Skip to content

Glossary

Translation regime (TTBR)

The ARM concept of a region of virtual addresses that translate through a specific page-table base register. XNU uses two: TTBR0 for userspace, TTBR1 for kernel.

ARM defines a translation regime as a set of virtual addresses that translate through a specific page-table base register. XNU on Apple Silicon uses two regimes at EL0/EL1:

  • TTBR0_EL1 — holds the user-mode page-table base. Userspace virtual addresses (low half of the 64-bit space, starting at 0) translate through here.
  • TTBR1_EL1 — holds the kernel page-table base. Kernel virtual addresses (high half, starting at 0xFFFF_0000_…) translate through here.

This split has consequences:

  • TTBR1 essentially never changes during normal operation — kernel mappings are global.
  • TTBR0 changes on every context switch between tasks: the new task's page-table base is written, along with the new ASID.
  • Userspace and kernel can both be mapped simultaneously without conflict.
apple-oss-distributions/xnuosfmk/arm/pmap.cpmap_switch — installs the new task's TTBR0 + ASID.View on GitHub(line )

Apple Silicon uses 16 KB pages with 3 levels of translation, covering 48-bit virtual addresses. Each PTE encodes the physical page frame plus permissions, cacheability, and the permission-group ID that APRR/SPRR reinterprets.

See also: pmap, ASID, APRR/SPRR, and the Apple Silicon page tables article.