Glossary
Plain-language definitions of SEO terms used across the blog.
- AMFI (Apple Mobile File Integrity)
- The kernel extension that enforces what signed code is allowed to load and run on a Mac (or iPhone). Despite the name, it's not iOS-only — every macOS exec goes through it.
- AMX (Apple Matrix Extensions)
- Apple Silicon's undocumented matrix coprocessor. Used heavily by Accelerate and Core ML; programmed via opaque MSR writes to undocumented system registers.
- APRR / SPRR
- Apple Silicon's hardware mechanism for changing a page's effective permissions per-thread by writing a register — no TLB shootdown required. Foundation of fast JIT on Macs.
- Code signing
- The cryptographic signature embedded in every Mach-O binary on a modern Mac. Validates the binary is unmodified and identifies its author.
- DriverKit
- Apple's framework for writing drivers as userspace processes. Same IOKit object model as kernel kexts; crashes can't take down the system.
- Entitlement
- A signed key-value pair inside a binary's code signature that grants a specific kernel- or daemon-checked privilege.
- QoS class
- Quality-of-Service: the userspace-facing scheduling priority. USER_INTERACTIVE down through BACKGROUND, mapped onto Mach's scheduling classes by libdispatch.
- Rosetta 2
- Apple's binary translator that runs x86_64 code on Apple Silicon. AOT-translates most binaries on first launch; JIT-translates the rest at runtime.
- Secure Enclave (SEP)
- A separate ARM core on every modern Apple device, running its own OS, holding cryptographic keys the main CPU never sees.
- SIP (System Integrity Protection)
- A kernel-enforced runtime restriction that forbids even root from modifying system files, loading unsigned kexts, or attaching debuggers to Apple-signed processes.
- TCC (Transparency, Consent, Control)
- The daemon and database that records user grants for sensitive data — camera, microphone, contacts, full disk access, screen recording, and dozens more.
- APFS
- Apple File System. Copy-on-write, snapshots, clones, sealed system volumes — the default filesystem on every modern Apple device.
- BSD (in XNU)
- The FreeBSD-derived upper half of XNU that implements processes, file descriptors, VFS, sockets, and POSIX system calls.
- Darwin
- The open-source Unix-like core under macOS, iOS, watchOS, tvOS, and visionOS. XNU kernel + BSD userland + Apple's frameworks-free base system.
- dyld
- macOS's dynamic linker and loader. Maps Mach-O binaries into a process's address space, resolves dependencies, runs initializers.
- IOKit
- XNU's C++ driver framework. Drivers are objects in a runtime-traversable tree, matched to hardware by dictionary.
- Jetsam
- XNU's memory-pressure killer. Terminates the lowest-priority process in a memory band when free RAM falls under threshold.
- kext
- A kernel extension bundle. Mach-O binary + plist + dependencies, loaded into the kernel address space to extend it at runtime. Being phased out in favor of DriverKit.
- launchd
- The first userland process on macOS. PID 1, the init system, the service manager, and the only thing that can spawn daemons and agents.
- Mach message
- The unit of data and capability transfer between tasks on macOS. A header plus optional typed body that can move ports and memory pages atomically.
- Mach port
- A kernel-owned message queue addressed by capability. The IPC primitive every higher layer on macOS — XPC, launchd, signals — is built on.
- Mach
- The microkernel core of XNU. Originated at CMU in the 1980s; provides tasks, threads, ports, messages, and virtual memory.
- pmap
- The machine-dependent half of XNU virtual memory. Translates a vm_map into the page tables a particular CPU architecture actually walks.
- Sandbox
- The kernel-enforced policy layer that restricts what a process can do. Foundation of App Store apps, helper isolation, and a lot of XPC service security.
- Sealed System Volume (SSV)
- The cryptographically sealed read-only volume holding `/System` on macOS 11+. Apple signs a Merkle root of every file; modifying anything breaks the seal.
- Task (Mach)
- The Mach object that owns a process's address space, threads, and port rights. Paired with a BSD `proc` to form what userspace calls a process.
- Thread (Mach)
- The Mach unit of execution. Schedulable, has CPU registers, runs inside a task's address space. POSIX threads are a layer on top.
- VM compressor
- macOS's in-RAM 'soft swap'. Compresses cold pages with WKdm/LZ4 to free physical frames before writing actual swap to disk.
- vm_map
- The machine-independent description of a task's virtual address space. A sorted list of entries, each pointing at a vm_object.
- XNU
- The kernel that runs macOS, iOS, watchOS, tvOS, and visionOS — Mach core, BSD personality, IOKit drivers, all in one binary.