Skip to content

Notes on the new XNU source release

Yet another one… and this time in buildable form on Apple M1 devices. (tarball at

What are the Apple CPU extensions not supported though on the OSS codebase? Turns out that the answer is almost all of them. A non exhaustive list:

  • APRR (was explicitly removed for this release): permission removal mechanism, notably used in user-space for pthread_jit_write_protect_np
  • Rosetta support (including TSO tasks)
  • WKdm: a traditional assembly implementation is used instead of the CPU extension
  • AMX2: redacted from open-source XNU
  • Apple PAC: Apple extensions to Arm pointer authentication.

The library needed to link to the kernel, present only in binary form, includes GXF support, which are the guarded execution extensions. Note that the KernelSupport library is part of the KDK under the Apple SDK license, and as such not licensed under APSL.

As such, the kernel cannot be built without linking with proprietary Apple code.

Some notes on GXF:

  • Guarded exec levels MSRs: SP_GL[1/2], TPIDR_GL[1/2], VBAR_GL[1/2], ELR_GL[1/2], ESR_GL[1/2], FAR_GL[1/2], SPSR_GL[1/2]
  • Configuration MSRs: GXF_CONFIG_EL[1/2], GXF_ENTRY_EL[1/2], GXF_PABENTRY_EL[1/2]
  • Instructions: GENTER/GEXIT to enter/exit guarded execution.

Leave a Reply

Your email address will not be published. Required fields are marked *