Hardware Flashcards
RME: definition and one thing
ARM
Realm management extension
Architecture extension for Armβs confidential compute architecture
SME
ARM
Scalable matrix extension
ICC_IAR
GIC
Interrupt acknowledge register
MTE: How do enable tag checking for a memory region in stage 1?
PTE index to MAIR with tagged attribute
Whatβs WIMG?
XNU
Memory attributes in pmap such as cache abilities and MTE
POE2
ARM
Permissions overlay extension 2
MTE: tag to memory ratio
4 bit tag for every 16 bytes of physical memory
MTE: read, write and generate tag instructions
LDG, STG, IRG
AMX
Apple Hardware
Apple matrix extension
CPMU: definition and four features
Apple Hardware
Core performance monitor unit
Cycle counter
Filtered event counter
Event sampling
Counter overflow exception
UPMU: definition and description
Apple Hardware
Uncore performance monitor unit
Counting events in uncore blocks such as LLC
counter overflow exception
CLPC: definition, description, aka
Apple Tech
Closed loop performance control
System power management and performance control
Also known as AON_PMU
H16 Mac Chips
G: Donan
Brava
H17 Mac Chips
G: Hydra
Sotra
H18 Mac Chips
P: Thera
A: Tilo
G: Komodo
Apple silicon high density compute server 2025: code, chip, storage, NIC, ancestor
J226
Replaces J126
32x H17G
1 TB storage
200 Gbps NIC
HDR: definition and description
Graphics
High dynamic range
Enable a monitor to display a broader spectrum of colors and contrasts
ARM system ready
Measures compliance to a set of hardware and firmware standards
GICH_ELRSR: description
ARM GIC
Empty list register status register
AVX
Intel Architecture
Advanced vector extension
CPP RCTX
ARM
Cache prefetch prediction restriction by context
CFP RCTX
ARM
Control flow prediction restriction by context
ARMοΌ FEAT_LOR - definition and description
Limited ordering regions
Allow large systems to perform special load and store instructions that provide order for a specified region of physical memory
POE: how to identify code and data spatially
Translation of the VA on a per page granularity
POE: how to identify code temporally
TIndex
POE: 3 spatial access enforcement
What code can run
What code can read or write what data
What code can execute which instructions or access which system registers
POE: POIndex: definition and description
Permission overlay index
Specified in stage 1 translation table descriptor
POE: FPOIndex: definition and description
Fetch POIndex
The POIndex from the translation of current PC VA
POE: DPOIndex: definition and description
Data POIndex
The POIndex from the translation of the VA for the target of a memory accessing instruction
POE: TIndex
Temporal index
POE: POTIndex: definition and description
Permission overlay table index
Index into DPOT and TTT
POE: FGDTIndex: definition and description
Fine grained dynamic trap index
Select which FGDT register to use
POE: IRT: definition, 2 input, 3 output
Instruction region table
In memory table that generates execute permission, FGDTIndex and POTIndex from TIndex and FPOIndex
POE: DPOT: definition and description
Data permission overlay table
Describes stage 1 data read and write permission subtractions from POTIndex and DPOIndex
POE: TTT: definition and description
TIndex transition table
Describe the permitted transitions of TIndex
POE: FGDT: definition and description
Fine grained dynamic trap
Restrict instruction and system register accesses
POE: PLB
Permission look aside buffer
POE: LDSTT_ELx
Value of FPOIndex to be used by load and store unprivileged instructions
POE: TPS: D2
Thread private state check
Restrict any access by the thread to a thread private page that is outside its min and max bounds
RDMA: d2
Remote direct memory access
Access from the memory of one computer into that of another without involving either oneβs operating system
Context synchronization event: what, how 3
ARM
Guarantee visibility of any system register change
ISB
exception entry and return
Exit from debug state
ARM: S2PIE: definition
Stage 2 Permission Indirection Enable
ARM: TPS: d2
Thread private state
Prevent access to a thread private page that is outside its min and max bounds
ARM: BTI2: where, three requirements
Enhanced guarded page
Link register set by instruction before BTI c
landing pad for branches
landing pad for returns
ARM Memory: Uncached: what and when
Provides real time guarantees as the memory is never cached
Available in H12+
ARM memory: non cached
Write combined memory that reduces likelihood of cache snooping
RGSR_EL1
ARM MTE
Random (allocation tag) generator seed register
GCR_EL1
ARM MTE
Tag control register
TFSR_EL1
ARM MTE
Tag fault status register
ARM
VMSA Locks
Purpose
Control the MSR write-access to various ARM ISA system registers.
APRR: definition
Apple Hardware
Access protection restriction register
Granule protection table
ARM
Tracks whether a page is used for realms, trust zone or normal world
H19 SoC Names
P/iPhone: Borneo
A/iPhone: Banda
ASM: Andros
G: Delos
ISA: TUNIMP
Trap unimplemented PSTATE or instructions
FEAT_NV2p1
ARM
Retain bits that are used in EL2 but reserved in EL1
FEAT_ECV: what, 2 benefits for our virtualization stack
ARM
Enhanced counter virtualization
offset between EL0/1 and EL2 view of physical time
Direct physical timer interrupt to vGIC
FEAT_UINJ
ARM
Provide higher privilege software with a future proofed mechanism to inject an Undefined Instruction exception into lower privilege software
S1PIE
ARM
Arm indirection permission scheme
ERETAA/ERETAB compared to ERET: what, input
Authenticate the address in ELR
SP as modifier, IA/IB as π
PACGA: what, 3 inputs, contrast with PACIx
Compute pointer authentication code for an address
Address in the first source register, modifier in the second source register, generic π
Same PAC bits regardless of TBI and TxSZ
Three Apple mode PAC π diversification
Host EL2/0: HMKEY
Guest EL1/0: VMKEY
Per-key 4 bit value
ARM breakpoint slip avoids 4 things
Replace BRK with original instruction, and vice versa
Stop other threads which share the breakpoint
Create instruction pages
Perform instruction specific adjustments (BL)
BTI: purpose, function, integration
ARM
- Purpose: Marks valid branch targets to prevent branch target injection (e.g., Spectre v2).
- Function: Requires indirect branches to land on valid BTI markers; invalid targets raise exceptions.
- Integration: Works with guarded pages and Pointer Authentication for control flow security.
FEAT_CMOW
control for cache maintenance permission
FEAT_ASID2
Concurrent use of two ASIDs
FEAT_ETS3
Enhanced translation synchronization v3
FEAT_STEP3: d2
Enhanced software step extension
Software step executes stuffed instruction instead of the instruction at that VA
ARM: RAS
Reliability, availability and serviceability
FEAT_NV3
two benefits
Avoid unnecessary trapping of ERET instructions under nested virtualization
Avoid unnecessary trapping of TLBI instructions under nested virtualization
