apple-data 1.0.601 → 1.0.602

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 743643db69e6ebb5aeffe4a7889c49924b76154a9f08eb3c4e79e3b2c8b721e3
-  data.tar.gz: 5375a2fa841a2304c181e84294adba5601c63d43afc0e96ec40546e584ae1c21
+  metadata.gz: dd760aa9e09e4a1a3262b1b7ba1a2142d79572876b78c969dd8f40542eee852b
+  data.tar.gz: 2ec56bb95e0d0097fad7234484ed395f196b5256e77cf852773e4e04aa5ac8e9
 SHA512:
-  metadata.gz: a17e3415a457336e496cc41c0c4b5c5697162b55ff5e9b10957ce9353b1809a52fdd0f217749e8d844fc452a2c8bde61c83f29dfd2d42bf0104aeb4ce86a9f18
-  data.tar.gz: 8174dafa632c4e430412d91dc3444ff5414837f778ef1d83c18906b9c3c5dd2c44d6a8a21aed278f4c03e316b159c81aacba27e425fc6aff0994f6585abc8150
+  metadata.gz: f51754e3f65ff1c507e6894dc872a0390601d0f1af783825546da153710c711b39c5685781196094364fcea8c1e0205d1b12b09dcf73ad9c85e1cbf14a578044
+  data.tar.gz: 7e36ea6e0a9bde9de0244fe2d4a6e647ce4e101bbec978b01b2ebb07fe30847415b53973937b31e144e039e1745e3b553e985af43bb74b354eaad9e072ed746d

data/lib/apple_data/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AppleData
-  VERSION = '1.0.601'
+  VERSION = '1.0.602'
 end

data/share/img4.yaml

@@ -43,13 +43,53 @@ img4_tags:
   aupr:
     description:
   auxi:
-    description: Auxiliary Kernel Cache Image4 Hash
+    title: Auxiliary Kernel Collection (AuxKC) Image4 Manifest Hash (`auxi`)
+    description: >
+      After the system verifies that the UAKL hash matches what’s found in the `auxp` field of the
+      LocalPolicy, it requests that the AuxKC be signed by the Secure Enclave processor application that’s
+      responsible for LocalPolicy signing. Next, an SHA384 hash of the AuxKC Image4 manifest signature is placed
+      into the LocalPolicy to avoid the potential for mixing and matching previously signed AuxKCs to an operating
+      system at boot time. If iBoot finds the auxi field in the LocalPolicy, it attempts to load the AuxKC from
+      storage and validate its signature. It also verifies that the hash of the Image4 manifest attached to the
+      AuxKC matches the value found in the auxi field. If the AuxKC fails to load for any reason, the system
+      continues to boot without this boot object and (so) without any third-party kexts loaded. The auxp field
+      is a prerequisite for setting the auxi field in the LocalPolicy. Users change the auxi value implicitly
+      when they change the UAKL by approving a kext from the Security & Privacy pane in System Preferences.
+    type: binary
+    subtype: sha2-384
+    access:
+      write:
+        - macOS
   auxk:
     description: Auxiliary Kernel Cache
   auxp:
-    description: User Authorized Kext List Hash
+    title: Auxiliary Kernel Collection (AuxKC) Policy Hash (auxp)
+    description: >
+      The `auxp` is an SHA384 hash of the user-authorized kext list (UAKL) policy. This is used at
+      AuxKC generation time to help ensure that only user-authorized kexts are included in the AuxKC. `smb2`
+      is a prerequisite for setting this field. Users change the `auxp` value implicitly when they change the
+      UAKL by approving a kext from the Security & Privacy pane in System Preferences.
+    type: binary
+    subtype: sha2-384
+    access:
+      write:
+        - macOS
   auxr:
-    description: AuxKC Kext Receipt Hash
+    title: Auxiliary Kernel Collection (AuxKC) Receipt Hash (auxr)
+    description: >
+      The `auxr` is an SHA384 hash of the AuxKC receipt, which indicates the exact set of kexts that
+      were included into the AuxKC. The AuxKC receipt can be a subset of the UAKL, because kexts can be excluded
+      from the AuxKC even if they’re user authorized if they’re known to be used for attacks. In addition,
+      some kexts that can be used to break the user-kernel boundary may lead to decreased functionality,
+      such as an inability to use Apple Pay or play 4K and HDR content. Users who want these capabilities
+      opt in to a more restrictive AuxKC inclusion. The auxp field is a prerequisite for setting the auxr
+      field in the LocalPolicy. Users change the auxr value implicitly when they build a new AuxKC from
+      the Security & Privacy pane in System Preferences.
+    type: binary
+    subtype: sha2-384
+    access:
+      write:
+        - macOS
   avef:
     description: AV Encryption (DRM) Firmware
   bat0:
@@ -105,7 +145,16 @@ img4_tags:
   cmsv:
     description:
   coih:
-    description:
+    title: CustomOS Image4 Manifest Hash (coih)
+    description: >
+      The `coih` is an SHA384 hash of CustomOS Image4 manifest. The payload for that manifest is used
+      by iBoot (instead of the XNU kernel) to transfer control. Users change the `coih` value implicitly when
+      they use the `kmutil` configure-boot command-line tool in 1TR.
+    type: binary
+    subtype: sha2-384
+    access:
+      write:
+        - 1TR
   CPRO:
     description: Chip promotion fuse value (what is burned in)
     alias:
@@ -161,6 +210,18 @@ img4_tags:
       - effective-production-status-ap
   esca:
     description:
+  hrlp:
+    title: Has Secure Enclave Signed recoveryOS Local Policy (hrlp)
+    description: >
+      The `hrlp` indicates whether or not the `prot` value is the measurement of a Secure Enclave–signed
+      recoveryOS LocalPolicy. If not, then the recoveryOS LocalPolicy is signed by the Apple online signing server,
+      which signs things such as macOS Image4 files.
+    type: boolean
+    access:
+      write:
+        - 1TR
+        - recoveryOS
+        - macOS
   esdm:
     description: Extended Security Domain fuses
     alias:
@@ -261,7 +322,18 @@ img4_tags:
   krnl:
     description: Kernel
   kuid:
-    description: KEK Group UUID
+    title: Key encryption key (KEK) Group UUID (kuid)
+    description: >
+      The kuid indicates the volume that was booted. The key encryption key has typically been used
+      for Data Protection. For each LocalPolicy, it’s used to protect the LocalPolicy signing key. The
+      kuid is set by the user implicitly when creating a new operating system install.
+    type: binary
+    subtype: sha2-384
+    access:
+      write:
+        - 1TR
+        - recoveryOS
+        - macOS
   lamo:
     description:
   lckr:
@@ -273,9 +345,17 @@ img4_tags:
   logo:
     description: Apple logo image
   love:
-    description: OS Version - dotted form. Last portion after the version and comma is a cryptex update?
+    title: Local Operating System Version (love)
+    description: >
+      The love indicates the OS version that the LocalPolicy is created for. The version is obtained from the
+      next state manifest during LocalPolicy creation and is used to enforce recoveryOS pairing restrictions.
     type: string
     example: "21.3.66.0.0,0"
+    access:
+      write:
+        - 1TR
+        - recoveryOS
+        - macOS
   prtp:
     description: Product ID String
     type: string
@@ -287,7 +367,26 @@ img4_tags:
   lphp:
     description:
   lpnh:
-    description: LocalPolicy nonce hash
+    title: LocalPolicy Nonce Hash (lpnh)
+    description: >
+      The lpnh is used for anti-replay of the LocalPolicy. This is an SHA384 hash of the LocalPolicy Nonce
+      (LPN), which is stored in the Secure Storage Component and accessible using the Secure Enclave Boot
+      ROM or Secure Enclave. The raw nonce is never visible to the Application Processor, only to the
+      sepOS. An attacker wanting to convince LLB that a previous LocalPolicy they had captured was valid
+      would need to place a value into the Secure Storage Component, which hashes to the same lpnh value
+      found in the LocalPolicy they want to replay. Normally there is a single LPN valid on the system—except
+      during software updates, when two are simultaneously valid—to allow for the possibility of falling back
+      to booting the old software in the event of an update error. When any LocalPolicy for any operating
+      system is changed, all policies are re-signed with the new lpnh value corresponding to the new LPN
+      found in the Secure Storage Component. This change happens when the user changes security settings
+      or creates new operating systems with a new LocalPolicy for each.
+    type: binary
+    subtype: sha2-384
+    access:
+      write:
+        - 1TR
+        - recoveryOS
+        - macOS
   lpol:
     description: Local Policy
   ltrs:
@@ -359,7 +458,20 @@ img4_tags:
   pndp:
     description:
   prot:
-    description:
+    title: Paired recoveryOS Trusted Boot Policy Measurement (prot)
+    description: >
+      A paired recoveryOS Trusted Boot Policy Measurement (TBPM) is a special iterative SHA384 hash calculation
+      over the Image4 manifest of a LocalPolicy, excluding nonces, in order to give a consistent measurement
+      over time (because nonces like lpnh are frequently updated). The prot field, which is found only in each
+      macOS LocalPolicy, provides a pairing to indicate the recoveryOS LocalPolicy that corresponds to the
+      macOS LocalPolicy.
+    type: binary
+    subtype: sha2-384
+    access:
+      write:
+        - 1TR
+        - recoveryOS
+        - macOS
   rbmt:
     description:
   rddg:
@@ -383,11 +495,42 @@ img4_tags:
   rolp:
     description: recoveryOS local policy
   ronh:
-    description: recoveryOS nonce hash
+    title: recoveryOS Nonce Hash (ronh)
+    description: >
+      The ronh behaves the same way as the lpnh, but is found exclusively in the LocalPolicy for system
+      recoveryOS. It’s updated when the system recoveryOS is updated, such as on software updates. A
+      separate nonce from the lpnh and rpnh is used so that when a device is put into a disabled state
+      by Find My, existing operating systems can be disabled (by removing their LPN and RPN from the
+      Secure Storage Component), while still leaving the system recoveryOS bootable. In this way, the
+      operating systems can be reenabled when the system owner proves their control over the system by
+      putting in their iCloud password used for the Find My account. This change happens when a user updates
+      the system recoveryOS or creates new operating systems.
+    type: binary
+    subtype: sha2-384
+    access:
+      write:
+        - 1TR
+        - recoveryOS
+        - macOS
   rosi:
     description:
   nish:
-    description: preboot splat manifest hash
+    title: Next Stage Image4 Manifest Hash (nsih)
+    description: >
+      The nsih field represents an SHA384 hash of the Image4 manifest data structure that describes the booted
+      macOS. The macOS Image4 manifest contains measurements for all the boot objects—such as iBoot, the static
+      trust cache, device tree, Boot Kernel Collection, and signed system volume (SSV) volume root hash. When
+      LLB is directed to boot a given macOS, it’s designed to ensure that the hash of the macOS Image4 manifest
+      attached to iBoot matches what’s captured in the nsih field of the LocalPolicy. In this way, the nsih
+      captures the user intention of what operating system the user has created a LocalPolicy for. Users
+      change the nsih value implicitly when they perform a software update.
+    type: binary
+    subtype: sha2-384
+    access:
+      write:
+        - 1TR
+        - recoveryOS
+        - macOS
   spih:
     description: Cryptex1 Image4 Hash
   stng:
@@ -395,7 +538,18 @@ img4_tags:
   auxh:
     description: User Authorized Kext List Hash
   rpnh:
-    description: RemotePolicy nonce hash
+    title: Remote Policy Nonce Hash (rpnh)
+    description: >
+      The rpnh behaves the same way as the lpnh but is updated only when the remote policy is updated, such as when
+      changing the state of Find My enrollment. This change happens when the user changes the state of Find My on
+      their Mac.
+    type: binary
+    subtype: sha2-384
+    access:
+      write:
+        - 1TR
+        - recoveryOS
+        - macOS
   RSCH:
     description: Research mode
   fgpt:
@@ -515,7 +669,17 @@ img4_tags:
   vkdl:
     description:
   vuid:
-    description: Volume Group UUID
+    title: APFS volume group UUID (vuid)
+    description: >
+      The vuid indicates the volume group the kernel should use as root. This field is primarily informational
+      and isn’t used for security constraints. This vuid is set by the user implicitly when creating a new
+      operating system install.
+    type: binary
+    subtype: sha2-384
+    access:
+      - 1TR
+      - recoveryOS
+      - macOS
   ware:
     description:
   wchf:

data/share/syscfg.yaml

@@ -1,4 +1,103 @@
 ---
 metadata:
   description:
-  credits:
+  credits:
+
+values:
+  RMd#:
+    description: Regulatory Model Number
+  Coor:
+    description: Country of Origin
+    values:
+      - C
+  CFG#:
+    description: Configuration Number
+  SrNm:
+    description: Serial Number
+  MLB#:
+    description: Main Logic Board Serial Number
+  Regn:
+    description: Region Info
+  Mod#:
+    description: Model Number
+  MdlC:
+    description: Model Configuration (key value seperated by ";" and "key=value")
+  CLCG:
+    description: Cover glass (gloss or opaque)
+  BMac:
+    description: Bluetooth MAC Address
+  SwBh:
+    description: Software Behavior
+  CLBG:
+  MkBS:
+  CLHS:
+  CGMt:
+  EMac:
+  EnMt:
+  BGMt:
+  EMc2:
+  rpcp:
+  MkBH:
+  WMac:
+  SBVr:
+  AROC:
+  LTAO:
+  ARSC:
+  ASCl:
+  ARXN:
+  AICl:
+  ARot:
+  ARNC:
+  ARXC:
+  GICl:
+  GRXC:
+  GRXN:
+  GRNC:
+  GRSC:
+  GSCl:
+  GYTT:
+  GRot:
+  MDCC:
+  CRot:
+  CVCC:
+  CDCC:
+  CMOC:
+  CSCM:
+  JRot:
+  CPAS:
+  PRTT: (Pressure Sensor / Barometer) temp-compensation-table
+  SPPO: (Pressure Sensor / Barometer) pressure-offset-calibration
+  PxCl: (Proximity Sensor) prox-calibration
+  PSCl:
+  STRB:
+  BCAR:
+  PrCL:
+  RACa:
+  RACm:
+  RxCL:
+  TCal:
+  WSKU:
+    description: WiFi Chip / Product SKU
+  WCAL:
+    description: WiFi Calibration Data
+  RFEM:
+  BCAL:
+  BTTx:
+  BTBF:
+  MBac:
+  BTRx:
+  RSKU:
+    description: Region SKU (in US "/LLA")
+  DClr:
+  DBCl:
+  DPCl:
+  DTCl:
+  CGSp:
+  CLCL:
+  MiGH:
+  SpPH:
+  SpGH:
+  MiGB:
+  TMac:
+  ksku:
+  TCID:

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: apple-data
 version: !ruby/object:Gem::Version
-  version: 1.0.601
+  version: 1.0.602
 platform: ruby
 authors:
 - Rick Mark
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-02-14 00:00:00.000000000 Z
+date: 2024-02-15 00:00:00.000000000 Z
 dependencies: []
 description: |2
       This package includes machine readable data about Apple platforms maintained by hack-different.