I'm also not sure if it's 100% accurate. My (possibly wrong) understanding of the guarded execution feature is that each GL is paired with a normal ARM EL. i.e. GL2 constrains EL2, GL1 constrains EL1, etc. XNU lives in EL2 so SPTM lives in GL2, and GENTER/GEXIT move you between ELx and GLx through a secure call vector. In contrast, this guide refers to GL0 being the "standard XNU kernel context" even though XNU lives in EL2 on macOS. Furthermore, on device OSes (iOS/iPadOS/etc) they put a second kernel in GL1 and various enforcement policy tools (i.e. code signing policy, camera indicator policy) in GL0[0]. So I'm not sure how macOS putting XNU in GL0 makes sense?
[0] XNU source refers to this concept as an Exclave, which itself can be grouped with other isolated resources as a Conclave.
I have met multiple brilliant, very bright, and talented people (mathematicians, physicists, doctors) who excel at what they know and do, yet immensely struggle to spell, write, or both. There are also people who do not like to write (whatever the reason is).
GenAI has been a great boon for such a type of person as it dissolves their struggle – they convey the idea to the machine (however awful the scribe is) and GenAI handles the grammar and style.
Granted, it is different from «hey, GenAI pet, write me a blog post on XYZ».
For example, it says quite unambiguously that the bootloader is encrypted directly with the GID key (loading the LLB ciphertext into the AES engine), but that's not how it works, the GID key is used to decrypt the LLB's KBAG into an AES key:IV pair and that is used to decrypt the LLB.
More:
> The behavior of the Boot ROM changes fundamentally based on the "Security Domain" fuse. > > Production (CPFM 01):
Security Domain (SDOM) is a different thing than CPFM. And production devices have CPFM 03.
> CHIP (Chip ID): Identifies the SoC model (e.g., 0x8101 for M1).
The M1 SoC is 0x8103.
Due to Brandolini's Law I will not continue to list everything else that is wrong here...
I have never seen this frequency before.
Sometimes people mix up “i.e.” (“id est”; “that is”) and “e.g.” (“exempli gratia”; “for example”).
Of course, only the author knows if this case was a mix up, or if they really wrote what they meant.
Recently I've taken on their code signing component. The concepts they've created, such as identifying applications by their "designated requirements" is a stroke of genius. It makes the system completely stateless and capable of almost anything without auxiliary data structure or additional code.
I've seen other engineering teams try and fail at building something similar, and never with such powerful simplicity.
Final Thought: macOS is no longer just a Unix system. It is a distributed system running on a single die, governed by a hypervisor that doesn't exist in software. The kernel is dead; long live the Monitor.
