WWDC 2020: Explore the new system architecture of Apple silicon Macs

Apple silicon and macOS

Intel Macs contain a multi-core CPU, discrete GPU, and a T2 chip
Apple system-on-a-chip combines all of these components on a single chip, and adds additional co-processors for video encoding/decoding and machine learning

Another big advantage of SoC architecture: unified memory across entire chip

Unlike Intel CPUs which have a single core type, Apple silicon chips have a combination of high-efficiency cores and high-performance cores
macOS will schedule applications onto the appropriate type of core based on performance requirements

Existing macOS frameworks will automatically take advantage of system-on-a-chip features: Metal apps will get benefits of unified memory architecture, AVFoundation and VideoToolbox will use hardware video acceleration, and Core ML, Accelerate, and simd frameworks will use neural engine
Apple silicon is especially efficient for BiPlanar formats, e.g. kCVPixelFormatType_420YpCbCr8BiPlanarVideoRange

For asymmetric cores, make sure to set proper QoS on work items, or use Grand Central Dispatch to automatically divide up the work across cores

Security Features

macOS gains several security features from iOS platform:

Write XOR execute - memory pages can be either writable or executable, but not both at the same time
JIT compilers can use pthread_jit_write_protect_np() to quickly switch between the two, which has different permissions per-thread (so one thread sees a writeable page, another thread sees only an executable page) so it enables multithreaded JITs

Kernel Integrity Protection - after kernel is initialized, hardware-level enforcement that kernel memory will not be modified and prevents new code from being loaded

Pointer Authentication - signature of pointer stored in unused bits of 64-bit pointer, which is checked when the pointer is used (currently only enabled for kernel, system applications, and system services)

Device isolation - Intel Macs had shared IOMMU for all I/O devices, whereas on Apple silicon each I/O device has an isolated IOMMU mapping to prevent devices from reading other devices' memory
Use IOMapper and IODMACommand API in device drivers

Kernel extensions are still supported, but additional inconvenience for both developers and users
Modern replacement is DriverKit which runs drivers safely in user-space

Applications and Rosetta

Rosetta can run pretty much any macOS application, including Metal apps, JIT compilers, etc.

Mac App Store apps will be translated after installation, and other apps will be translated at first app launch

Rosetta translates all parts of the app, including all system frameworks, down to the system call interface layer
Rosetta can also do on-the-fly translation of newly loaded code

Apple silicon environment has different page size, memory ordering rules, frequency of mach_absolute_time, and floating point NaN handling
Rosetta however will fully emulate the existing x86_64 environment for all of these, e.g. 4KB pages, TSO memory ordering, and 1GHz mach_absolute_time frequency

Rosetta does not support AVX vector extensions, so check for availability using systcl hw.optional.avx1_0

New sysctl sysctl.proc_translated to check if your app is running under Rosetta

System boot

Based on iOS Secure Boot which verifies chain of trust, but now adds support for multiple macOS installs, multiple versions of macOS, and macOS recovery flows

Mac Sharing Mode replaces Target Disk Mode - uses SMB file sharing

Startup Disk configures security policy for each boot volume

• Full Security mode - same as iPhone; default mode; also supports external disk mode
• Reduced Security mode - flexibility and configurability; can run any version of macOS, including those no longer signed by Apple (also required if you want to run notarized 3rd-party kernel extensions)

Use csrutil(1) to configure Secure Boot, Root Volume Authentication, System Integrity Protection

On Intel-based Macs, could only have one security policy for entire system, i.e. every OS on the system
On Apple silicon Macs, can have separate security policy for each OS installation

New feature: login UI now uses standard MacOS-UI w/ accelerated graphics, enabling things like SmartCard and VoiceOver
Previously, could only access Mac frameworks after user authenticated due to FileVault

If macOS is not accessible, then can use macOS Recovery
What if macOS Recovery itself is not available?
On Intel, use Internet Recovery
On Apple silicon, System Recovery is minimal macOS that can re-install macOS and macOS Recovery