Dice Question Streamline Icon: https://streamlinehq.com

SPTM map_page SPRR index validation rules

Develop a complete mapping of Shadow Permission Remapping Register (SPRR) indices for the relevant Apple SoCs and derive the rules enforced by SPTM’s map_page for validating SPRR indices, including constraints on allowed indices based on the SPTM frame type of the destination table and the consequences for access and execute permissions.

Information Square Streamline Icon: https://streamlinehq.com

Background

The authors find that map_page performs additional validations involving SPRR indices tied to table types but cannot fully explain these due to lack of an up-to-date SPRR index mapping.

Establishing these rules is pivotal to understanding the enforcement of permission semantics on page mappings beyond simple type-based checks.

References

We cannot provide a conclusive understanding of these mechanisms at this time, as we would require a current and up-to-date mapping of SPRR indices for this.

Modern iOS Security Features -- A Deep Dive into SPTM, TXM, and Exclaves (2510.09272 - Steffin et al., 10 Oct 2025) in Section “SPTM Page Mapping — sptm_map_page Security Mechanisms”, subsection “Further Validations”