Skip to content

Open source. Linked to the real code.

How macOS really works.

A guided tour of the open-source kernel that runs every Mac — every concept linked back to the actual file on GitHub.

Explore the subsystemsStart reading

The five subsystems.

macOS is not one thing. It's a Mach kernel core wrapped in a BSD personality, fronted by a C++ driver framework, sitting on a copy-on-write filesystem, all managed by a virtual memory layer that spans every running process.

XNU / Darwin architectureThe four canonical layers Apple defines for the XNU kernel environment: application environments at the top, system libraries and daemons, the kernel itself (Mach + BSD + I/O Kit + libkern), and hardware at the bottom. A security stack on the right intersects every layer.APPLICATION ENVIRONMENTSAppsApp Store · CLI · GUIApp frameworksCocoa · UIKit · SwiftUIMetal · CoreImagegraphics + MLFoundation · CombineObj-C / Swift runtimeSYSTEM LIBRARIES & DAEMONSlibSystemlibc · libpthread · libmlibdispatchGCD queuesdylddynamic loaderlaunchd · mDNSResponderPID 1 + system servicesUSER / KERNEL BOUNDARY — THREE API TIERSsysent[+n] · BSD syscallmach_trap_table[−n]IOUserClient · mach_msgKERNEL ENVIRONMENT (XNU)Machtasks · threads · ports · IPCscheduler · exception deliveryBSDproc · syscalls · signals · ucredthe POSIX personalityI/O KitIOService · IORegistryC++ driver frameworkvm_*, thread_*mach_msgVirtual memoryvm_map · vm_object · pmapVFS + APFSvnode · vnop_* · apfs.kextlibkern · DriverKitOSObject · userland driversVM compressor · jetsamreclaim under pressureNetwork stack4.4 BSD · TCP/IP · Skywalkkextslegacy in-kernel modulesHARDWARECPU / MMUSSD · APFS HWGPU / NPUSecure EnclavePCIe · USBDRAMSEP storageSensors · Display · Wi-Fi · Bluetooth · PowerSECURITYCode signingevery binarySandboxSBPL profilesEntitlementscapability grantsSIPcsrutilSealed System VolumeMerkle rootTCCuser consentSEP-backed keysFileVaultAPRR · KPPhardware-enforced
Userspace at the top, kernel below. Each block is a subsystem you can open.
Explore the subsystems

Grounded in the source.

Apple publishes the XNU kernel and most of Darwin as open source. Every claim on this site cites a file you can open in your browser.

Browse apple-oss-distributions on GitHub

Latest articles

Articles
Inside APFS: copy-on-write, snapshots, and the sealed system volume
Apple File System, the format under every modern Mac: how it lays out blocks, how it gets snapshots almost for free, and why your /System is read-only at the cryptographic level.
apfsfilesystemkernelxnu
IOKit and the driver model: how a Mac talks to its hardware
Embedded C++, an object tree, and matching dictionaries — IOKit is how every driver on macOS gets loaded, paired with hardware, and called.
iokitdriverskernelxnu
Mach ports: how every macOS process actually talks to another
Tasks, ports, messages, and rights — the IPC primitive that quietly carries every IPC on your Mac, from XPC to drag-and-drop.
machipckernelxnu