apple-data 1.0.602 → 1.0.604
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/apple_data/version.rb +1 -1
- data/share/fdr.yaml +13 -3
- data/share/img4.yaml +274 -41
- data/share/pki.yaml +57 -7
- data/share/terms.yaml +19 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 505cf3230870a47f259145e62e3f09e63064d46e3f3b6c34532e41394fcff002
|
4
|
+
data.tar.gz: 3c57444d5e7147281f03a6aa8aad3ea8539e010643dde4b4706f6e223aa43033
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8fcbbf092c4ca492488bd9a95b4812c32d4f8f9d51f86c253799dc3a729fc41da8f21f0407f3fa22b3ad9bc1bb36dd1c8914c60cd73bb8d97c1f9ae921cd8dec
|
7
|
+
data.tar.gz: 2d0d389c91f4ec3ad3b9848536ec093bf8dd2877bed17e2d74df1e9579b820ea61261567086fb4e300ec1a6cc2953070b87c80d064cc01db5d01eec03b17771e
|
data/lib/apple_data/version.rb
CHANGED
data/share/fdr.yaml
CHANGED
@@ -25,7 +25,7 @@ fdr_properties:
|
|
25
25
|
CmCl:
|
26
26
|
description:
|
27
27
|
dCfg:
|
28
|
-
description:
|
28
|
+
description: Display LCD
|
29
29
|
contexts:
|
30
30
|
- base
|
31
31
|
- mansta
|
@@ -48,10 +48,14 @@ fdr_properties:
|
|
48
48
|
contexts:
|
49
49
|
- mandev
|
50
50
|
- mansta
|
51
|
+
data:
|
52
|
+
comb:
|
53
|
+
fdrd:
|
54
|
+
secb:
|
51
55
|
GpC2:
|
52
56
|
description:
|
53
57
|
HmCA:
|
54
|
-
description:
|
58
|
+
description: Ambient Light Sensor
|
55
59
|
contexts:
|
56
60
|
- base
|
57
61
|
- mansta
|
@@ -167,7 +171,7 @@ fdr_properties:
|
|
167
171
|
rSCl:
|
168
172
|
description:
|
169
173
|
scrt:
|
170
|
-
description:
|
174
|
+
description: SEP Certificate
|
171
175
|
contexts:
|
172
176
|
- base
|
173
177
|
SDOM:
|
@@ -194,5 +198,11 @@ fdr_properties:
|
|
194
198
|
description:
|
195
199
|
vcrt:
|
196
200
|
description:
|
201
|
+
ADCL:
|
202
|
+
description: Raw Panel / Coverglass
|
197
203
|
WMac:
|
198
204
|
description: Wireless MAC Address
|
205
|
+
to_be_signed_keys:
|
206
|
+
DGST:
|
207
|
+
clid:
|
208
|
+
inst:
|
data/share/img4.yaml
CHANGED
@@ -2,6 +2,32 @@
|
|
2
2
|
metadata:
|
3
3
|
description:
|
4
4
|
credits:
|
5
|
+
types:
|
6
|
+
digest-object:
|
7
|
+
description: Digest Objects are Firmare or Other Hashable Datastreams.
|
8
|
+
They will exist in NOR, Disk, or be received over USB. These objects
|
9
|
+
will contain a `DGST` value that is the cryptographic hash of the contents.
|
10
|
+
They can contain additional properties per object, some of which are standard
|
11
|
+
and others that are object specific.
|
12
|
+
common_properties:
|
13
|
+
ESEC:
|
14
|
+
EPRO:
|
15
|
+
EKEY:
|
16
|
+
subtypes:
|
17
|
+
local-boot-object:
|
18
|
+
trust-measurement:
|
19
|
+
description: A trust measurement is requested from the processor to ensure that
|
20
|
+
the boot flow has not changed since a prior time that measurement was taken.
|
21
|
+
To date the trust measurement is commonly found on SEP firmware images.
|
22
|
+
ssv-root-hash:
|
23
|
+
description: Root Hash values are used to validate the Signature of an APFS Signed
|
24
|
+
volume or snapshot. They will be paired to a coresponding disk image. Some also
|
25
|
+
are paired with `ssv-merkle-tree` which includes the metadata for the volume.
|
26
|
+
trust-cache:
|
27
|
+
img4-disk-image:
|
28
|
+
description: Disk images are often signed IMG4 payloads used for USB boot or as the
|
29
|
+
arm64BaseSystem.dmg. IMG4 is used for smaller disk images that can be entirely
|
30
|
+
validated "single shot" unlike larger disks which use SSV and validate on read.
|
5
31
|
img4_tags:
|
6
32
|
acfw:
|
7
33
|
description:
|
@@ -22,12 +48,18 @@ img4_tags:
|
|
22
48
|
type: boolean
|
23
49
|
anef:
|
24
50
|
description: Apple Neural Engine Firmware
|
51
|
+
type: digest-object
|
52
|
+
roots:
|
53
|
+
- ManifestKey-DataCenter
|
25
54
|
anrd:
|
26
55
|
description:
|
27
56
|
aofi:
|
28
57
|
description:
|
29
58
|
aopf:
|
30
59
|
description: Always on processor firmware
|
60
|
+
type: digest-object
|
61
|
+
roots:
|
62
|
+
- ManifestKey-DataCenter
|
31
63
|
apmv:
|
32
64
|
description:
|
33
65
|
ater:
|
@@ -37,9 +69,14 @@ img4_tags:
|
|
37
69
|
auac:
|
38
70
|
description:
|
39
71
|
aubt:
|
40
|
-
description:
|
72
|
+
description: Auxiliary
|
41
73
|
augs:
|
42
|
-
description:
|
74
|
+
description:
|
75
|
+
Auxiliary User System Image
|
76
|
+
Included in APTicket CA extensions, as well as factory manifests.
|
77
|
+
roots:
|
78
|
+
- ExtraContent
|
79
|
+
- ManifestKey
|
43
80
|
aupr:
|
44
81
|
description:
|
45
82
|
auxi:
|
@@ -85,13 +122,16 @@ img4_tags:
|
|
85
122
|
opt in to a more restrictive AuxKC inclusion. The auxp field is a prerequisite for setting the auxr
|
86
123
|
field in the LocalPolicy. Users change the auxr value implicitly when they build a new AuxKC from
|
87
124
|
the Security & Privacy pane in System Preferences.
|
88
|
-
type:
|
125
|
+
type: digest-object
|
89
126
|
subtype: sha2-384
|
90
127
|
access:
|
91
128
|
write:
|
92
129
|
- macOS
|
93
130
|
avef:
|
94
131
|
description: AV Encryption (DRM) Firmware
|
132
|
+
type: digest-object
|
133
|
+
roots:
|
134
|
+
- ManifestKey-DataCenter
|
95
135
|
bat0:
|
96
136
|
description: battery image 0
|
97
137
|
bat1:
|
@@ -100,8 +140,14 @@ img4_tags:
|
|
100
140
|
description: battery full image
|
101
141
|
BLDS:
|
102
142
|
description:
|
143
|
+
prid:
|
144
|
+
description: Encrypted Private Key / Private Key Info
|
103
145
|
bles:
|
104
146
|
description:
|
147
|
+
rtmu:
|
148
|
+
description: Restore TMU for AP
|
149
|
+
type: digest-object
|
150
|
+
recovery: true
|
105
151
|
BNCH:
|
106
152
|
description: Boot Nonce Hash - based on the values of com.apple.System.boot-nonces
|
107
153
|
BORD:
|
@@ -115,24 +161,39 @@ img4_tags:
|
|
115
161
|
alias:
|
116
162
|
- board-id
|
117
163
|
bstc:
|
118
|
-
description:
|
164
|
+
description: Base Sysetm Static Trust Cache
|
165
|
+
type: digest-object
|
166
|
+
subtype: trust-cache
|
119
167
|
bsys:
|
120
|
-
description:
|
168
|
+
description: Base System Seal Root Hash
|
169
|
+
type: digest-object
|
170
|
+
subtype: ssv-root-hash
|
121
171
|
CEPO:
|
122
172
|
description: |-
|
123
173
|
Certificate/Chip Epoch. This is a unit of roll-forward time (monotonic) that allows for any security issues
|
124
174
|
in the prior epoch to be fixed by a anti-rollback scheme.
|
175
|
+
nullable: true
|
176
|
+
type: boolean
|
125
177
|
alias:
|
126
178
|
- chip-epoch
|
127
179
|
cfel:
|
128
180
|
description:
|
129
181
|
chg0:
|
130
182
|
description: Charging Image 0
|
183
|
+
type: digest-object
|
184
|
+
subtype: graphic
|
185
|
+
faic:
|
186
|
+
description:
|
187
|
+
type: integer
|
188
|
+
default: 0
|
131
189
|
chg1:
|
132
190
|
description: Charging Image 1
|
191
|
+
type: digest-object
|
192
|
+
subtype: graphic
|
133
193
|
CHIP:
|
134
194
|
description: Unique identifier for a single Apple designed application processor
|
135
195
|
sharing the same GID key
|
196
|
+
type: integer
|
136
197
|
width: 2
|
137
198
|
nsph:
|
138
199
|
description: preboot splat manifest hash
|
@@ -144,14 +205,17 @@ img4_tags:
|
|
144
205
|
description:
|
145
206
|
cmsv:
|
146
207
|
description:
|
208
|
+
rans:
|
209
|
+
description: Restore Apple NAND Storage Firmware
|
210
|
+
type: digest-object
|
147
211
|
coih:
|
148
212
|
title: CustomOS Image4 Manifest Hash (coih)
|
149
213
|
description: >
|
150
214
|
The `coih` is an SHA384 hash of CustomOS Image4 manifest. The payload for that manifest is used
|
151
215
|
by iBoot (instead of the XNU kernel) to transfer control. Users change the `coih` value implicitly when
|
152
216
|
they use the `kmutil` configure-boot command-line tool in 1TR.
|
153
|
-
type:
|
154
|
-
subtype:
|
217
|
+
type: digest-object
|
218
|
+
subtype: IM4M
|
155
219
|
access:
|
156
220
|
write:
|
157
221
|
- 1TR
|
@@ -159,31 +223,71 @@ img4_tags:
|
|
159
223
|
description: Chip promotion fuse value (what is burned in)
|
160
224
|
alias:
|
161
225
|
- certificate-production-status
|
226
|
+
nullable: true
|
162
227
|
type: boolean
|
163
228
|
CSEC:
|
164
229
|
description: Burned-in chip security mode
|
230
|
+
type: boolean
|
231
|
+
nullable: true
|
165
232
|
alias:
|
166
233
|
- certificate-security-mode
|
167
234
|
csys:
|
168
|
-
description:
|
235
|
+
description: Install / Restore SSV Root Hash
|
236
|
+
type: digest-object
|
237
|
+
subtype: ssv-root-hash
|
169
238
|
dali:
|
170
239
|
description:
|
171
240
|
data:
|
172
241
|
description:
|
242
|
+
casy:
|
243
|
+
description: App Cryptex SSV Root Hash
|
244
|
+
type: digest-object
|
245
|
+
subtype: ssv-root-hash
|
246
|
+
roots:
|
247
|
+
- ExtraContent
|
248
|
+
cssy:
|
249
|
+
description: System Cryptex SSV Root Hash
|
250
|
+
type: digest-object
|
251
|
+
subtype: ssv-root-hash
|
252
|
+
roots:
|
253
|
+
- ExtraContent
|
173
254
|
DGST:
|
174
255
|
description: payload digest
|
175
256
|
diag:
|
176
257
|
description:
|
258
|
+
trca:
|
259
|
+
description:
|
260
|
+
type: digest-object
|
261
|
+
roots:
|
262
|
+
- ExtraContent
|
263
|
+
csos:
|
264
|
+
description:
|
265
|
+
type: digest-object
|
266
|
+
roots:
|
267
|
+
- ExtraContent
|
268
|
+
trcs:
|
269
|
+
description:
|
270
|
+
type: digest-object
|
271
|
+
roots:
|
272
|
+
- ExtraContent
|
177
273
|
disk:
|
178
274
|
description:
|
179
275
|
DPRO:
|
180
|
-
description:
|
276
|
+
description: Demote from Production Request
|
277
|
+
Value is used by TSS sever to issue EPRO values, or effective AP prodctuion state.
|
181
278
|
DSEC:
|
182
|
-
description:
|
279
|
+
description: Demote from Secure Request
|
280
|
+
Value is used by TSS server to issue ESEC values, or effective AP Security Mode should the
|
281
|
+
requester be authorized. These requests are not available to consumers, only to Apple Internal.
|
183
282
|
dtre:
|
184
283
|
description: device tree
|
284
|
+
type: digest-object
|
285
|
+
subtype: device-tree
|
185
286
|
dtrs:
|
186
287
|
description: device tree for recovery
|
288
|
+
type: digest-object
|
289
|
+
subtype: device-tree
|
290
|
+
recovery: true
|
187
291
|
ECID:
|
188
292
|
description: Exclusive chip identifier. This is burned into an eFuse at time
|
189
293
|
of manufacture and unique across all devices sharing the same CHIP
|
@@ -204,10 +308,16 @@ img4_tags:
|
|
204
308
|
description:
|
205
309
|
EKEY:
|
206
310
|
description: Effective chip promoted
|
311
|
+
nullable: false
|
312
|
+
type: boolean
|
207
313
|
EPRO:
|
208
314
|
description: Effective chip promotion / demotion state (if CPFM 03 this must be 0 to set ESEC)
|
209
315
|
alias:
|
210
316
|
- effective-production-status-ap
|
317
|
+
nullable: false
|
318
|
+
type: boolean
|
319
|
+
secb:
|
320
|
+
description: Sets a security value such as `trst` or the FDR signing trust object. "security blob?"
|
211
321
|
esca:
|
212
322
|
description:
|
213
323
|
hrlp:
|
@@ -224,6 +334,7 @@ img4_tags:
|
|
224
334
|
- macOS
|
225
335
|
esdm:
|
226
336
|
description: Extended Security Domain fuses
|
337
|
+
type: integer
|
227
338
|
alias:
|
228
339
|
- esdm-fuses
|
229
340
|
styp:
|
@@ -231,6 +342,37 @@ img4_tags:
|
|
231
342
|
type: u32
|
232
343
|
alias:
|
233
344
|
- cryptex subtype
|
345
|
+
roots:
|
346
|
+
- ExtraContent
|
347
|
+
acid:
|
348
|
+
WSKU:
|
349
|
+
description: Wireless SKU
|
350
|
+
WMac:
|
351
|
+
description: Wireless MAC Address
|
352
|
+
TMac:
|
353
|
+
description: Thunderbolt MAC Address
|
354
|
+
manifest: true
|
355
|
+
BMac:
|
356
|
+
description: Bluetooth MAC Address
|
357
|
+
manifest: true
|
358
|
+
SrNm:
|
359
|
+
description: Unit Serial Number
|
360
|
+
manifest: true
|
361
|
+
ptrp:
|
362
|
+
snuf:
|
363
|
+
description: Staged next update firmware?
|
364
|
+
Regn:
|
365
|
+
description: Region Code
|
366
|
+
example: LL/A
|
367
|
+
type: string
|
368
|
+
manifest: true
|
369
|
+
Mod#:
|
370
|
+
CLHS:
|
371
|
+
HmCA:
|
372
|
+
FSCl:
|
373
|
+
ADCL:
|
374
|
+
clid:
|
375
|
+
hop0:
|
234
376
|
oppd:
|
235
377
|
description: Unknown, used by `stg1`/`sepi` - sha384 hash sized
|
236
378
|
ESEC:
|
@@ -240,25 +382,49 @@ img4_tags:
|
|
240
382
|
euou:
|
241
383
|
description: engineering use-only unit
|
242
384
|
clas:
|
243
|
-
description:
|
385
|
+
description: Class for Key / Object - Found in FDR objects
|
386
|
+
examples:
|
387
|
+
roots:
|
388
|
+
- ExtraContent
|
244
389
|
psmh:
|
245
390
|
description: previous stage manifest hash
|
391
|
+
|
246
392
|
fchp:
|
247
|
-
description: Cryptex1,ChipID
|
393
|
+
description: Cryptex1,ChipID - Mask
|
394
|
+
roots:
|
395
|
+
- ExtraContent
|
248
396
|
fdrs:
|
249
397
|
description:
|
398
|
+
rvok:
|
399
|
+
description: Trust object revocation list
|
400
|
+
trpk:
|
401
|
+
description: Trust public keys
|
402
|
+
rssl:
|
403
|
+
description: The valid CA used for secure communications with the FDR server to obtain the FDR objects. This
|
404
|
+
differs from the `trst` object as `rssl` is in transit and `trst` is at rest.
|
250
405
|
fdrt:
|
251
406
|
description:
|
252
407
|
file:
|
253
408
|
description:
|
254
409
|
fpgt:
|
255
410
|
description:
|
411
|
+
ftab:
|
412
|
+
description: >
|
413
|
+
Factory Trust - Auto Boot
|
414
|
+
FTAB images (used for devices such as AirPods, etc) are "hacktivated" or pre-APTicket'ed devices as they
|
415
|
+
lack either a restore connection, or persistet memory. Common early usage of this was the Heywire dongles
|
416
|
+
used for video conversion on the Mac. It was simplest for the device to lack NAND and simply receive the
|
417
|
+
firmware from a host on powerup. FTAB files are fully ready to run blobs often including RTKit OS based
|
418
|
+
memory images.
|
256
419
|
ftap:
|
257
|
-
description:
|
420
|
+
description: >
|
421
|
+
Factory Trust - Application Processor
|
422
|
+
type: hash
|
258
423
|
ftot:
|
259
|
-
description:
|
424
|
+
description: Factory Trust - Other
|
260
425
|
ftsp:
|
261
|
-
description:
|
426
|
+
description: Factory Trust - SEP
|
427
|
+
type: hash
|
262
428
|
fuos:
|
263
429
|
description: Fully Unsigned OS
|
264
430
|
gfxf:
|
@@ -266,7 +432,7 @@ img4_tags:
|
|
266
432
|
ging:
|
267
433
|
description:
|
268
434
|
glyc:
|
269
|
-
description:
|
435
|
+
description: Gyroscope Calibration
|
270
436
|
glyp:
|
271
437
|
description:
|
272
438
|
hash:
|
@@ -279,14 +445,34 @@ img4_tags:
|
|
279
445
|
description:
|
280
446
|
homr:
|
281
447
|
description:
|
282
|
-
|
283
|
-
|
448
|
+
cnch:
|
449
|
+
roots:
|
450
|
+
- ExtraContent
|
451
|
+
ndom:
|
452
|
+
roots:
|
453
|
+
- ExtraContent
|
454
|
+
pave:
|
455
|
+
description: XNU version string?
|
456
|
+
type: string
|
457
|
+
roots:
|
458
|
+
- ExtraContent
|
284
459
|
hypr:
|
285
460
|
description: Hypervisor
|
286
461
|
iBEC:
|
287
462
|
description: iBoot Epoch Change
|
288
|
-
|
463
|
+
ibot:
|
289
464
|
description: iBoot
|
465
|
+
ibdt:
|
466
|
+
ibd1:
|
467
|
+
glyP:
|
468
|
+
ibss:
|
469
|
+
dven:
|
470
|
+
dcp2:
|
471
|
+
ciof:
|
472
|
+
batF:
|
473
|
+
ansf:
|
474
|
+
rfcg:
|
475
|
+
type: boolean
|
290
476
|
iBSS:
|
291
477
|
description: iBoot Second Stage
|
292
478
|
ienv:
|
@@ -308,19 +494,21 @@ img4_tags:
|
|
308
494
|
ispf:
|
309
495
|
description: Image Signal Processor Firmware
|
310
496
|
isys:
|
311
|
-
description:
|
497
|
+
description: Install System SSV Root Hash
|
312
498
|
itst:
|
313
499
|
description:
|
314
500
|
iuob:
|
315
501
|
description:
|
316
502
|
iuos:
|
317
|
-
description:
|
503
|
+
description: Internal Use Only Software
|
318
504
|
iuou:
|
319
|
-
description:
|
505
|
+
description: Internal Use Only Unit
|
320
506
|
kdlv:
|
321
507
|
description:
|
322
508
|
krnl:
|
323
509
|
description: Kernel
|
510
|
+
acdc:
|
511
|
+
description:
|
324
512
|
kuid:
|
325
513
|
title: Key encryption key (KEK) Group UUID (kuid)
|
326
514
|
description: >
|
@@ -341,7 +529,8 @@ img4_tags:
|
|
341
529
|
LNCH:
|
342
530
|
description:
|
343
531
|
lobo:
|
344
|
-
description: Local Boot
|
532
|
+
description: Local Boot Object. Indicates that the object is to be used as the target of a local boot only
|
533
|
+
and not provided by the server for remote / DFU boots.
|
345
534
|
logo:
|
346
535
|
description: Apple logo image
|
347
536
|
love:
|
@@ -356,16 +545,25 @@ img4_tags:
|
|
356
545
|
- 1TR
|
357
546
|
- recoveryOS
|
358
547
|
- macOS
|
548
|
+
roots:
|
549
|
+
- ManifestKey-DataCenter
|
359
550
|
prtp:
|
360
551
|
description: Product ID String
|
361
552
|
type: string
|
362
553
|
example: iPhone16,2
|
554
|
+
roots:
|
555
|
+
- ManifestKey-DataCenter
|
363
556
|
sdkp:
|
364
|
-
description:
|
557
|
+
description: SDK for Product
|
365
558
|
type: string
|
366
|
-
|
559
|
+
roots:
|
560
|
+
- ManifestKey-DataCenter
|
561
|
+
values:
|
562
|
+
- iphoneos
|
563
|
+
- macos
|
367
564
|
lphp:
|
368
565
|
description:
|
566
|
+
mspr:
|
369
567
|
lpnh:
|
370
568
|
title: LocalPolicy Nonce Hash (lpnh)
|
371
569
|
description: >
|
@@ -394,7 +592,7 @@ img4_tags:
|
|
394
592
|
magg:
|
395
593
|
description:
|
396
594
|
MANB:
|
397
|
-
description:
|
595
|
+
description: Manifest B
|
398
596
|
MANP:
|
399
597
|
description: Manifest Payload
|
400
598
|
manx:
|
@@ -414,7 +612,7 @@ img4_tags:
|
|
414
612
|
msec:
|
415
613
|
description:
|
416
614
|
msys:
|
417
|
-
description:
|
615
|
+
description: Merkle Tree Metadata for System Disk
|
418
616
|
mtfw:
|
419
617
|
description:
|
420
618
|
name:
|
@@ -426,7 +624,8 @@ img4_tags:
|
|
426
624
|
nsrv:
|
427
625
|
description:
|
428
626
|
OBJP:
|
429
|
-
description:
|
627
|
+
description: Object Properties - Values that may be assigned per "object" (firmawres) that contain a `DGST`
|
628
|
+
type: sequence
|
430
629
|
omer:
|
431
630
|
description:
|
432
631
|
ooth:
|
@@ -455,6 +654,8 @@ img4_tags:
|
|
455
654
|
description:
|
456
655
|
pmpf:
|
457
656
|
description: Power Management Processor Firmware
|
657
|
+
type: digest-object
|
658
|
+
subtype:
|
458
659
|
pndp:
|
459
660
|
description:
|
460
661
|
prot:
|
@@ -465,8 +666,8 @@ img4_tags:
|
|
465
666
|
over time (because nonces like lpnh are frequently updated). The prot field, which is found only in each
|
466
667
|
macOS LocalPolicy, provides a pairing to indicate the recoveryOS LocalPolicy that corresponds to the
|
467
668
|
macOS LocalPolicy.
|
468
|
-
type:
|
469
|
-
subtype:
|
669
|
+
type: digest-object
|
670
|
+
subtype: trust-measurement
|
470
671
|
access:
|
471
672
|
write:
|
472
673
|
- 1TR
|
@@ -474,18 +675,25 @@ img4_tags:
|
|
474
675
|
- macOS
|
475
676
|
rbmt:
|
476
677
|
description:
|
678
|
+
mtpf:
|
477
679
|
rddg:
|
478
680
|
description:
|
479
681
|
rdsk:
|
480
|
-
description: Restore Disk Image
|
682
|
+
description: Restore Disk Image / ramdisk
|
481
683
|
rdtr:
|
482
684
|
description:
|
483
685
|
recm:
|
484
686
|
description:
|
687
|
+
rcfg:
|
688
|
+
description: >
|
689
|
+
Appears in certificates issues by factory such as `T6031-SDOM1-TssLive-ManifestKey-RevA-Factory`.
|
690
|
+
Potentially indicates that the policy is for a recovery boot only.
|
691
|
+
type: boolean
|
485
692
|
rfta:
|
486
693
|
description:
|
487
694
|
rfts:
|
488
695
|
description:
|
696
|
+
rdcp:
|
489
697
|
rkrn:
|
490
698
|
description: restore kernel
|
491
699
|
rlgo:
|
@@ -494,6 +702,7 @@ img4_tags:
|
|
494
702
|
description:
|
495
703
|
rolp:
|
496
704
|
description: recoveryOS local policy
|
705
|
+
type: boolean
|
497
706
|
ronh:
|
498
707
|
title: recoveryOS Nonce Hash (ronh)
|
499
708
|
description: >
|
@@ -526,6 +735,8 @@ img4_tags:
|
|
526
735
|
change the nsih value implicitly when they perform a software update.
|
527
736
|
type: binary
|
528
737
|
subtype: sha2-384
|
738
|
+
context:
|
739
|
+
lpol:
|
529
740
|
access:
|
530
741
|
write:
|
531
742
|
- 1TR
|
@@ -534,9 +745,10 @@ img4_tags:
|
|
534
745
|
spih:
|
535
746
|
description: Cryptex1 Image4 Hash
|
536
747
|
stng:
|
537
|
-
description: Cryptex1 Generation
|
748
|
+
description: Cryptex1 Generation / Cryptex type?
|
538
749
|
auxh:
|
539
750
|
description: User Authorized Kext List Hash
|
751
|
+
context:
|
540
752
|
rpnh:
|
541
753
|
title: Remote Policy Nonce Hash (rpnh)
|
542
754
|
description: >
|
@@ -552,15 +764,19 @@ img4_tags:
|
|
552
764
|
- macOS
|
553
765
|
RSCH:
|
554
766
|
description: Research mode
|
767
|
+
rcio:
|
768
|
+
description: Restore CIO
|
555
769
|
fgpt:
|
556
|
-
description: factory pre-release
|
770
|
+
description: factory glob al pre-release trust
|
557
771
|
UDID:
|
558
772
|
description: universal device identifier
|
559
773
|
rsch:
|
560
774
|
description: research mode
|
561
775
|
vnum:
|
562
|
-
description:
|
776
|
+
description: Version Number - Update Maximum
|
563
777
|
type: string
|
778
|
+
roots:
|
779
|
+
- ExtraContent
|
564
780
|
rsep:
|
565
781
|
description: Restore SEP Image, paired with oppd/tbms
|
566
782
|
type: string
|
@@ -615,21 +831,21 @@ img4_tags:
|
|
615
831
|
slvn:
|
616
832
|
description:
|
617
833
|
smb0:
|
618
|
-
description: Secure Multi-Boot 0 - Security Mode - Full Security, Reduced, Disabled
|
834
|
+
description: Secure Multi-Boot 0 - Security Mode - Full Security, Reduced, Disabled - Setting to 1 sets to reduced
|
619
835
|
smb1:
|
620
|
-
description: Secure Multi-Boot 1
|
836
|
+
description: Secure Multi-Boot 1 - Setting to 1 allows Permissive
|
621
837
|
smb2:
|
622
838
|
description: Secure Multi-Boot 2 - 3rd Party Kexts Status
|
623
839
|
smb3:
|
624
840
|
description: Secure Multi-Boot 3 - User-allowed MDM Control
|
625
841
|
smb4:
|
626
842
|
description: Secure Multi-Boot 3 - DEP-allowed MDM Control
|
843
|
+
smb5:
|
844
|
+
description: Unknown - but known to exist in Factory signing
|
627
845
|
SNON:
|
628
846
|
description: SEP Nonce
|
629
847
|
snon:
|
630
848
|
description: SEP Nonce
|
631
|
-
snuf:
|
632
|
-
description:
|
633
849
|
srnm:
|
634
850
|
description:
|
635
851
|
ster:
|
@@ -637,12 +853,14 @@ img4_tags:
|
|
637
853
|
svrn:
|
638
854
|
description: Server nonce
|
639
855
|
tbmr:
|
640
|
-
description: Trusted Boot Measurement (Root?)
|
856
|
+
description: Trusted Boot Measurement (Recovery/Root?)
|
641
857
|
tbms:
|
642
858
|
description: Trusted Boot Measurement (Signature?)
|
643
859
|
notes: Likely encrypted by the SEP and opaque to the AP
|
644
860
|
tatp:
|
645
|
-
description: Board Name (such as d84)
|
861
|
+
description: Board Name (such as d84) - Target AP Test
|
862
|
+
roots:
|
863
|
+
- ManifestKey-DataCenter
|
646
864
|
tery:
|
647
865
|
description:
|
648
866
|
test:
|
@@ -650,11 +868,19 @@ img4_tags:
|
|
650
868
|
tics:
|
651
869
|
description:
|
652
870
|
trst:
|
653
|
-
description: Trust
|
871
|
+
description: Trust Object
|
654
872
|
tsys:
|
655
873
|
description:
|
656
874
|
type:
|
657
875
|
description: Cryptex Type
|
876
|
+
type: integer
|
877
|
+
roots:
|
878
|
+
- ExtraContent
|
879
|
+
caos:
|
880
|
+
description:
|
881
|
+
type: digest-object
|
882
|
+
root:
|
883
|
+
- ExtraContent
|
658
884
|
ucer:
|
659
885
|
description: User Cert
|
660
886
|
ucon:
|
@@ -664,6 +890,8 @@ img4_tags:
|
|
664
890
|
uidm:
|
665
891
|
description:
|
666
892
|
type: boolean
|
893
|
+
roots:
|
894
|
+
- ManifestKey-DataCenter
|
667
895
|
vice:
|
668
896
|
description:
|
669
897
|
vkdl:
|
@@ -682,6 +910,11 @@ img4_tags:
|
|
682
910
|
- macOS
|
683
911
|
ware:
|
684
912
|
description:
|
913
|
+
sski:
|
914
|
+
description: SHA2 os some kind
|
915
|
+
type: binary
|
916
|
+
inst:
|
917
|
+
descryption: The key or file to install
|
685
918
|
wchf:
|
686
919
|
description: Wireless Charging Framework
|
687
920
|
xbtc:
|
data/share/pki.yaml
CHANGED
@@ -5,16 +5,25 @@ metadata:
|
|
5
5
|
certificate_names:
|
6
6
|
dcrt: device certificate
|
7
7
|
dcrt-oid: device owner certificate
|
8
|
-
lcrt:
|
8
|
+
lcrt: Lynx / Secure Storage for SEP Certificate
|
9
9
|
pcrt: product/production certificate?
|
10
10
|
rcrt: remote/recovery certificate?
|
11
|
-
scrt:
|
11
|
+
scrt: SEP Certificate
|
12
12
|
tcrt: test certificate?
|
13
13
|
ucrt: user certificate (mapps to a single iCloud account)
|
14
14
|
vcrt: virtual certificate?
|
15
|
+
keys:
|
16
|
+
uik:
|
17
|
+
description: User Identity Key
|
18
|
+
sik:
|
19
|
+
description: System Identity Key
|
20
|
+
oik:
|
21
|
+
description: Owner Identity Key (the first password after restore)
|
15
22
|
constants:
|
16
23
|
private_oid_root: 1.2.840.113635
|
17
24
|
oids:
|
25
|
+
- oid: 1.2.840.113635.100.6.17
|
26
|
+
description: Contains the name of the key
|
18
27
|
- oid: 1.2.840.113635.100.5.3
|
19
28
|
apple_description: ADC Certificate Policy
|
20
29
|
- oid: 1.2.840.113635.100.5.4
|
@@ -31,17 +40,30 @@ oids:
|
|
31
40
|
apple_description: Apple World Wide Developer Relations Certificates for Code Signing for Test Release through the iTMS
|
32
41
|
- oid: 1.2.840.113635.100.6.1.4
|
33
42
|
apple_description: Apple World Wide Developer Relations Certificates for Code Signing GM from developer to Apple
|
43
|
+
- oid: 1.2.840.113635.100.6.16
|
44
|
+
description:
|
45
|
+
A sequence of FDR programming commands, seperated by ";". Each command is "PUT" or "GET" prior to a
|
46
|
+
4CC value, followed by a ":" then the value of the key.
|
47
|
+
example:
|
48
|
+
PUT/FSCl:sik-FXFYFXFFYFFEX-QQRRRDEETFEFYCEIESLIREILCILESCLSELRESERSER
|
34
49
|
- oid: 1.2.840.113635.100.6.1.15
|
50
|
+
name: TSS Signing Delegation Constraints
|
35
51
|
description:
|
36
|
-
|
37
|
-
|
38
|
-
|
52
|
+
Constriction on values that can be specified or signed by this certificate. Conatins two sub-sequesnces, the MANP (Manifest Properties)
|
53
|
+
and the OBJP (Object Properties). Manifest properties are at the issued IM4M, and object properties are per signed object (firmware).
|
54
|
+
Values of NULL mean tha tthis certificate can sign any value for that property, values that are set are values that must be signed
|
55
|
+
with that value by this certificate. This is how for example `T6031-SDOM1` is enforced. The certificate for that set of servers
|
56
|
+
have a null value for ECID (meaning it can be used for any ECID) and have fixed values for CHIP / Security Domain SDOM.
|
57
|
+
|
58
|
+
This is how Live TSS for customers differs from factory signing in what properties it can include. Factory only manifest properties
|
59
|
+
include `augs`, `uidm`
|
39
60
|
found_in:
|
40
61
|
- ucrt
|
41
62
|
- dcrt-oid
|
42
63
|
issuers:
|
43
64
|
- Basic Attestation User Sub CA2
|
44
65
|
- FDRDC-UCRT-SUBCA
|
66
|
+
- T6031-SDOM1-TssLive-ManifestKey-RevA-Factory
|
45
67
|
ous:
|
46
68
|
- BAA Certification
|
47
69
|
- ucrt Leaf Certificate
|
@@ -64,7 +86,7 @@ oids:
|
|
64
86
|
- oid: 1.2.840.113635.100.7.1.1
|
65
87
|
apple_description: 'Apple FairPlay certificate extended Application Authentication & Authorization: Policy'
|
66
88
|
- oid: 1.2.840.113635.100.8.4
|
67
|
-
description:
|
89
|
+
description: Contains a sequence of integer values. Some are 0, some are 1, others appear to be int32 bitmasks.
|
68
90
|
is_asn_body: true
|
69
91
|
is_extension: true
|
70
92
|
found_in:
|
@@ -75,6 +97,7 @@ oids:
|
|
75
97
|
ous:
|
76
98
|
- BAA Certification
|
77
99
|
- oid: 1.2.840.113635.100.8.5
|
100
|
+
description: Similar in nature to `1.2.840.113635.100.8.4`. Non-integer values observed of `ssca`.
|
78
101
|
is_asn_body: true
|
79
102
|
is_extension: true
|
80
103
|
found_in:
|
@@ -171,4 +194,31 @@ known_symbols:
|
|
171
194
|
- _oidAppleSecureBootCertSpec
|
172
195
|
- _oidAppleSecureBootTicketCertSpec
|
173
196
|
- _oidAppleTVOSApplicationSigningProd
|
174
|
-
- _oidAppleTVOSApplicationSigningProdQA
|
197
|
+
- _oidAppleTVOSApplicationSigningProdQA
|
198
|
+
roots:
|
199
|
+
FDR-CA1-ROOT-CM:
|
200
|
+
FDR-DC-SSL-ROOT:
|
201
|
+
FDR Sealing Server CA 1:
|
202
|
+
subordinate_cas:
|
203
|
+
FDR-SS-CM-E1:
|
204
|
+
Basic Attestation User Root CA:
|
205
|
+
subordinate_cas:
|
206
|
+
Basic Attestation User Sub CA2:
|
207
|
+
description:
|
208
|
+
Issues `ucrt` subordinate CA's that are used for user level signing. Under this `BAA Certification`
|
209
|
+
certs are issued.
|
210
|
+
Apple Secure Boot Root CA - G6:
|
211
|
+
subordinate_cas:
|
212
|
+
T6031-SDOM1-RecoveryBoot-RevA-Factory:
|
213
|
+
description:
|
214
|
+
T6031-SDOM1-TssLive-ManifestKey-RevA-Factory:
|
215
|
+
Apple X86 Secure Boot Root CA - G1:
|
216
|
+
subject_key_id: 301680147D73CE0A3B41A1A352D2B1141EF6F5B4DD76E6E8
|
217
|
+
subordinate_cas:
|
218
|
+
T6031-SDOM1-TssLive-ManifestKey-Global-RevA-DataCenter:
|
219
|
+
subject_key_id: 0414D8B9E3E9C4A1C542ECB72FC2CF0C2F861E1B3EEF
|
220
|
+
Apple Extra Content Global Root CA - G1:
|
221
|
+
subject_key_id: 30168014AA63251D082C72A381536C94D2864995881CB0D0
|
222
|
+
subordinate_cas:
|
223
|
+
ZFF10-SDOM1-TssLive-ManifestKey-ExtraContent-Global-RevA-DataCenter:
|
224
|
+
subject_key_id: 041442FEAB470561CE2A7471B55AC0D81AB7536F4B36
|
data/share/terms.yaml
CHANGED
@@ -195,6 +195,25 @@ terms:
|
|
195
195
|
debugging, but nearly all kernels shipped by Apple can be debugged if the proper
|
196
196
|
`boot-args` are passed on startup.
|
197
197
|
kernel:
|
198
|
+
baa:
|
199
|
+
- title: Basic Attestation Authority (BAA)
|
200
|
+
oik:
|
201
|
+
- title: Owner Identity Key (OIK)
|
202
|
+
uik:
|
203
|
+
- title: User Identity Key (UIK)
|
204
|
+
ucrt:
|
205
|
+
- title: User identity Certificate (ucrt)
|
206
|
+
oic:
|
207
|
+
- title: Owner Identity Certificate (OIC)
|
208
|
+
LLB:
|
209
|
+
LocalPolicy:
|
210
|
+
RemotePolicy:
|
211
|
+
1TR:
|
212
|
+
sik:
|
213
|
+
oid:
|
214
|
+
pka:
|
215
|
+
siK:
|
216
|
+
- title: System Identity Key
|
198
217
|
kernelcache:
|
199
218
|
- title: Kernel Cache
|
200
219
|
description: A kernel cache is a combined object that contains the kernel itself
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apple-data
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.604
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rick Mark
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-02-
|
11
|
+
date: 2024-02-18 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: |2
|
14
14
|
This package includes machine readable data about Apple platforms maintained by hack-different.
|