Apple Exclaves
54 comments
·March 9, 2025neom
I think Steve truly believed at his core, very simply: your laptop is your diary, and they have a responsibility to that.
I don't think Tim would be CEO if he didn't believe what Steve did. It's so weird, but I really miss Steve.
yalogin
Sorry I am sure the article about enclaves triggered this thought about Steve for you. I cannot how one led to the other, can you may be tell us?
neom
hehe, it's a good question. When you get to scale, you realize you got there because a lot of humans put you there. It's part of why scaling is hard, business is an art and science that juggles the value exchange between us in society. People still here on hackernews are angry at me personally for decisions at digitalocean, in retrospect, I wish I'd handled the wipe disk thing that happened better, for example. It's both very easy and very difficult at the same time to build a business while trying super hard to love (really actually love as humans love!!!) your customer because many many things want to prevent you from loving your customer (I have government stories too, many of us do). At the end of the day, they are doing the real work, like, the real real stuff, they don't have to, I mean, they don't right? But they will, because it's the right thing to do, because Steve said so. apple here, have taken extraordinary engineering effort to say even if you compel us, we physically can’t give you access. That is to be commended, and that, is Steve Jobs.
lern_too_spel
Steve believed at his core that locking down devices was the best way to extract business value from users. That's why you can't install any apps without telling Apple or get your location without sending it to Apple. He also believed very strongly in good marketing, and he jumped on privacy marketing very quickly after the Facebook - Google privacy spat that coincided with the failure of iTunes Ping.
vlovich123
The company shift to privacy was more about getting pulled in front of Congress over the location data being accessible via USB as part of iTunes backup:
Source: people who were at Apple during that time period.
Example: https://www.nbcnews.com/news/world/government-officials-want...
I think people underestimate how traumatic it was culturally to Apple and how Apple generally experiences comparatively little turnover vs their other major tech peers, so the responses to those traumas linger. Same with the brouhaha over the CSAM tech that they attempted to bundle into the iPhone that ostensibly was trying to preserve your privacy and they instantly got smacked down over it.
astrange
> He also believed very strongly in good marketing, and he jumped on privacy marketing very quickly after the Facebook - Google privacy spat that coincided with the failure of iTunes Ping.
I have two thoughts about this.
One, if you tell yourself a story strongly enough, it becomes real. Especially when you can structure the company to force it to become real.
Two, "marketing" is usually used disparagingly to mean something like "advertising that brainwashes customers into wanting something", but it's more like "knowing what people are going to want by the time it's ready to ship". It doesn't necessarily even include advertising. So in this case people do want privacy.
IncreasePosts
That seems very unlikely since nothing of that sort was ever attempted by Jobs on their desktops.
null
musicale
It is weird. Jobs was divisive and (not infrequently) abrasive, and why would you miss a tech billionaire anyway? Yet I also feel indebted to him and to the folks at Apple who helped to produce some of my favorite products like the Mac, the iPod, and the iPad.
Jobs also said a lot of things that still resonate with me. Recently Apple introduced a "classic Mac" screensaver that shows how carefully designed the original Mac GUI was. I'm sure nobody misses the days when app bugs could crash the OS, but I wish Apple were as obsessive now about detail now as they were back then.
neom
Now that I'm becoming an old man, I've taken the time to go back and listen to him properly, to analize his thoughts and words a bit more contextually, and I've come to believe that Steve Jobs was quite misunderstood, both by us, and by himself. When I miss him I think: his thoughts were so very refined for his time, it is quite incredible and I wish he was around to hear more of them. I guess I'm a fan? Oh well...worse things to be.
(the article is good but giving you the hn for comments too: https://news.ycombinator.com/item?id=2131299)
astrange
He's definitely misunderstood. If you read his biography it's incredible how much the author of it misunderstands, but if you read between the lines you can see through them. In particular you should note how he changes before and after getting married.
The biography is really awful though. It constantly misquotes people - Bill Gates is directly quoted as saying something so technically inaccurate he can't possibly have said it.
I also remember that every time his son is quoted it's because he was telling a dick joke. At one point the book claims this is why Apple Park is a circle. Why the author did this is not clear to me.
(Btw, I have an unreported Jobs story about this myself. Actually two. I'm not going to tell them, so feel free to just imagine.)
6stringmerc
I still think about how he tried to cure cancer with crystals and then when that didn’t work he used his wealth to get residency in a different state to jump in line for a transplant and still died before his yacht got completed. I don’t misunderstand him at all. Especially the parking in handicap spaces part. Very easy to understand what kind of person he was through his actions. Perhaps we will never see eye to eye, and I feel posts like yours do deserve legitimate opposition as applicable.
joseppudev
[dead]
baggy_trough
> why would you miss a tech billionaire anyway
Because we miss new instances of the great products they created to earn all that money.
astrange
I could easily be wrong about this but I don't believe Jobs or anyone else at Jobs-era Apple became a billionaire because of it. Because of early infighting/getting fired, ownership was too dispersed for that.
He became a billionaire because Disney bought Pixar.
transpute
Related thread, "Apple rearranged its XNU kernel with exclaves", https://news.ycombinator.com/item?id=43314171
tptacek
For what it's worth, this article is much better.
transpute
For more detail, there's a 3-part series on iOS SPTM and TXM:
Aug 2023, https://www.df-f.com/blog/ios17
Nov 2023, https://www.df-f.com/blog/ios-17round2
Feb 2025, https://www.df-f.com/blog/sptm3
saagarjha
Somewhat less detail, actually.
GeekyBear
An overview from that piece:
> exclaves refer to specific resources that are separated from the main kernel (XNU) and cannot be accessed by it, even if the kernel is compromise
Also interesting:
> It’s not uncommon for mid-cycle releases of macOS to gain new features in preparation for the next major version. Perhaps the most fundamental and significant added to Sonoma 14.4, together with iOS 17.4, iPadOS 17.4 and watchOS 10.4, are exclaves.
https://eclecticlight.co/2024/08/20/sonomas-unfinished-busin...
yalogin
Who is this author? It’s a very elaborately, well written post. Great job. Having followed exclaves myself this is well done
akyuu
I wonder how this will affect macOS security, since SPTM is not used according to Apple documentation: https://support.apple.com/guide/security/operating-system-in...
For now, I think existing exclaves such as the one that displays the camera indicator do not really apply to macOS (since MacBooks have dedicated hardware for that), but in the future there might be exclaves that do.
wtallis
> since SPTM is not used according to Apple documentation:
Try reading that footnote again:
> Note 2: Page Protection Layer (PPL) and Secure Page Table Monitor (SPTM) enforce the execution of signed and trusted code on all platforms with the exception of macOS (because macOS is designed to run any code). All of the other security properties, including the protection of page tables, are present across all supported platforms.
It doesn't say macOS doesn't use SPTM. It says macOS doesn't use SPTM to prevent running unsigned code, since macOS is supposed to allow unsigned code (after the user jumps through some hoops).
saagarjha
That document is wrong and has been wrong for years (FB13803014)
totetsu
My crusty squinty morning eyes read that as “ it can lead to a complete system compromise, as all the operating system’s functions are bundled together in the kernel’s single “breakfast of eggs”.” .. now I wish this was the idiom.
markus_zhang
I'm not familiar with that level of knowledge, but from the look of it you can attack the enclave itself to escalate privilege higher than the kernel enjoys? Is this piece of hardware something like a co-processor?
saagarjha
An exclave isn’t hardware, it’s an isolated piece of software that deals with a certain sensitive operation that you don’t want the kernel to have access to. So if you exploit it, then yes you have access to something that the kernel doesn’t–but that’s the point, because the goal is if you exploit the kernel you shouldn’t get access to that.
alfiedotwtf
If it’s all in software but the kernel has lower privileges, I’m curious how they’ll be able to update it? And if there is an API to update via the kernel, what’s stopping a push via a malicious source pretending to be Apple?
saagarjha
I don't think it is accurate to say that the kernel has lower privileges. It's just something the kernel isn't allowed to do, while the exclave has a list of things it isn't allowed to do. Also exclaves are shipped with normal software updates (verified by the boot chain, not the kernel).
markus_zhang
Oh thanks for the explanation!
saagarjha
> Apple may use SPTM to manage transitions between the secure and insecure worlds
This, because they don’t have TrustZone
null
kazinator
If most of the stuff the user cares about is inside the "Insecure World" bubble of the diagram, then this whole business is, like, for shit.
It serves only the platform provider, who can decide which programs may or may not be installed based on whether they are aligned with or against their competitive interests.
sollewitt
This is about process privilege. Apps and services are a layer above.
vermilingua
This is just plainly false. Passkeys, biometrics, app permissions, and a suite of other user-centric privacy features have clear benefit from strong isolation from an "insecure world" kernel.
hedora
How so? Isn’t this just the xkcd authorization model?
I tried to read the article, and know what all the words mean (sel4, enclaves, virtualization primitives, etc.).
It all seems very complicated and error prone, but I couldn’t figure out what the attack model is, or what the security objectives are.
Eg, what sorts of things run in exclaves, and under what circumstances will a persistent kernel level compromise on my laptop protect those things?
lxgr
Delegating key derivation and/or password validation, combined with secure UI state indication, to a more secure execution environment can be a big win for security, for example.
I could imagine a passkey implementation with some extensions that allow securely presenting what the user is consenting to and how ("enter your payments PIN or password now to confirm a payment of $x to merchant y").
It's of course even better to do that in tamper-proof security coprocessors such as Apple's secure enclave, but TEEs have the big advantage of having access to much more memory and faster processing, which allows doing more complicated things there more easily.
They can also always lean on the secure hardware for actual key management, but handle more complex user interface operations in an environment that's still more secure than the main OS.
Android has supported something just like that years ago with "protected confirmation" [1], but unfortunately it's only available on Pixel phones and hasn't really been picked up by app developers as a result; the situation for Apple is of course very different, so I have some hopes that if they launch something comparable it could actually see some adoption.
[1] https://android-developers.googleblog.com/2018/10/android-pr...
vlovich123
The most likely attack model I can imagine is that a jailbroken phone still won’t be able to violate certain functionality (eg a recording LED remains lit, various supervisor functionality can’t be disabled, etc)
timewizard
What he misses is "tamper evidence."
In order to do those things I have to actually steal his laptop. Which would be obvious to him. It also implicates me.
If I could just remotely install a driver I don't need to worry about any of that and I can steal remotely and anonymously.
> SK runs on the same high speed application processors as XNU/iOS. To make this possible, additional processor privilege levels are required — likely supported by virtualization extensions
Recent Apple phone and laptop SoCs include hardware support for nested virtualization, including the M4 iPad Pro where an exclave is used for the camera LED. Hopefully the next revision of the Apple Platform Security guide will cover SK exclaves and baseband mitigations for Wi-Fi radar sensing, https://help.apple.com/pdf/security/en_US/apple-platform-sec...
> Apple specific additions to SPTM
SPTM reverse engineering, https://www.df-f.com/blog/sptm3
> or most likely via ARM’s TrustZone technology. The XNU source code contains several references regarding transitions to and from TrustZone’s concept of a secure world150+ TrustZone CVEs, https://www.cve.org/CVERecord/SearchResults?query=trustzone
> it’s a defensive effort on a larger scale than any other end user device manufacturer is currently attempting
Google implemented pKVM on Pixels with hardware nested virtualization a few years ago, and upstreamed the code to Linux mainline, including cooperative de-privileging of TrustZone relative to pKVM L0. But they have not announced defensive features using pKVM/AVF, outside of Debian "Linux Terminal" VM.