[teknologist]

I wonder if it's possible for app devs to use Exclaves. The thing that irks me about Apple is that they invent this new amazing internal stuff but then completely wall it off from devs, leaving everyone else (banking apps, wallets, secure messaging, etc.) to continue running in unsecured user space.

[mike_hearn]

They don't do that. Apple userspace has continually got more secure too.

One simple example: recent versions of macOS run all apps inside a sandbox, even those that don't opt in. One thing the sandbox blocks is apps modifying each others files, which up until then had been a major weakness of the security system (signatures of a bundle were checked at first-run, but not on every execution).

[dwaite]

My understanding is no with the current design - exclaves are built into the overall OS and started as part of the boot process, so they are relatively static. I suspect these components have static relationships for security reasons.

They are also kernel-to-kernel currently, so third party support would likely be limited to implementing things like secure device drivers. However, Apple has been trying to push third party drivers to user space, not to the hypervisor. Based on that migration happening in parallel with this development, I do not suspect they plan to pivot and have third party driver developers use exclaves.

It is pretty common for Apple to do significantly more stabilization of kernel-imposed platform features like this internally before exposing to third parties (see also pointer authentication a la arm64e).

[saagarjha]

Currently no.