Hi, I had a few questions about the context switch code in seL4 for aarch64. I spent a couple of days trying to make sense of it, so I thought it would be better to ask as I might be missing something that is not obvious. It looks like kernel_enter in traps.S [1] saves the user process's register immediately after an exception. And restore_user_context() in c_traps.c [2] is restoring them. Looks like the regs are stored in the TCB in the "tcbContext.registers" array. The restore code makes sense to me. It puts the ptr value of "(NODE_STATE(ksCurThread)->tcbArch.tcbContext.registers" in to the sp and starts loading the regs from there. However, the code in kernel_enter is a bit unclear to me. 1. What is the value of sp when executing the kernel_enter macro? Is that the SP_EL1, or somewhere else the sp was set to the address of the faulting thread's "tcbContext.registers". On reading the arm32's arm_swi_syscall [3] function, it looks like it is the latter, but I am unsure how that is being accomplished. It might be more to do with aarch64 than seL4. 2 Furthermore, when not specified, does sp mean SP_EL1 in EL1 and SP_EL0 in EL0, Or does lower case "sp" have a special meaning? I know that seL4 is configured to use SP_ELx at ELx based on value of SPEL in [4] 3 Lastly, what is lsp_i trying to do? Are we switching the value of sp from something else to the real kernel stack by storing the kernel's stack address in tpidr_el1? Thanks a lot, as always! Sid [1] https://github.com/seL4/seL4/blob/master/src/arch/arm/64/traps.S#L72 [2] https://github.com/seL4/seL4/blob/master/src/arch/arm/64/c_traps.c#L29 [3] https://github.com/seL4/seL4/blob/master/src/arch/arm/32/traps.S#L51 [4] https://github.com/seL4/seL4/blob/master/src/arch/arm/64/head.S#L78