internals: update for macOS 15.4 Sequoia

• move all checks to the very beginning to fail early
• handle simulator paths with spaces
• handle executable paths with quotes

Makefile

@@ -1,6 +1,6 @@
 override DB := $(if $(DB),$(DB:.lz=),$(lastword $(sort internals-$(shell sw_vers -productVersion).db $(basename $(wildcard internals-*)))))
 MY_INTERNALS = $(HOME)/Library/Mobile\ Documents/com~apple~TextEdit/Documents/Apple\ Internals.rtf
-DB_TARGETS = db_files db_binaries db_manifests db_assets db_services
+DB_TARGETS = db_files db_restricted db_binaries db_manifests db_assets db_services
 CHECK_TARGETS = check_files check_binaries check_manifests check_services
 
 .PHONY: all check view sqlite $(DB_TARGETS) $(CHECK_TARGETS)
@@ -33,7 +33,8 @@ check: internals.tsv
 	@$(MAKE) --silent --jobs=1 $(CHECK_TARGETS)
 
 define VIEW
-SELECT path,os FROM files;
+SELECT path,os FROM files WHERE restricted IS NULL;
+SELECT path,os,'restricted' FROM files WHERE restricted;
 SELECT path,os,name FROM files NATURAL JOIN assets;
 SELECT path,os,dylib FROM files NATURAL JOIN linkages;
 SELECT files.path,os,key,value FROM files NATURAL JOIN services, json_each(plist);
@@ -56,16 +57,24 @@ DSCEXTRACTOR = $(shell nix build --no-write-lock-file --no-warn-dirty .\#dsc-ext
 	readlink result && rm result)/bin/dyld-shared-cache-extractor
 
 $(DB_TARGETS)::
-	# evaluate helper tools to catch Nix build errors early
-	: $(ACEXTRACT)
-	: $(DSCEXTRACTOR)
-
-dyld: /System/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_x86_64h /System/Cryptexes/OS/System/DriverKit/System/Library/dyld/dyld_shared_cache_x86_64h
+	# check presence of helper tools and other preconditions
+	if ! test -x $(ACEXTRACT) ; then \
+		printf '\033[1macextract tool unavailable\033[m\n' >&2 ; \
+		echo 'FAIL;' ; \
+		exit 1 ; \
+	fi
 	if ! test -x $(DSCEXTRACTOR) ; then \
 		printf '\033[1mdscextractor tool unavailable\033[m\n' >&2 ; \
 		echo 'FAIL;' ; \
 		exit 1 ; \
 	fi
+	if ! csrutil status | grep -Fq disabled ; then \
+		printf '\033[1mdisable SIP to get complete file information\033[m\n' >&2 ; \
+		echo 'FAIL;' ; \
+		exit 1 ; \
+	fi
+
+dyld: /System/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_x86_64h /System/Cryptexes/OS/System/DriverKit/System/Library/dyld/dyld_shared_cache_x86_64h
 	for i in $+ ; do $(DSCEXTRACTOR) $$i $@ ; done > /dev/null
 	find $@ -type f -print0 | xargs -0 chmod a+x
 
@@ -74,9 +83,9 @@ XCODE = $(lastword $(wildcard /Applications/Xcode.app /Applications/Xcode-beta.a
 prefix = $$(case $(1) in \
 	(macOS) ;; \
 	(macOS-dyld) echo $(dir $(realpath $(firstword $(MAKEFILE_LIST))))/dyld ;; \
-	(iOS) echo $(wildcard /Library/Developer/CoreSimulator/Volumes/iOS_*/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS*.simruntime/Contents/Resources/RuntimeRoot) ;; \
-	(tvOS) echo $(wildcard /Library/Developer/CoreSimulator/Volumes/tvOS_*/Library/Developer/CoreSimulator/Profiles/Runtimes/tvOS*.simruntime/Contents/Resources/RuntimeRoot) ;; \
-	(watchOS) echo $(wildcard /Library/Developer/CoreSimulator/Volumes/watchOS_*/Library/Developer/CoreSimulator/Profiles/Runtimes/watchOS*.simruntime/Contents/Resources/RuntimeRoot) ;; \
+	(iOS) echo $(lastword $(wildcard /Library/Developer/CoreSimulator/Volumes/iOS_*))/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS*.simruntime/Contents/Resources/RuntimeRoot ;; \
+	(tvOS) echo $(lastword $(wildcard /Library/Developer/CoreSimulator/Volumes/tvOS_*))/Library/Developer/CoreSimulator/Profiles/Runtimes/tvOS*.simruntime/Contents/Resources/RuntimeRoot ;; \
+	(watchOS) echo $(lastword $(wildcard /Library/Developer/CoreSimulator/Volumes/watchOS_*))/Library/Developer/CoreSimulator/Profiles/Runtimes/watchOS*.simruntime/Contents/Resources/RuntimeRoot ;; \
 	esac)
 
 find = \
@@ -99,18 +108,19 @@ $(DB_TARGETS)::
 	echo 'BEGIN IMMEDIATE TRANSACTION;'
 
 db_files:: dyld
-	if ! csrutil status | grep -Fq disabled ; then \
-		printf '\033[1mdisable SIP to get complete file information\033[m\n' >&2 ; \
-		echo 'FAIL;' ; \
-		exit 1 ; \
-	fi
 	printf '\033[1mcollecting file information...\033[m\n' >&2
 	echo 'DROP TABLE IF EXISTS files;'
-	echo 'CREATE TABLE files (id INTEGER PRIMARY KEY, os TEXT, path TEXT, executable BOOLEAN);'
+	echo 'CREATE TABLE files (id INTEGER PRIMARY KEY, os TEXT, path TEXT, restricted BOOLEAN, executable BOOLEAN);'
 	$(call find,,sudo) | sed -E "s/'/''/g;s/([^ ]*) (.*)/INSERT INTO files (os, path) VALUES('\1', '\2');/"
 	find $(HOME)/Library | sed "s|^$(HOME)|~|;s/'/''/g;s/.*/INSERT INTO files (os, path) VALUES('macOS', '&');/"
 	echo 'CREATE INDEX _files_path ON files (path);'
 
+db_restricted:: dyld
+	printf '\033[1mcollecting restricted files...\033[m\n' >&2
+	$(call find,-flags restricted,sudo) | while read -r os path ; do \
+		echo "UPDATE files SET restricted = true WHERE os = '$$os' AND path = '$$(echo "$$path" | sed "s/'/''/g")' ;" ; \
+	done
+
 db_binaries:: dyld
 	printf '\033[1mcollecting executable information...\033[m\n' >&2
 	echo 'DROP TABLE IF EXISTS linkages;'
@@ -120,7 +130,7 @@ db_binaries:: dyld
 	echo 'CREATE TABLE entitlements (id INTEGER REFERENCES files, plist JSON);'
 	echo 'CREATE TABLE strings (id INTEGER REFERENCES files, string TEXT);'
 	$(call find,-follow -type f -perm +111) | while read -r os path ; do \
-		echo "UPDATE files SET executable = true WHERE os = '$$os' AND path = '$$path';" ; \
+		echo "UPDATE files SET executable = true WHERE os = '$$os' AND path = '$$(echo "$$path" | sed "s/'/''/g")';" ; \
 		if test -r "$(call prefix,$$os)$$path" && file --no-dereference --brief --mime-type "$(call prefix,$$os)$$path" | grep -Fq application/x-mach-binary ; then \
 			objdump --macho --dylibs-used "$(call prefix,$$os)$$path" | \
 				sed "1d;s/^.//;s/ ([^)]*)$$//;s/'/''/g;s|.*|INSERT INTO linkages $(call file,'&');|" ; \
@@ -153,11 +163,6 @@ db_manifests::
 	done
 
 db_assets::
-	if ! test -x $(ACEXTRACT) ; then \
-		printf '\033[1macextract tool unavailable\033[m\n' >&2 ; \
-		echo 'FAIL;' ; \
-		exit 1 ; \
-	fi
 	printf '\033[1mcollecting asset catalog information...\033[m\n' >&2
 	echo 'DROP TABLE IF EXISTS assets;'
 	echo 'CREATE TABLE assets (id INTEGER REFERENCES files, name TEXT);'

README.md

@@ -10,7 +10,7 @@ tools:
 [**acextract**](https://github.com/bartoszj/acextract)  
 Unpacks asset catalogs to individual files.
 
-[**dyld-shared-cache-util**](https://github.com/antons/dyld-shared-cache-big-sur)  
+[**dyld-shared-cache-extractor**](https://github.com/keith/dyld-shared-cache-extractor)  
 Extracts dynamic libraries from the dyld linker cache.
 
 [**snapUtil**](https://github.com/ahl/apfs)  

flake.lock

@@ -50,11 +50,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1719468428,
-        "narHash": "sha256-vN5xJAZ4UGREEglh3lfbbkIj+MPEYMuqewMn4atZFaQ=",
+        "lastModified": 1734988233,
+        "narHash": "sha256-Ucfnxq1rF/GjNP3kTL+uTfgdoE9a3fxDftSfeLIS8mA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1e3deb3d8a86a870d925760db1a5adecc64d329d",
+        "rev": "de1864217bfa9b5845f465e771e0ecb48b30e02d",
         "type": "github"
       },
       "original": {

flake.nix

@@ -20,13 +20,7 @@
 	};
 	outputs = { self, nixpkgs, acextract, command-line, dsc-extractor, snap-util }: {
 		packages.x86_64-darwin = let
-			xcode = (nixpkgs.legacyPackages.x86_64-darwin.xcodeenv.composeXcodeWrapper {
-				version = "16.0";
-			}).overrideAttrs (attrs: { buildCommand = ''
-				# see https://github.com/NixOS/nixpkgs/pull/322641
-				set +o pipefail
-			'' + attrs.buildCommand; });
-
+			xcode = nixpkgs.legacyPackages.x86_64-darwin.xcodeenv.composeXcodeWrapper {};
 		in {
 
 			acextract =
@@ -104,7 +98,10 @@
 					name = "snap-util-${lib.substring 0 8 self.inputs.snap-util.lastModifiedDate}";
 					src = snap-util;
 					nativeBuildInputs = [ xcode ];
-					preBuild = "NIX_CFLAGS_COMPILE='-idirafter ${snapshot-header}/bsd'";
+					preBuild = ''
+						unset DEVELOPER_DIR SDKROOT
+						NIX_CFLAGS_COMPILE='-idirafter ${snapshot-header}/bsd'
+					'';
 					installPhase = ''
 						mkdir -p $out/bin
 						cp snapUtil $out/bin/.snapUtil-wrapped

internals.tsv

@@ -5,6 +5,7 @@ AA	Apple Archive, see also Apple Encrypted Archive; command line tools: aa, aea,
 AAC	Automatic Assessment Configuration; AutomaticAssessmentConfiguration.framework; puts device in a locked mode for exam-style test applications
 AAT	Apple Advanced Typography; font format and rendering engine
 Accounts	launchd service: com.apple.accountsd; /System/Library/Accounts
+ACDC	Apple Chips in Data Centers; see PCC
 ACDE	Apple Connect Device External? ACDEClient.framework, old two-step verification, derived from a company-internal AppleConnect system?
 ACFS	Apple Clustered File System; deprecated file system for Xsan; acfs.framework
 Acoustic ID	song recognition and matching with Apple catalog, playback on HomePod; /System/Library/Components/AudioDSP.component
@@ -12,7 +13,7 @@ Activation	cryptographic check-in with iCloud to lock devices reported by the us
 Activity	jobs, coarse-grained work units of applications; tracked by the system across XPC, bears a QoS class for scheduling; low-level mechanism not to be confused with User Activity
 AE	Apple Events; messaging system to invoke application functionality; CoreServices.framework/AE.framework; launchd services: com.apple.coreservices.appleevents, com.apple.AEServer (AE over network)
 Aegir	astronomy watch face and lock screen; /System/Library/CoreServices/AegirProxyApp.app
-AFM	Apple Foundation Model; pre-trained transformer and diffusion models for Greymatter, optimized for on-device use by quantization (with accuracy-recovery adapters) and palletization
+AFM	Apple Foundation Model; pre-trained transformer and diffusion models for Greymatter, optimized for on-device use by quantization (with accuracy-recovery adapters) and palletization; command line tool: modelcatalogdump
 AGC	Apple Graphics Control, management of multiple displays and display port connections; launchd service: com.apple.displaypolicyd
 AHAP	Apple Haptic Audio Pattern; file format for simultaneous audio and haptic data; CoreHaptics.framework
 AIR	Apple Intermediate Representation; synthetic bytecode architecture target for GPU binary toolchain
@@ -69,6 +70,7 @@ Cache Delete	cleanup for various caches; /System/Library/CacheDelete; launchd se
 CAML	Core Animation Markup Language; XML file format for layers, shapes and animations
 Carousel	derivative of SpringBoard for Watch home screen, watch face, and notification center
 CBOR	Concise Binary Object Representation; JSON-inspired compact binary data serialization; CBORLibrary.framework
+CDHash	Code Directory Hash; a hash of hashes over the parts of a code bundle; command line tool: codesign
 CDM	Continuous Dialog Manager; natural dialog with Siri, MARRS for multi-modality; ContinuousDialogManagerService.framework
 CEC	Consumer Electronics Control; remote control for HDMI-connected devices; CoreRC.framework, IOCEC.framework
 Celestial	media streaming used by ReplayKit for in-app screen broadcasts; Celestial.framework; launchd service: com.apple.replayd
@@ -77,6 +79,7 @@ Chamois	Stage Manager
 CHIP	Connected Home over IP; Matter; integrated into HomeKit, can use Thread as transport layer; HomeKitMatter.framework, CoreThread.framework; launchd services: com.apple.threadradiod, com.apple.ThreadCommissionerService
 Circle	cryptographic primitive to exchange public keys of trusted devices of a user, signed by Circle peers; iCloud identity added as additional Circle peer, private key synced across all trusted devices, new devices can pull this key from Secure Backup to join the Circle; per-device Circles stored in CKKS for two-factor accounts (Octagon); KeychainCircle.framework; command line tools: otctl (Octagon)
 CKKS	CloudKit Key Sync, end-to-end secure syncing for credentials, seeded by Circle; currently includes ApplePay, AutoUnlock, CreditCards, DevicePairing, Engram, Health, Home, Manatee, SOS, WiFi and other keys; launchd service: com.apple.secd; command line tool: ckksctl
+CL4	Apple’s variant of the L4 microkernel, derived from Pistachio and Wombat/Darbat
 Clarity	customizable accessibility mode for simplified UI; ClarityFoundation.framework
 Classroom	school teachers can create assignments for student iPads and track progress in Schoolwork app; ClassKit.framework; launchd service: com.apple.studentd
 Cloud Pairing	part of Alloy, Bluetooth out-of-band pairing over iCloud for Continuity; launchd service: com.apple.BTServer.cloudpairing (cloudpaird)
@@ -132,22 +135,22 @@ Family Circle	Family Sharing; launchd services: com.apple.familycircled, com.app
 FDE	Full Disk Encryption, FileVault; command line tool: fdesetup, sysadminctl
 FDR	Factory Data/Device Reset? ensures that no downgrades are performed? servers: skl.apple.com, gg.apple.com; /System/Library/FDR
 Feldspar	Apple News; Silex.framework
-FiDES	Fi? Distributed Evaluation Service? aggregates Differential Privacy data for unlinkability? used for emoji, Suggestions, Dictation; /System/Library/DistributedEvaluation; DistributedEvaluation.framework, FedStats.framework (private federated learning?); server: fides-pol.apple.com
+FiDES	Fi? Distributed Evaluation Service? aggregates Differential Privacy data for unlinkability? used for emoji, Suggestions, Dictation; /System/Library/DistributedEvaluation; DistributedEvaluation.framework, FedStats.framework (private federated learning?)
 File Provider	infrastructure and extension system for syncing with cloud providers; placeholder files based on SF_DATALESS attribute in APFS; FileProvider.framework; locally stored in ~/Library/CloudStorage; command line tool: fileproviderctl
 Find My	location sharing by explicitly querying devices remotely or collateral beacon detection using Search Party; FMCore.framework, FMF.framework; launchd service: com.apple.icloud.fmfd (find my friends)
 Firmlink	bi-directional non-symbolic link between the read-only system volume and the data volume, additional symlinks and mountpoints in the root directory are virtually allocated; /usr/share/firmlinks, /etc/synthetic.conf
 Focus	restriction modes for notification presentation; focus filters for in-app display restrictions, communicated by Intents; Focus.framework, DoNotDisturb.framework; local settings in ~/Library/DoNotDisturb
 FollowUp	user interaction for Secure Backup wrapping with device passcode, CoreFollowUp.framework; launchd service: com.apple.followupd
 FoundationDB	fundamental iCloud storage database, marketed as CloudKit, separated into containers; records, blobs, and large asset storage with MMCS, server-side continuous queries can trigger push notifications, user management by IDS, sharing between users by GroupKit; PCS keys used for hierarchical zone, record, and asset encryption; CloudKitDaemon.framework; launchd service: com.apple.cloudd; locally stored in ~/Library/Caches/CloudKit, ~/Library/Containers/*/Data/CloudKit; command line tool: cktool
-FPR	Fast Permission Restrictions; Apple CPU registers to downgrade (old APRRs do bitmasking) or remap (SPRRs since M1) actual permissions of memory pages (the CTRR region) per thread; used for JIT protection and by AMFI to freeze user code after checking
+FPR	Fast Permission Restrictions; Apple CPU registers to downgrade (old APRRs do bitmasking) or remap (SPRRs since M1) actual permissions of memory pages (the CTRR region) per thread
 FSKit	user space file system support; kernel stub file system is /System/Library/Extensions/lifs.kext; file systems are in /System/Library/ExtensionKit/Extensions/com.apple.fskit.*; launchd service: com.apple.filesystems.fskitd, com.apple.filesystems.doubleagentd (handling of Apple double files in user space); extension point: com.apple.fskit.fsmodule
 FUD	Firmware Update Daemon; see TSS, UARP; launchd service: com.apple.accessoryupdaterd
 Game Mode	auto-activates when games are shown full screen, throttles background work, lowers audio and input latency; launchd service: com.apple.gamepolicyd
 GID	group ID key, shared across all devices of the same SoC generation, derived keys are used to prove device type over the network, only accessible by SEP
 Gizmo	Apple Watch; watch settings managed by Companion iPhone; /Applications/Bridge.app, /System/Library/BridgeManifests
-Greymatter	Apple Intelligence; on-device language and diffusion models, larger server-based models in PCC; AFM refined for specific tasks (queries, summarization, categorization) by adapters (parameter for inserted network modules); grounded with context from Biome and intelligence stores; ~/Library/IntelligencePlatform; launchd service: com.apple.modelmanagerd (model residency management); /System/Library/ModelManager/Policy.plist; command line tool: csfdiagnose (cloud subscription features)
+Greymatter	Apple Intelligence; on-device language and diffusion models, larger server-based models in PCC; AFM refined for specific tasks (queries, summarization, categorization) by adapters (parameter for inserted network modules); grounded with context from Biome and intelligence stores; ~/Library/IntelligencePlatform; launchd service: com.apple.modelmanagerd (model residency management); /System/Library/ModelManager/Policy.plist; /Applications/Tamale.app (Camera Control integration); command line tool: csfdiagnose (cloud subscription features), modelmanagerdump
 Group Activities	SharePlay; sharing of media content and programmatic state over FaceTime calls; GroupActivities.framework, CopresenceCore.framework; launchd service: com.apple.telephonyutilities.callservicesd
-GroupKit	groups of IDS users with shared CloudKit (PCS) access; GroupKit.framework; launchd service: com.apple.groupkitd
+GroupKit	groups of IDS users with shared CloudKit (PCS) access; GroupKitCrypto.framework
 GSS	Generic Security Service; part of Kerberos; GSS.framework; launchd service: com.apple.gssd (invoked by kernel through host special port 19); command line tool: gsstool
 GXF	Guarded Execution Feature/Fault, additional exception levels on Apple Silicon, lateral to the usual exception levels; page tables remain the same, but interpretation of permission bits changes by way of FPR, genter and gexit instructions; implements lightweight intra-address-space protection contexts
 HAP	Home Automation Protocol; CoreHAP.framework
@@ -282,7 +285,7 @@ Replicator	notification sync from Companion iPhone, also drives remotely display
 Revisions	document autosave and auto-versioning; stored in .DocumentRevisions-V100; GenerationalStorage.framework; launchd service: com.apple.revisiond
 Routine	frequently visited locations on iOS, interacts with Duet; launchd service: com.apple.routined
 RTC	Real-time Telemetry and Crash reporting; RTCReporting.framework; launchd service: com.apple.rtcreportingd
-RTKit	operating system used on Apple Silicon for firmware of co-processors
+RTKit	real-time runtime used for firmware of Apple Silicon co-processors; on top of CL4 in Apple’s cellular modem
 RunningBoard	runtime management of apps, paradigm: app as service process invoked by system, check-in by frameworks, handles process assertions (frontmost app, see App Nap), memory pressure (see Jetsam) and compute resources (GPU), replacement for TAL?; launchd service: com.apple.runningboardd; /System/Library/LifecyclePolicy, /System/Library/RunningBoard
 Safety Monitor	Check In; short-term location sharing in iMessage until a destination is reached; /Applications/SafetyMonitorApp.app
 SBPL	Sandbox Profile Language; a TinyScheme-based embedded DSL for Seatbelt profiles
@@ -293,7 +296,7 @@ SDB	SQL Database; CoreSDB.framework, used by iCloud communication
 Search Party	portion of Find My service for offline devices; devices emit public part of rotating key pair via Bluetooth LE, other devices encrypt current location with this key and send to Apple, private key shared over CloudKit
 Seatbelt	process sandbox by filtering system calls; profiles written in SBPL; /System/Library/Sandbox/Profiles, /usr/share/sandbox; default file access policy asks for TCC confirmation before access to folders with user data (like Documents) is allowed; command line tool: sandbox-exec; launchd service: com.apple.sandboxd (invoked by kernel through host special port 14 for logging)
 Secure Backup	escrow part of CKKS; escrow key individually wrapped with passcodes of trusted devices, stored in HSM to prevent brute forcing, uses SRP so passcodes are not visible to iCloud, limited number of recovery attempts; protocol called Lakitu, uses FollowUp; launchd service: com.apple.SecureBackupDaemon (com.apple.sbd); CloudServices.framework
-SEP	Secure Enclave Processor; dedicated ARM core for security services, runs L4/Darbat-based sepOS, inline encryption to DRAM, manages AES keys in storage DMA engine, factory-paired channels to Touch ID/Face ID hardware, Secure Element, Neural Engine; SEP can use but not read UID and GID keys; credential verification performed by hardware lockbox with retry count enforcement
+SEP	Secure Enclave Processor; dedicated ARM core for security services, runs CL4-based sepOS, inline encryption to DRAM, manages AES keys in storage DMA engine, factory-paired channels to Touch ID/Face ID hardware, Secure Element, Neural Engine; SEP can use but not read UID and GID keys; credential verification performed by hardware lockbox with retry count enforcement
 Sequoia	translation; downloadable language models can run on-device; /Applications/SequoiaTranslator.app, Translation.framework
 Seymour	Apple Fitness+; workout videos integrated with Watch sensors; SeymourCore.framework, Blackbeard.framework (personalisation and workout programs)
 SF Symbols	scalable UI symbols; rendered with various color treatments; SFSymbols.framework
@@ -319,11 +322,11 @@ SOS	Secure Object Sync; syncing backend for iCloud Keychain, not to be confused
 SPI	System Private Interface; /System/Library/PrivateFrameworks
 SpringBoard	iOS home screen; like Dock (Launchpad, Mission Control, desktop picture), Control Center, SystemUIServer (menu extras icons), loginwindow (lock screen), and WindowServer (compositor) on macOS; /System/Library/CoreServices/SpringBoard.app, /Applications/PreBoard.app, BaseBoard.framework, FrontBoard.framework, SplashBoard.framework; launchd service: com.apple.backboardd (compositor)
 SPRR	Shadow Permission Remap Register? feature of Apple Silicon to dynamically reintepret page permissions
-SPTM	Secure Page Table Monitor; code with higher-than-kernel privileges (Trustzone Monitor?) protects page table modifications; deprivileged Trusted Execution Monitor (TXM) implements policy; successor to FPR/SPRR?
+SPTM	Secure Page Table Monitor; code in kernel-level GXF protects page table modifications; Trusted Execution Monitor (TXM) in user-level GXF implements policy and parts of AMFI
 SRP	Secure Remote Password; standard cryptographic protocol for proving knowledge of a secret such that attackers cannot brute-force the secret; AppleSRP.framework
 SSO	Single Sign-On
 SSV	Signed System Volume, als called Authenticated Root Volume (ARV); macOS boots from blessed read-only APFS snapshot, merkle-tree and root-hash stored in Preboot volume; modifications require disabling root authentication with csrutil from recovery, then the live filesystem can be mounted, modified, and re-blessed; command line tools: apfs_systemsnapshot, bless, csrutil
-Stark	CarPlay; iPhone provides video feeds for in-car displays; three layers composited by the car: remote UI (from iPhone), punch-through UI (back up camera), local UI (dashboard gauges: assets from iPhone, rendered by car, like Live Activities?), overlay UI (essential indicators); associate apps on iOS: /Applications/AutoSettings.app, /Applications/CarCamera.app, /Applications/Charge.app, /Applications/Climate.app, /Applications/Closures.app, /Applications/Media.app, /Applications/TirePressure.app, /Applications/Trip.app
+Stark	CarPlay; iPhone provides video feeds for in-car displays; three layers composited by the car: remote UI (from iPhone), punch-through UI (back up camera), local UI (dashboard gauges: assets from iPhone, rendered by car, like Live Activities?), overlay UI (essential indicators); associate apps on iOS: /Applications/CarCamera.app, /Applications/Charge.app, /Applications/Climate.app, /Applications/Closures.app, /Applications/Media.app, /Applications/TirePressure.app, /Applications/Trip.app, /Applications/Vehicle.app
 Stockholm	Secure Element in Apple SoCs, a processor running crypto protocols on keys it protects; used for Apple Pay and Car Key; related codenames: Icefall, Warsaw
 Storage Management	freeing up disk space by managing bulky items; UI in System Information.app; StorageManagement.framework; launchd service: com.apple.diskspaced; extension point: com.apple.storagemanagement; extends Cache Delete service
 Suggestions	semantic analysis of mails and websites to suggest contacts, calendar events and the like; launchd services: com.apple.suggestd, com.apple.reversetemplated; custom JavaScript parsers in /System/Library/AssetsV2/com_apple_MobileAsset_CoreSuggestions
@@ -361,6 +364,7 @@ Viceroy	video conferencing used by FaceTime and ReplayKit; ViceroyTrace.framewor
 Virtualisation	running virtual machines on macOS; Hypervisor.framework (for basic VMs and vCPUs), Virtualization.framework (brings a robust set of device models)
 VSDB	volume status database; /var/db/volinfo.database; command line tool: vsdbutil
 Waldo	selects edge servers based on approximate location, part of Private Relay, seen in NSP
+Wally	private search in server-side database using homomorphic encryption; private information retrieval (PIR), private nearest neighbor search (PNNS); used for Caller ID, email logos, adult website filtering, points-of-interest lookup for photos
 WFS	WebDAV File Sharing; built-in file sharing with Apache; /etc/wfs; command line tool: wfsctl
 Widgets	content excerpt from apps; provided via a timeline of view hierarchies, configuration uses Intents; visible on home screen, lock screen, as live activities, as watch complications; WidgetKit.framework, ChronoServices.framework; extension point: com.apple.widgetkit-extension; launchd service: com.apple.chronod (timeline management and sync)
 Willow	HomeKit; end-to-end-encrypted communication protocol and API for IoT-accessories; pairing with SRP using code printed on device, credential sync by CKKS, transported over Alloy, remote access using Apple TV as proxy; launchd service: com.apple.homed