Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Related thread, "Apple rearranged its XNU kernel with exclaves", https://news.ycombinator.com/item?id=43314171


For what it's worth, this article is much better.


For more detail, there's a 3-part series on iOS SPTM and TXM:

Aug 2023, https://www.df-f.com/blog/ios17

Nov 2023, https://www.df-f.com/blog/ios-17round2

Feb 2025, https://www.df-f.com/blog/sptm3


Somewhat less detail, actually.


DF blog series source reference, https://randomaugustine.medium.com/on-apple-exclaves-d683a2c...

  I would particularly like to highlight the work of Dataflow Forensics and their much more advanced work dissecting SPTM without the benefit of source code. I enthusiastically await their promised blog post about exclaves and hope they will answer many of the remaining questions, provide gory disassembly explanations, and correct all my mistakes and assumptions!


They are being polite. The Dataflow blog post barely goes beyond running strings.


> They are being polite.

Are they? The article's closing paragraph advertises a _future_ Dataflow blog post to the reader. Their follow-up March correction is consistent with the Dataflow Feb summary, https://randomaugustine.medium.com/more-speculation-on-excla...


Yes, they're saying that there's some stuff they didn't cover, and they hope the Dataflow people will. But the first couple didn't really answer much so I'm not particularly hopeful.


100% agree.

The discussion has been underwhelming:

I read TFA and wasn't sure what to even make of it.


That is underwhelming! (But also.. that's *this* discussion.. and the other discussion is already linked by GP.. so I'm not really sure what you're aiming for here)


Only attempting to share information. Is there an unstated next step (or next-next step) given Apple's moves?

A gentle suggestion for a more interesting / entertaining article currently on the front page with a glance: https://news.ycombinator.com/item?id=43311696

Hatching a Conspiracy: A BIG Investigation into Egg Prices

https://www.thebignewsletter.com/p/hatching-a-conspiracy-a-b...

P.s. @gnabgib thanks for all your excellent dupe postings! I used to do a lot but life got busier. You are appreciated.

Edit: @thrdbndndn: My bad, yes this submitted article is the one that sucks. Thank you! If you delete your reply it will make things less confusing, but no worries and best wishes.


He's saying you're posting the HN URL of this very discussion to.. this discussion.


An overview from that piece:

> exclaves refer to specific resources that are separated from the main kernel (XNU) and cannot be accessed by it, even if the kernel is compromise

Also interesting:

> It’s not uncommon for mid-cycle releases of macOS to gain new features in preparation for the next major version. Perhaps the most fundamental and significant added to Sonoma 14.4, together with iOS 17.4, iPadOS 17.4 and watchOS 10.4, are exclaves.

https://eclecticlight.co/2024/08/20/sonomas-unfinished-busin...


> In macOS 15 and later, creation of a VM running macOS 15 or later can configure an identity derived from the host Secure Enclave, enabling access to resources requiring Apple ID including iCloud. This is accomplished using an exclave of the Secure Enclave.

This is not correct


How is it incorrect?


It just straight up doesn’t make sense. Honestly I would not be surprised if this was the result of going, hmm, enclave…exclave…seems like these must be related. They’re not really related other than the idea being isolation (which they do completely differently). Also Apple ID sign in on VMs is literally just “the host shares its information to the guest” there’s nothing special going on here




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: