Apple Exclaves
Random Augustine (2025, Hacker News, John Gruber):
The kernel shared in common between iOS, macOS, tvOS, visionOS and watchOS — named XNU — is based on a microkernel called Mach. However, the way XNU has been implemented places all system functions within the same privileged scope and it effectively operates as a monolithic kernel. The XNU kernel, like all monolithic kernels, suffers from unfortunately common vulnerability discoveries.
[…]
With the release of XNU source code supporting M4 and A18 based systems (such as the iPhone 16), the curtain was partly pulled back on exclaves. (Exclaves are not active on prior processors).
[…]
Exclaves refer to resources that are isolated from XNU, protected even if the kernel is compromised. These resources are pre-defined when the OS is built, are identified by name or id, have different types, are initialised at boot time, and are organized into unique domains. SPTM protects exclave memory from XNU with new exclave-specific page types.
[…]
To allow for execution of exclave Services while isolated from XNU, Apple has introduced a new kernel called the Secure Kernel (SK).
The term appears to have first surfaced in a libc file in Apple’s open source software collection in 2023, and subsequently within iOS 17, released in September of that year, as later noted by Howard Oakley on his Eclectic Light Co blog.
[…]
An enclave is defined as an area within a territorial boundary. So an exclave is an area outside of a boundary with ties to the main territory.
[…]
Essentially, Apple is trying to realize the security advantages of a microkernel without tossing the monolithic aspects of XNU.
Previously:
- The Secure Design of the MacBook Neo’s On-Screen Camera Indicator
- Private Cloud Compute
- Apple Platform Security Guide (May 2024)
