{
"path": "/3mian4fgjw22w",
"site": "https://leaflet.pub/p/did:plc:3oyt3ltjz6x6gyqjug7szkt7",
"tags": [],
"$type": "site.standard.document",
"title": "Notes re:Exclaves",
"content": {
"$type": "pub.leaflet.content",
"pages": [
{
"id": "019d3c52-4a12-7770-bb7d-3aec47466d5d",
"$type": "pub.leaflet.pages.linearDocument",
"blocks": [
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 40,
"byteStart": 18
},
"features": [
{
"uri": "https://patents.google.com/patent/US20250094563A1/en",
"$type": "pub.leaflet.richtext.facet#link"
}
]
}
],
"plaintext": "Excerpts from the Secure Exclaves patent formatted and modified to make readable."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.header",
"level": 2,
"plaintext": "Implementation"
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.image",
"image": {
"$type": "blob",
"ref": {
"$link": "bafkreihoqs2p7wmos4azv67lgmwdgly5xfqilvblhydkbyketnqr3dw53a"
},
"mimeType": "image/png",
"size": 323013
},
"aspectRatio": {
"width": 1562,
"height": 1232
}
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0055) In the illustrated embodiment, display unit is configured to implement an exclave 132A to extend the enforcement of one or more security criteria of the secure environment with respect to the display pipeline by using a secure blend, secure extractor, and secure DMA. In doing so, these elements serve to physically isolate distributed trusted data by providing a separate data path controlled from the secure environment by one or more trusted processes in order to enable the display pipeline to perform tasks associated with untrusted processes and trusted processes. As shown, exclave 132A provides a way for a trusted process to have pixel data combined with input pixel data provided by an untrusted process."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 134,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#italic"
}
]
}
],
"plaintext": "Note: From what I can tell in the dense text, \"trusted processes\" refer to processes that run within the CPU's guarded execution mode."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0057) Secure blend is an additional pipeline stage that includes circuitry configured to insert pixel data from a trusted process into an output frame prior to presenting the output frame via the display. For example, inserted pixel data may appear as one or more colored dots in an upper right corner of a frame. As shown, inserted pixel data can be used to convey an indicator of a component of device being active such as a sensor configured to collect sensitive data about a user, a camera, a microphone, hardware interfaces, etc. In some embodiments, pixel data received by secure blend is created by a trusted process responsible for notifying a user. I n other embodiments, secure blend may generate pixel data itself in response to a request (or some other indication) from the secure environment. Secure blend may also perform other tasks such as adding a ring around inserted pixel data in order to prevent it from being obscured when inserted to a frame having the same color background."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0058) Secure extractor is an additional pipeline stage that includes circuitry configured to extract pixel data from where pixel data was previously inserted into an output frame in order to conform that it still remains present in the frame headed to the display. Secure extractor may also check other details such as performing a CRC check, verifying whether the display is active and communicating with pipeline, etc. In the illustrated embodiment, secure extractor provides the extracted pixel data to a trusted process for analysis. If the analysis determines that pixel data corresponding to indicator remains inserted into output frames, usage associated with indicator may be permitted to continue."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0059) Secure DMA engine is circuitry configured to communicate pixel data between exclave 132A and the regions of memory assigned to trusted processes. In the illustrated embodiment, secure DMA engine is a second, separately controlled DMA engine from the primary DMA engine configured to retrieve input data from memory for the display pipeline. Secure DMA engine may also be inaccessible to components outside of the secure environment and may handle only requests originating from within the secure environment or an exclave 132. In providing this separate data path, secure DMA engine can ensure components of exclave 132A do not process data received from untrusted processes in order to make it more difficult for a malicious process to interfere with tasks being performed by exclave 132A."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.image",
"image": {
"$type": "blob",
"ref": {
"$link": "bafkreiga4qxym4opwq63ooksb6rvlmv2nz4xdn5c5r23k7fmhba4kvfp4u"
},
"mimeType": "image/png",
"size": 323112
},
"aspectRatio": {
"width": 1364,
"height": 1020
}
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0062) In the illustrated embodiment, ISP implements an exclave 132B to extend the enforcement of one or more security criteria of the secure environment by using a secure pipeline, IOMMU, cutoff switch, and secure processor. In doing so, ISP can securely provide processed camera sensor data to trusted processes (or other trusted consumers) and negotiate one or more conditions in which untrusted processes (or other untrusted consumers) are permitted to receive processed sensor data - such as confirmation that an indicator is currently being provided to a user via pixel data."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0063) Secure pipeline is an additional pipeline that provides data isolation for camera sensor data for trusted processes while the unsecure pipeline processes data for unsecured processes. In some instances, it may be desirable to perform certain tasks without burdening the user with additional indicators. For example, a trusted process may continually analyze a camera sensor processed by a secure pipeline to determine whether a user is paying attention to the device in order to potentially implement various power saving techniques such as dimming the display when the user is not paying attention, etc. A trusted process or trusted hardware may also be used to perform a biometric authentication of a user using facial recognition, iris recognition, etc. Usage of a separate secure pipeline can make it harder for a malicious process to circumvent the security criteria being enforced by exclave 132B. It also can prevent a malicious process from starving access to camera sensor data used by trusted processes. In some embodiments, usage of a secure pipeline may also allow for ISP to provide greater capabilities to trusted processes, which may be less desirable for untrusted processes, such as higher resolutions, frame rates, etc. In order to avoid comingling tasks of trusted and untrusted processes, pipelines may be separately addressable by processes such that only trusted processes within the secure environment (or other trusted entities) can address resources associated with the secure pipeline."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0064) IOMMU is circuitry configured to communicate memory requests from DMAs to memory via fabric. As part of this communication, IOMMU translates virtual addresses specified in the memory requests to their corresponding physical addresses known to memory. In the illustrated embodiment, IOMMU restricts tasks associated with untrusted processes from accessing memory regions assigned to trusted processes by storing separate sets of address translations for trusted processes and untrusted processes. Accordingly, when a memory request is received DMA for an untrusted process IOMMU accesses its untrusted address translations and, if a corresponding translation is stored, translates the virtual address specified in the request to its corresponding physical address for communication memory. If, however, no corresponding translation is stored, IOMMU is unable to perform the translation preventing tasks associated with untrusted processes 112 from accessing unauthorized memory regions such as those assigned to trusted processes. Tasks associated with trusted processes being handled by secure pipeline may also be barred from accessing regions assigned to untrusted processes if no corresponding translation is stored in the set of trusted address translations. IOMMU may determine which set of translations to access for a given memory request based on the particular DMA issuing that memory request. In some embodiments, translations are provided by the SPTM discussed above."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0065) Cutoff switch is circuitry configured to control whether sensor data is permitted to flow to sensor pipeline 510B and thus unto an untrusted process. In response to the one or more conditions for providing data being satisfied (such as an indicator being provided via a display unit), the cutoff switch allows the flow of data to pipeline 510A. If, however, one or more of the conditions have been violated, the cutoff switch is configured to interrupt the data path through which data is being provided to pipeline 510. In some embodiments, the cutoff switch is configured as a dead man's switch that remains enabled while confirmations that the criteria are satisfied are periodically received but that, in response to an omission of the confirmation, interrupts providing the data to pipeline 510A. In some embodiments, the cutoff switch is controlled by a secure processor based on an indicator confirmation."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0066) Secure processor is a processor configured to manage various operations of ISP. To enable the secure processor to be controlled from the secure environment by one or more trusted processes, secure processor may include one or more configuration registers configured to store configuration information controlling operation of the camera sensor and addressable only by trusted processes within the secure environment. This configuration information may be used to control particular settings of camera, control the behaviors of the sensor pipelines, etc. In the illustrated embodiment, when camera sensor data is being accessed by an untrusted process, secure processor receives indicator confirmation confirming whether an indicator is being presented to the user (or more generally that the one or more criteria for providing data has been satisfied). As noted above, this confirmation may be provided by a trusted process analyzing extracted pixel data from a display unit. Secure processor may also be responsible for providing an indication that the camera sensor is active to a corresponding trusted process executable to produce an indicator. In some embodiments, secure processor periodically receives an indicator confirmation while the sensor is active as a heartbeat signal indicating that the one or more conditions for providing access to camera sensor data have been satisfied. In response to determining that the heartbeat signal is no longer being received, sensor processor can take one or more corrective actions to discontinue providing sensor data to an untrusted process. In the illustrated embodiment, secure processor is coupled to a sensor power management unit, which is configured to provide power to the camera sensor. In response to determining that the one or more conditions for providing access to sensor data have been violated, secure processor can instruct the PMU to power gate the sensor. The secure processor may also instruct the cutoff switch to interrupt the data path providing data."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.image",
"image": {
"$type": "blob",
"ref": {
"$link": "bafkreia4n24mbfrgpgmh5hwku3noebyrwfymnk47kmvno2yys6ztevsmw4"
},
"mimeType": "image/png",
"size": 239661
},
"aspectRatio": {
"width": 1364,
"height": 990
}
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0069) In the illustrated embodiments, an audio unit implements an exclave 132C to extend the enforcement of one or more security criteria of the secure environment by using a secure pipeline, IOMMU, and cutoff switch. Similar to the ISP pipeline, secure pipeline is an additional pipeline that provides data isolation for audio sensor data for trusted processes and can be used independently of the unsecure pipeline processing data for untrusted processes. To maintain this separation, the secure pipeline also includes a separate DMA to ensure data separation for memory requests issued from the secure pipeline from memory requests issued by the DMA from the unsecure pipeline. The IOMMU is similarly configured to service these memory requests by storing a first set of memory address translations (and thus memory addresses) designated as being accessible to the secure pipeline and a second set of memory address translations designated as being accessible to the unsecure pipeline and restricting the secure pipeline from accessing memory address translations (and thus memory addresses associated with those translations) outside of the first set and the unsecure pipeline from accessing memory address translations outside of the second set. The cutoff switch is similarly configured to enable or disable providing audio sensor data to an untrusted process via sensor pipeline in response to the one or more security criteria being satisfied."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.image",
"image": {
"$type": "blob",
"ref": {
"$link": "bafkreibyjc72eijpfehh634k5duc3qyizn5fl765ukgfpy4hbhvd5j6qke"
},
"mimeType": "image/png",
"size": 204065
},
"aspectRatio": {
"width": 1282,
"height": 1028
}
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0070) As shown, a neural engine includes a neural engine core, IOMMU, and multiple context queues. (0071) The neural engine core includes circuitry configured to perform various neural network operations such as those associated with matrix multiplication, activation function application, backpropagation calculation, or various other tensor operations. As shown, the neural engine core can be used to perform sensitive tasks assigned by trusted processes, which can include user authentication, speech detection for activation of a voice assistant, attention awareness, etc. In order to ensure separation of tasks assigned by untrusted processes and tasks assigned by untrusted processes, the neural engine implements an exclave 132D using the IOMMU and one or more secure queues."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0072) In various embodiments, separate context queues are used to preserve state for separate contexts associated with trusted and untrusted processes. When transitioning between performance of tasks, the neural engine core may implement a context switch in which state from performance of one task is offloaded to a queue and state for performance another task is loaded into the core from a queue. In the illustrated embodiment, a separate secure context queue is used to physically isolate state data belonging to trusted processes. As this separate secure context queue serves as an additional data buffer to store distributed data associated with trusted processes and does not store distributed data associated with untrusted processes, distributed data can be protected from untrusted processes. Furthermore, the IOMMU can restrict access to queues by processes using untrusted and trusted address translations as discussed above as well as restrict the memory requests issued by the contexts associated with the queues."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.image",
"image": {
"$type": "blob",
"ref": {
"$link": "bafkreiarialtrq66nl3xvghf7epl54732g7xfeg7tq33zmfjacdmavdgc4"
},
"mimeType": "image/png",
"size": 186750
},
"aspectRatio": {
"width": 1234,
"height": 1030
}
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0074) As with other accelerators, GPU cores may be configured to perform tasks assigned by trusted processes and tasks assigned by untrusted processes. In order to ensure data separation of trusted process data and untrusted process data during performance of these tasks, in the illustrated embodiment, the graphics unit implements an exclave 132E using an address resolution table. In some embodiments, GPU cores issue memory requests specifying the physical addresses of memory (as opposed to virtual addresses corresponding to those physical addresses). As no virtual address translation is being performed, the graphics unit may not use an IOMMU as discussed above with other accelerators. Instead, an address resolution table maintains trusted and untrusted address mappings identifying the memory regions assigned to the trusted processes and memory regions assigned to the untrusted processes. In some embodiments, these mappings are provided by SPTM discussed above and may specify the physical addresses accessible to a task associated with a given trusted or untrusted process. Accordingly, when GPU cores perform tasks assigned to an untrusted process, GPU cores may issue memory requests specifying physical addresses to the address resolution table. If a corresponding mapping exists in the table for that process, the memory requests may be allowed to travel across fabric to memory. Otherwise, those memory requests may be barred by the address resolution table. In some embodiments, exclave 132E also uses separate DMA engines for issuing memory requests with respect to trusted and untrusted process memory as discussed above."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.header",
"level": 2,
"plaintext": "Purpose"
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0019) A computing device includes one or more processors, memory, and heterogenous hardware accelerators coupled together via a fabric 102. Heterogenous hardware accelerators include a display unit, image signal processor (ISP), audio unit, neural engine, and graphics unit."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 278,
"byteStart": 277
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "(0021) In order to improve the security of the device in various embodiments, processors are configured to co-execute trusted processes and untrusted processes in an isolated manner that includes implementing a secure environment in which a set of security criteria is enforced. These criteria may define how trusted process data is maintained for trusted processes (as well as untrusted process data for untrusted processes in some embodiments). For example, untrusted processes may be barred from accessing regions of memory storing trusted process data. These criteria may also define what resources are permitted (and under what conditions) to access trusted process data and interface with trusted processes. These criteria may also define what resources (e.g., cameras, microphones, location sensors, motion sensors, health tracking sensors, etc.) are accessible (and under what conditions) to untrusted processes. These criteria may define what execution privileges can be assigned to trusted and untrusted processes. These criteria may also define the conditions/contexts in which trusted process data is permitted to flow from the secure environment to untrusted processes (or other untrusted destinations)."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0023) In some instances, particular tasks requested by trusted and untrusted processes may benefit from the use of hardware accelerators designed to perform particular tasks. As will be discussed, a display unit can perform various tasks used to produce frames output by a display. An image signal processor (ISP) can perform various tasks to process sensor data received from a camera. An audio unit can perform various tasks to process input audio signals from a microphone and/or output audio signals for speakers. A neural engine can perform various tasks related to machine learning. A graphics unit can perform various graphical processing tasks. As noted above, however, a challenge with permitting trusted processes to use hardware accelerators is that they can present a potential attack vector for untrusted processes to gain access to the secure environment."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0024) To prevent these types of circumventions in various embodiments, hardware accelerators are configured to implement exclaves of the secure environment that extend enforcement of one or more security criteria within hardware accelerators."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"plaintext": "(0025) As one exemplary use case, a processor may execute a trusted process for identifying utterance of a trigger word (e.g., \"Hey Siri\" to activate a voice assistant implemented by an untrusted process. An exclave implemented by an audio unit may process input audio received from a microphone and provide the processed audio data to the trusted process, which is permitted to access the audio data as the process is in the secure environment. The audio unit, however, may initially prevent this audio data from leaving the exclave for the untrusted voice assistant process but negotiate one or more conditions in which the audio data is permitted to leave the secure environment such as 1) the trusted process indicating that the trigger word has been detected and 2) receiving confirmation that the user is being notified about the microphone being in use."
}
}
]
}
]
},
"description": "",
"publishedAt": "2026-03-30T02:40:00.685Z"
}