervisor that doesn't exist in software. The kernel is dead; long live the Monitor.
ethin|3 months ago
kmeisthax|3 months ago
I'm also not sure if it's 100% accurate. My (possibly wrong) understanding of the guarded execution feature is that each GL is paired with a normal ARM EL. i.e. GL2 constrains EL2, GL1 constrains EL1, etc. XNU lives in EL2 so SPTM lives in GL2, and GENTER/GEXIT move you between ELx and GLx through a secure call vector. In contrast, this guide refers to GL0 being the "standard XNU kernel context" even though XNU lives in EL2 on macOS. Furthermore, on device OSes (iOS/iPadOS/etc) they put a second kernel in GL1 and various enforcement policy tools (i.e. code signing policy, camera indicator policy) in GL0[0]. So I'm not sure how macOS putting XNU in GL0 makes sense?
[0] XNU source refers to this concept as an Exclave, which itself can be grouped with other isolated resources as a Conclave.
EPWN3D|3 months ago
hu3|3 months ago
I have never seen this frequency before.
QuantumNomad_|3 months ago
Sometimes people mix up “i.e.” (“id est”; “that is”) and “e.g.” (“exempli gratia”; “for example”).
Of course, only the author knows if this case was a mix up, or if they really wrote what they meant.
Genbox|3 months ago
Recently I've taken on their code signing component. The concepts they've created, such as identifying applications by their "designated requirements" is a stroke of genius. It makes the system completely stateless and capable of almost anything without auxiliary data structure or additional code.
I've seen other engineering teams try and fail at building something similar, and never with such powerful simplicity.
hulitu|3 months ago
cough iMessage, hardware backdoors cough
fsflover|3 months ago
Have you heard about Qubes OS?
quantummagic|3 months ago
nicolas_17|3 months ago
bigyabai|3 months ago
JSR_FDED|3 months ago
Final Thought: macOS is no longer just a Unix system. It is a distributed system running on a single die, governed by a hypervisor that doesn't exist in software. The kernel is dead; long live the Monitor.
ziofill|3 months ago
astrange|3 months ago
Brian_K_White|3 months ago
wpm|3 months ago
wanderingbit|3 months ago
int3trap|3 months ago