Dice Question Streamline Icon: https://streamlinehq.com

Rationale for previous_type parameter in sptm_retype

Ascertain the necessity and design rationale for requiring the previous_type parameter in the XNU-to-SPTM sptm_retype interface, given that SPTM tracks frame types internally.

Information Square Streamline Icon: https://streamlinehq.com

Background

The sptm_retype function is called with four parameters: physical address, previous type, new type, and retype parameters. Because SPTM records frame types, it is unclear why the caller must supply the prior type.

Clarifying this would illuminate SPTM’s validation logic and potential concurrency safeguards.

References

As of now, we are uncertain why the current frame type must be provided by the caller.

Modern iOS Security Features -- A Deep Dive into SPTM, TXM, and Exclaves (2510.09272 - Steffin et al., 10 Oct 2025) in Section SPTM Frame Retyping — Calling from XNU