apple-data 1.0.607 → 1.0.610

data/share/terms.yaml

@@ -1,218 +1,314 @@
 ---
-terms:
-  ace:
+metadata:
+  description:
+  credits:
+  collections:
+  - term_list
+term_list:
+  1TR:
+  - title: 1 True Recovery / 1 Touch Recovery
+    description: Alternate boot mode provided on Apple Silicon based Mac computers
+      to enter high integrity and privileged changes such as to boot policy / ASMB
+    see:
+    - ASMB
+  4CC:
+  - title: 4 Character Code
+  aarch64:
+  - title: 64bit ARM v8+ Architecture
+  aarch64e:
+  - title: 64bit ARM v8.3+ Architecture with Pointer Authentication
+  ACC:
+  - title: Apple Core Cluster
+  ACE:
   - title: USB-C Port Controller
-  aht:
+  AES:
+  - title: Advanced Encryption Standard
+  AGX:
+  - title: Apple Graphics
+  AHT:
   - title: Apple Hardware Test
-  ane:
-  - title: Apple Neural Engine
-  anps:
-  - title: Apple Push Notification Service
-    description:
-  aop:
-  - title: Always-On Processor
   AID:
   - title: Apple ID
   AltDSID:
-  DvF:
-  nbAc:
-  - title: Nearby Action
-  nbIF:
-  - title: Nearby Interface Type
-  DsFl:
+  AMCC:
+  - title: Apple Memory Cache Controller
   AMfD:
-  nbAf:
-  DSID:
-  MRI:
-  MRtI:
-  IDS:
-  - title: Identity Services
-  RSSI:
-  - title: Receive Signal Stength Indicator
-  XPC:
-  RemoteXPC:
-  eOS:
-  - title: embeddedOS (Touch Bar OS for T1)
-  bridgeOS:
-  - title: bridgeOS (Touch Bar / Security OS for T2)
+  AMFI:
+  - title: Apple Mobile Firmware Integrity
+  amfm:
+  ANE:
+  - title: Apple Neural Engine
+  anpi:
+  - title:
+  ANS:
+  - title: Apple NAND Storage
+  AOP:
+  - title: Always-On Processor
+  AoT:
+  - title: Ahead-of Time Compilation
   AP:
   - title: Application Processor
-  aps:
+  - title: Access Point (WiFi)
+  APFS:
+  - title: Apple File System
+  APNonce:
+  - title: Application Processor Boot Nonce
+  APNS:
+  - title: Apple Push Notification Service
+    description:
+  AppKit:
+  APRR:
+  - title: Access Permission Remapping Registers
+  APS:
+  - title: Apple Push Service
     see:
-    - apns
+    - APNS
   APTicket:
-  Md:
-  - title: Model
-  Nm:
-  - title: User Assigned Name
-  mach:
-  tfp0:
-  gcd:
-    - title: Grand Central Dispatch
-  xnu:
-  seatbelt:
-    see:
-      - sandbox
-  dfu:
-    - title: Device Firmware Update
-  recovery:
-  restore:
-  mdm:
-    - title: Mobile Device Management
-  dep:
-    - title: Device Enrollment Program
-  se:
-    - title: Secure Element
-  register:
-    - title: Processor Register
-  msr:
-    - title: Model/Machine Specific Register
-      see:
-        - register
-  ecore:
-    - title: Efficienty Core
-  pcore:
-    - title: Performance Core
-  x86:
-  x86_64:
-  x86_64h:
-  arm:
+  ARM:
+  - title: Advanced RISC Machines
+  - title: ARM Architecture Reference Manual
   armv7:
-  aarch64:
-  aarch64e:
-  sp:
-    - title: Stack Pointer
-  fp:
-    - title: Frame Pointer
-  baseband:
-  bluetooth:
-  wlan:
-  bridge:
-  bridgeOS:
-  eOS:
-  OHCI:
-  EHCI:
-  VHCI:
-  XPC:
-  RemoteXPC:
-  "Mach Port":
+  ASID:
+  - title: Address Space ID
+  ASMB:
+  - title: Apple Secure Multi-Boot
+  ASN:
+  - title: Abstract Syntax Notation v1 (asn1)
     see:
-      - mach_port
-  mach_port:
-  bundle:
-  AppKit:
-  UIKit:
-  entitlement:
-  cs:
-    - title: Code Signing
-  ioreg:
-  macho:
-  dylib:
-  dsc:
-  syscall:
-  plist:
-  asn:
+    - asn1
   asn1:
-  der:
-  pdu:
-  quarantine:
-  dyld:
-  executable:
-  service:
-  launchd:
-  Framework:
-  defaults:
-  iv:
-    - title: Initialization Vector (Encryption)
-  key:
-    - title: Encryption Key
-  pem:
-  efi:
-  nub:
-  aes:
-    - title: Advanced Encryption Standard
-  pki:
-    - title: Public Key Infrastructure
-  ecc:
-    - title: Elliptic Curve Cryptograph
-    - title: Error Checking and Correction
-  hid:
-    - title: Human Interface Device
-  uart:
-  amfm:
-  i2c:
-    - title: Inter Integrated Circuit
-  spmi:
-  smmu:
-  mmu:
-  pa:
-    - title: Physical Address
-  tc:
+  AuxKC:
+  AVD:
+  - title: Apple Virtual Device
+  AVP:
+  - title: Apple Virtual Platform
+  AWDL:
+  - title: Apple Wireless Direct Link
+  BAA:
+  - title: Basic Attestation Authority (BAA)
+  baseband:
+  - title:
     see:
-      - TrustCache
-  iboot:
-  reg:
+    - msm
+  BDA:
+  BER:
+  - title: Basic Encoding Rules
+  bluetooth:
+  BNCH:
+  - title: Boot Nonce Cryptographic Hash
+    description: |
+      For root domain tickets (those directly for hardware) this is the APNonce. MacOS shadows this value by
+      entangling this for particular scopes, and the shadow is enforced by KTRR / Secure Monitor.  This allows
+      multiple kernels and boot modes on a system to have distinct APTicket/APNonce pairings.
+      The value is backed by special NVRAM values for `com.apple.System.boot-nonce`
     see:
-      - register
-  ean:
-  ans:
-    - title: Apple NAND Storage
-  soc:
-    - title: System-on-a-Chip
-  fpga:
-  AuxKC:
+    - APTicket
+    - APNonce
   BootKC:
-  sio:
-    - title: SmartIO (iPad keyboard covers)
-  tss:
-    - title: Tatsu Signing Server
-  kc:
+  BootPolicy:
+  bridge:
+  bridgeOS:
+  BRK:
+  - title: Breakpoint
+  bundle:
+  CC:
+  - title: CoreCrypto
+  CL4:
+  - title:
     see:
-      - kernelcache
-  rsep:
-    - title: Restore SEP Firmware Image
-  keynag:
-  asmb:
-  - title: Apple Secure Multi Boot
-  awdl:
-  csr:
+    - L4
+  Container:
+  - see: VolumeContainer
+  - see: SandboxContainer
+  core:
+  - title: Processor Core
+    description: A distinct processing element (has own state) in a multi-core system.
+  - title: Core Memory Dump
+  CPSR:
+  CRAM:
+  - title: Cache-as-RAM
+  CRNG:
+  - title: Cryptographic Random Number Generator
+  cs:
+  - title: Code Signing
+  CS:
+  - title: Code Signing
+  CSPRNG:
+  - title: Cryptographically Secure Pseudorandom Number Generator
+  CSR:
+  - title: Constrained System Rights (Rootless)
     see:
     - sip
-  ctrr:
-  dart:
+  CTRR:
+  DART:
   - title: Device Address Resolution Table
-  dext:
+  DCC:
+  - title: Debug Communications Channel
+  defaults:
+  DEP:
+  - title: Data Execute Prevention
+    see:
+    - XN
+  - title: Device Enrollment Program
+  DER:
+  - title: Distinguished Encoding Rules
+  dExt:
+  dfu:
+  - title: Device Firmware Update
   dmg:
   - title: Disk Image
-  dt:
+  DRAM:
+  DRBG:
+  - title: Deterministic Random Bit Generator
+  DSC:
+  - title: Dylib Shared Cache
+  DsFl:
+  DSID:
+  - title: Directory Services Identity
+  DT:
   - title: Device Tree
+  DvF:
+  dyld:
+  DyLib:
+  EAN:
+  - title: Emulated Apple NOR
+  ECC:
+  - title: Elliptic Curve Cryptography
+  - title: Error Checking and Correction
+  eCore:
+  - title: Efficiency Core
+  EFI:
+  - title: Extensible Firmware Interface
+  EHCI:
+  - title: Enhanced Host Controller Interface (USB)
+  EL0:
+  - title: Exception Level 0 - User Mode
+  EL1:
+  - title: Exception Level 1 - Kernel Mode
+  EL2:
+  - title: Exception Level 2 - Hypervisor
+  EL3:
+  - title: Exception Level 3 - TrustZone
   en:
   - title: Ethernet Adapter (generic)
     description: Often `en` in the form `enX` where X is a number is used to identify
       a network adapter.
-  esim:
-  - title: Embedded Subscriber Identificaton Module
+  entitlement:
+  eOS:
+  - title: embeddedOS - T1 TouchBar OS
+  eSIM:
+  - title: Embedded Subscriber Identification Module
     see:
-    - sim
-  euicc:
+    - SIM
+  eUICC:
+  - title: Embedded Universal Integrated Circuit Card
     see:
-    - esim
+    - eSIM
+    - SIM
+    - UICC
+  Exclave:
+  - title: Microkernel Based Secure Applet System
+  executable:
   FindMy:
   - title: FindMy iPhone / Mac
     description: A set of technologies that both help find the location of a lost
       Apple device, as well as prevent theft from being able to reset the device for
       sale or use.
+  FIPS:
+  - title: Federal Information Processing Standard
+  FIQ:
   FireWire:
   - title: FireWire
-  fmm:
+  FMM:
+  - title: Find-My-Mac
     see:
     - FindMy
-  fw:
-    see:
+  FP:
+  - title: Frame Pointer
+  FPGA:
+  - title: Field Programmable Gate Array
+    description: 'Typically used for pre-final chip designs as they can be updated
+      with newer gates to correct silicon level defects before mass production.
+
+      '
+  Framework:
+  FW:
+  - see:
     - FireWire
+  - see:
     - firmware
+  GCD:
+  - title: Grand Central Dispatch
+    description: 'Framework and supporting kernel scheduler for multi-core computation
+      in XNU. Work is divided into tasks/blocks/closures which are then scheduled
+      for a particular queue.
+
+      '
+  GENTER:
+  GEXIT:
+  gif:
+  GL0:
+  - title: Guarded Level 0
+  GL1:
+  - title: Guarded Level 1
+  GL2:
+  - title: Guarded Level 2
+    see:
+    - GXF
+  GXF:
+  - title: Guarded Execution Feature
+  HFS:
+  - title: Hierarchical File System (HFS/HFS+)
+    description:
+  HID:
+  - title: Human Interface Device
+  HV:
+  - title: HyperVisor (Play on Supervisor)
+    see:
+    - el2
+    - VHE
+  HVC:
+  - title: Hypervisor Call (el2)
+  I2C:
+  - title: Inter-Integrated Circuit
+    url: https://web.archive.org/web/20221006073143/http://www.nxp.com/docs/en/user-guide/UM10204.pdf
+  I3C:
+  - title: Improved Inter-Integrated Circuit
+    url: https://www.mipi.org/specifications/i3c-sensor-specification
+    see:
+    - I2C
+  iBoot:
+  IDS:
+  - title: Identity Services
+  IOP:
+  - title: Instant-On Processor
+  ioreg:
+  - title: IOKit registry
+    see:
+    - IOKIt
+  IORVBAR:
+  - title: Reset Vector Base Address Register accessible via MMIO
+  IPI:
+  - title: Inter-processor Interrupt
+  IRQ:
+  - title: Interrupt Request
   isp:
   - title: Image Signal Processor
+  ITR:
+  - title: Instruction Transfer Register
+  IV:
+  - title: Initialization Vector (Encryption)
+  JIT:
+  - title: Just-in Time Compilation
+  JTAG:
+  - tile: Joint Test Action Group (Used for Debug)
+  kalloc:
+  - title: Kernel Memory Allocator
+  KASLR:
+  - title: Kernel Address Space Layout Randomization
+  kc:
+  - see: kernelcache
+  - see: KextCollection
   kdp:
   - title: Kernel Debug Port / Protocol
     description: KDP is a general way in which XNU allows for the kernel itself to
@@ -222,62 +318,153 @@ terms:
       through Kernel Debug Kits.  These are components that help with two machine
       debugging, but nearly all kernels shipped by Apple can be debugged if the proper
       `boot-args` are passed on startup.
+  KEC:
+  - title: Kernel External Component
+  KEK:
+  - title: Key Exchange Key
   kernel:
-  baa:
-  - title: Basic Attestation Authority (BAA)
-  oik:
-    - title: Owner Identity Key (OIK)
-  uik:
-    - title: User Identity Key (UIK)
-  ucrt:
-    - title: User identity Certificate (ucrt)
-  oic:
-    - title: Owner Identity Certificate (OIC)
-  LLB:
-  LocalPolicy:
-  RemotePolicy:
-  1TR:
-  sik:
-  oid:
-  pka:
-  siK:
-    - title: System Identity Key
   kernelcache:
   - title: Kernel Cache
     description: A kernel cache is a combined object that contains the kernel itself
       as well as various kexts (Kernel Extensions).  Older macs would load the kernel
       itself, then load the various kexts from disk. The process of loading the kexts
-      and then binding the symbols was a process that slowed the starup of a mac.  Apple
+      and then binding the symbols was a process that slowed the startup of a mac.  Apple
       then started doing the combine of the kernel and the extensions into a BootCache
       that allowed the system to load one large monolithic binary.
+  KernelCollection:
+  - title: Kernel Collection
+    description: A Mach-O Object containing a series of KEXTs (Kernel Extensions)
+      to be loaded alongside the kernel itself.  Usually one of three types, the Boot,
+      the System and the Auxiliary.
   kext:
-  ktrr:
+  - title: Kernel Extension
+  key:
+  - title: Encryption Key
+  keybag:
+  - title: Wrapped Encryption Key Bag
+    description: An encryption key that is wrapped by the GID used in IMG4
+    see:
+    - key
+  KLD:
+  - title: Kernel Linker
+  KTRR:
   - title: Kernel Text Readonly Region
-  lpddr:
+  KTRW:
+  - title: Kernel Text Read/Write
+  L4:
+  - title: L4 Microkernel
+    description: L4 Microkernel (For Apple usually L4 Darbat) is a kernel designed
+      for high security or reliability workloads due to having been formally verified
+      for correctness.  This ensures that the kernel guarantees are mathematically
+      verified against defects.
+  launchd:
+  LDM:
+  - title: Lock Down Mode
+  LLB:
+  - title: Low-Level Boot
+  LLC:
+  LLDB:
+  - title: Low Level Debugger (LLVM compiler project)
+  LLW:
+  - title: Low Latency WiFi
+  lo:
+  lo0:
+  - title: Loopback Interface
+    see: lo
+  LocalPolicy:
+  - title: Local Policy
+    description: A method used in macOS (and recently A17 devices on iOS 17) to allow
+      for the AP to have a primary TSS signed APTicket, and the SEP to sign the local
+      boot policy which modifies the boot flow or security.
+  LP:
+  - see: LocalPolicy
+  LP-DDR:
   - title: Low-Power Double Data Rate RAM
-    description: LPDDR differs as it uses techniques to minimize the amount of power
+    description: LP-DDR differs as it uses techniques to minimize the amount of power
       needed to maintain the memory.  Most RAM requires that the RAM controller occasionally
       read each value, and write it again as the data is stored in capacitors that
       leak current over time.  Were the cells not refreshed, every 1 in memory would
       eventually leak enough current that it would become a zero.
     see:
-    - ddr
-  lr:
+    - DDR
+    - DRAM
+  LR:
   - title: Link Register (ARM)
     description: The LR is populated when a `bx` is called to inform a function of
       the address to return to.
-  nand:
+  LSB:
+  - title: Least Significant Byte/Bit
+  - title: Lower Side-Band
+  LZFSE:
+  mach:
+  mach_port:
+  macho:
+  MachPort:
+  - see: mach_port
+  Md:
+  - title: Model
+  mdm:
+  - title: Mobile Device Management
+  MDSCR:
+  - title: Monitor Debug System Control Register
+  MiLo:
+  MMIO:
+  MMU:
+  - title: Memory Management Unit
+  MRI:
+  MRtI:
+  MSB:
+  - title: Most Significant Byte/Bit
+  msm:
+  - title: Qualcomm Baseband (Models are MSM) Motorola SoC Modem?
+  MSR:
+  - title: Model/Machine Specific Register
+    see:
+    - register
+  NAND:
   - title: Not-AND Based Non-volatile Memory
     see:
     - nvme
+  nbAc:
+  - title: Nearby Action
+    context: nearbyd
+  nbAf:
+  nbIF:
+  - title: Nearby Interface Type
+    context: nearbyd
+  Nm:
+  - title: User Assigned Name
   nmi:
   - title: Non-maskable Interrupt
-  nor:
-  - title: Not-OR Based Non-volatile Memory
+  NOR:
+  - title: Not-OR Based Non-Volatile Memory
     see:
     - spi
+  NSID:
+  - title: Non-Secure Invasive Debug
+  - title: NVMe Namespace ID
+  NSNID:
+  - title: Non-Secure Non-Invasive Debug
+  nub:
   nvram:
   - title: Non-Volatile RAM
+  NVV3:
+  - title: NVRAM Version 3
+  OAH:
+  - title: Other Architecture Handler (Rosetta2)
+  OHCI:
+  - title: Open Host Controller Interface (USB)
+  oic:
+  - title: Owner Identity Certificate (OIC)
+  oid:
+  - title: Object ID (ASN1)
+    description: OIDs are namespaced, hierarchical identities
+  oik:
+  - title: Owner Identity Key (OIK)
+  OOB:
+  - title: Out-of-Band
+  OSLAR:
+  - title:
   ota:
   - title: Over-the-Air Update - Incremental Update (Somewhat arcane)
     description: In the earliest days of the iPhone, users had to connect the device
@@ -291,39 +478,137 @@ terms:
       of 'full OTAs' which are a delta update in OTA format, but includes the entire
       set of data to restore devices.  These are typically employed for devices that
       lack the port needed for DFU/iBoot/IPSW based recovery.
-  otg:
+  OTA:
+  - title: Over-the-Air Update
+  OTG:
   - title: USB On-the-go
     description: USB-OTG is a way to describe a device that is typically a peripheral
       acting instead as a USB host.  The technology evolved as phones became not just
       devices you could attach to a computer such as to sync with iTunes, but hosts
       in their own right such as to access a flash drive.
+  PA:
+  - title: Physical Address
+    see:
+    - MMU
+    - DART
+  PAC:
+  - title: Pointer Authentication Code
   panic:
   - title: Kernel / Device Panic
     description:
-  pc:
+  PC:
   - title: Program Counter (ARM/Intel)
     description: The PC or Program Counter is the address (typically virtual address)
       which the processor is currently executing.  When a subroutine is called, the
       PC is the address passed to LR so that the called function knows where to return
       to.
-  pio:
+  PCIe:
+  pCore:
+  - title: Performance Core
+    see:
+    - core
+  PDU:
+  - title: Protocol Data Unit
+  PEM:
+  - title: Privacy Enhanced Mail (Method for encoding ASN1)
+  PhysicalStore:
+  - title: APFS Physical Store
+    description: A partition in a GPT partition table that provides storage to the
+      APFS Container.  Almost always synonymous with a container now, but in the past
+      was used when a container had storage both on SSD and HDD disks (see CoreStorage)
+    see:
+    - APFS
+    - CoreStorage
+    - VolumeContainer
+    - VolumeGroup
+  PIO:
   - title: Programmed IO
-  pmgr:
+  PKA:
+  - title: Public Key Accelerator
+  PKI:
+  - title: Public Key Infrastructure
+  plist:
+  - title: Property List
+  PMAP:
+  - title: Page Map
+  PMGR:
   - title: Power Manager
-  pmp:
+  PMP:
   - title: Power Management Processor
+  POC:
+  - title: Proof-of-Concept
+  - title: Point-of-Contact
+  PPC:
+  PPL:
+  - title: Page Protection Layer
   pram:
   - title: Parameter RAM
     see:
     - nvram
-  rtkit:
-  - title: RealtimeKit (Realtime OS)
-  sart:
+  PRNG:
+  - title: Pseudo-Random Number Generator
+  PSTATE:
+  - title: Process State
+  PXN:
+  - title: Privileged Execute Never
+    see:
+    - XN
+  quarantine:
+  RAM:
+  - title: Random Access Memory
+    see:
+    - DRAM
+    - CRAM
+    - SRAM
+  recovery:
+  reg:
+  - see: register
+  register:
+  - title: Processor Register
+  RemotePolicy:
+  RemoteXPC:
+  restore:
+  Rosetta:
+  rsep:
+  - title: Restore SEP Firmware Image
+  RSSI:
+  - title: Receive Signal Strength Indicator
+  RTKit:
+  - title: RealTimeKit (Realtime OS)
+  SART:
   - title: Secure Address Resolution Table
-  sep:
+  SE:
+  - title: Secure Element
+  seatbelt:
+  - see: sandbox
+  SecureROM:
+  seL4:
+  - title: Security Enhanced L4
+    see:
+    - L4
+  SEP:
   - title: Secure Enclave Processor
-  sim:
+    see:
+    - sepOS
+    - SEPROM
+  SEPNonce:
+  - title: Secure Enclave Processor Boot Nonce
+  sepOS:
+  - title: Secure Enclave Processor Operating System
+    see:
+    - SEPROM
+    - SEP
+    - L4
+  SEPROM:
+  service:
+  SID:
+  - title: Secure Invasive Debug
+  sik:
+  - title: System Identity Key
+  SIM:
   - title: Subscriber Identification Module
+  sio:
+  - title: SmartIO (iPad keyboard covers)
   SIP:
   - title: System Integrity Protection
     description: System Integrity Protection is a set of technologies employed by
@@ -331,9 +616,18 @@ terms:
       a system in such a way as to disable security features.  The feature is also
       known as `csr` due to it being managed by `csrutil` and stored in Intel macs
       in the nvram variable `csr-status`.
-  smc:
+    see:
+    - CSR
+  SMC:
   - title: System Management Controller
-  spi:
+  - title: Secure Monitor Call (el3)
+  SMMU:
+  - title: Secure Memory Management Unit
+  SoC:
+  - title: System-on-a-Chip
+  SP:
+  - title: Stack Pointer
+  SPI:
   - title: Serial Peripheral Interconnect
     description: SPI is a physical pin layer used to pass data between chips.  It's
       primary use is in SPI Flash, which is a simple, low level way to read and write
@@ -346,7 +640,40 @@ terms:
       models made use of a smaller (in the few megabytes range) NOR chip to load iBoot,
       and stored the user's data on a larger NAND flash chip. In newer devices the
       NOR/SPI flash is synthetic and provided by ANS2/3.
+  SPMI:
+  - title: System Power Management Interface
+    url: https://www.mipi.org/specifications/system-power-management-interface
+  SPRR:
+  - title: Secure Permission Remapping Registers
+  SPTM:
+  - title: Secure Page Table Monitor
+    see:
+    - TXM
+  SRAM:
+  - title: Static RAM
+    see:
+    - DRAM
+    - CRAM
+  SRD:
+  - title: Security Research Device
+  SRDP:
+  - title: Security Research Device Program
+    url: https://www.mipi.org/specifications/i3c-sensor-specification
+    see: SRD
+  SSID:
+  - title: Service Set Identity (WiFi)
+  stf:
+  - title: Six-to-Four Tunnel Interface
+  SVC:
+  - title: ARM Supervisor Call (el1)
+    see:
+    - kernel
+  syscall:
+  - title: User Mode to Kernel Mode Request
+    see:
+    - SVC
   SysCfg:
+  - title: System Config
     see:
     - SysConfig
   SysConfig:
@@ -356,32 +683,107 @@ terms:
       example is this is the location of the serial number.  This is because the device
       serial number cannot be burned in as it is the whole device, not any one component.  SysCfg
       is a series of key/value pairs and is documented in `syscfg.yaml`.
-  tbm:
+  SystemPolicy:
+  TaggedPointer:
+  TBM:
   - title: Trusted Boot Monitor
+  tc:
+  - title: TrustCache
+    see:
+    - TrustCache
   tcon:
   - title: Timing Controller (Displays)
     description: The TCON is used to control the refresh of a LED/OLED display, ensuring
       that each frame is shown for the right amount of time, and that new frames are
       updated all at once / not-torn.
-  tdm:
+  TCR:
+  - title: Translation Control Register
+  TDM:
   - title: Target Disk Mode
+  tfp0:
+  trpk:
+  - title: Trusted Public Keys
+    description: Occurs in `trst` objects
   trustcache:
   - title:
-  tz:
+  TSS:
+  - title: Tatsu Signing Server
+  TTBCR:
+  - title: Translation Table Base Control Register
+  TTBR:
+  - title: Translation Table Base Register
+  TXM:
+  - title: Trusted Execution Monitor
+  TZ:
   - title: ARM TrustZone
     see:
     - tz0
     - tz1
+  - title: Time Zone
   tz0:
   tz1:
-  uicc:
+  UART:
+  - title: Universal Asynchronous Receiver / Transmitter
+  ucrt:
+  - title: User identity Certificate (ucrt)
+  UICC:
+  - title: Universal Integrated Circuit Card
     see:
     - sim
-  usb-pd:
+  uik:
+  - title: User Identity Key (UIK)
+  UIKit:
+  USB-PD:
   - title: USB Power Delivery
-  vm:
+    see:
+    - PDU
+  UXN:
+  - title: Unprivileged Execute Never
+    see:
+    - XN
+  VA:
+  - title: Virtual Address
+    see:
+    - MMU
+  VG:
+  - see: VolumeGroup
+  VHCI:
+  - title: Virtual Host Controller Interface (USB)
+    description: The virtualized (as in no actual USB wires, but same protocol and
+      PDUs) used as an interconnect between the t8012 (T2) and the Intel processor.
+  VHE:
+  - title: Virtualization Host Extensions
+    see:
+    - https://developer.arm.com/documentation/102142/0100/
+  VM:
   - title: Virtual Memory
   - title: Virtual Machine
-metadata:
-  description:
-  credits: []
+    see:
+    - VMM
+    - HVC
+    - VHE
+  VMSA:
+  - title: Virtual Memory System Architecture
+  Volume:
+  - title: APFS Disk Volume
+    description:
+  VolumeContainer:
+  - title: APFS Volume Container
+    description: A logical collection of physical stores that are aggregated to create
+      a logical pool of storage to be used for volume groups and loose volumes.
+  VolumeGroup:
+  - title: APFS Volume Group
+    description: A volume group collects volumes of roles into a composite system.  Typically
+      used to connect a System volume to a Data volume.
+  wlan:
+  x86:
+  x86_64:
+  x86_64h:
+  xHCI:
+  - title: Extensible Host Controller Interface (USB 3.0)
+  XN:
+  - title: Execute Never (DEP)
+  XNU:
+  - title: XNUs not Unix (Darwin)
+  XPC:
+  - title: Cross Process Connection