This EC note describes the acquisition of new capabilities. While it is correct I want to describe things a bit differently.

Even when you “create something yourself”, the capability comes to you in some message, typically as returned by the creator, factory or whatever mechanism there is for real creation. Of course this regress cannot go on forever. Where do capabilities really arise?

At the kernel abstraction level in Keykos, the kernel ultimately generates the keys. The above pattern is followed even at this ultimate level. The page key, for instance, comes from invoking the range key which is a kernel object. The range key can generates the real key because it runs in privileged mode.

The range key is probably held by the space bank which seems to most to be the real origin of page keys.