apple-data 1.0.603 → 1.0.605
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/apple_data/version.rb +1 -1
- data/share/img4.yaml +276 -43
- data/share/pki.yaml +39 -7
- data/share/terms.yaml +28 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 79e93b4822f94100e4d0301f262650fdcb796733f273aaada9118cb9697f86af
|
4
|
+
data.tar.gz: 862835de00f4e23034b44b90cd0055c20ccb718b1a6f4185dec9c5b8d9f81bd8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9885e73df3a36d75970463e472a8fa9b005f7e818a42a39a44f09ba9dfcf6d12b1e233f276bc5758b804b3cdd571082fafd2615a23212bb4c53fc946275061f2
|
7
|
+
data.tar.gz: 0efa4c7738f69416488ee3bdba6ba7c46733436f9cc8ee7c180f4a800413b3ea34cc7de2f1e86f00f7c91270d0ae0781c39f6d1e117acc78dbb0423ab6ef628d
|
data/lib/apple_data/version.rb
CHANGED
data/share/img4.yaml
CHANGED
@@ -2,6 +2,32 @@
|
|
2
2
|
metadata:
|
3
3
|
description:
|
4
4
|
credits:
|
5
|
+
types:
|
6
|
+
digest-object:
|
7
|
+
description: Digest Objects are Firmare or Other Hashable Datastreams.
|
8
|
+
They will exist in NOR, Disk, or be received over USB. These objects
|
9
|
+
will contain a `DGST` value that is the cryptographic hash of the contents.
|
10
|
+
They can contain additional properties per object, some of which are standard
|
11
|
+
and others that are object specific.
|
12
|
+
common_properties:
|
13
|
+
ESEC: Effective Security Mode - The security mode after evaluating the chip and any demotion request
|
14
|
+
EPRO: Effective Production Mode - The peoduction mode after evaluating the chip production and demotation request
|
15
|
+
EKEY: Effective Key Access - The effective access to teh SEP, used to protect data during demotion
|
16
|
+
subtypes:
|
17
|
+
local-boot-object:
|
18
|
+
trust-measurement:
|
19
|
+
description: A trust measurement is requested from the processor to ensure that
|
20
|
+
the boot flow has not changed since a prior time that measurement was taken.
|
21
|
+
To date the trust measurement is commonly found on SEP firmware images.
|
22
|
+
ssv-root-hash:
|
23
|
+
description: Root Hash values are used to validate the Signature of an APFS Signed
|
24
|
+
volume or snapshot. They will be paired to a coresponding disk image. Some also
|
25
|
+
are paired with `ssv-merkle-tree` which includes the metadata for the volume.
|
26
|
+
trust-cache:
|
27
|
+
img4-disk-image:
|
28
|
+
description: Disk images are often signed IMG4 payloads used for USB boot or as the
|
29
|
+
arm64BaseSystem.dmg. IMG4 is used for smaller disk images that can be entirely
|
30
|
+
validated "single shot" unlike larger disks which use SSV and validate on read.
|
5
31
|
img4_tags:
|
6
32
|
acfw:
|
7
33
|
description:
|
@@ -16,18 +42,26 @@ img4_tags:
|
|
16
42
|
agfi:
|
17
43
|
description:
|
18
44
|
almo:
|
19
|
-
description:
|
45
|
+
description: Some internal iBootable image. Unknown purpose
|
20
46
|
AMNM:
|
21
47
|
description: allow mix-n-match
|
48
|
+
When set to true, img4s can be any valid signed version, allowing for unusual AP tickets where some
|
49
|
+
components may be from a prior verson
|
22
50
|
type: boolean
|
23
51
|
anef:
|
24
52
|
description: Apple Neural Engine Firmware
|
53
|
+
type: digest-object
|
54
|
+
roots:
|
55
|
+
- ManifestKey-DataCenter
|
25
56
|
anrd:
|
26
57
|
description:
|
27
58
|
aofi:
|
28
59
|
description:
|
29
60
|
aopf:
|
30
61
|
description: Always on processor firmware
|
62
|
+
type: digest-object
|
63
|
+
roots:
|
64
|
+
- ManifestKey-DataCenter
|
31
65
|
apmv:
|
32
66
|
description:
|
33
67
|
ater:
|
@@ -37,9 +71,14 @@ img4_tags:
|
|
37
71
|
auac:
|
38
72
|
description:
|
39
73
|
aubt:
|
40
|
-
description:
|
74
|
+
description: Auxiliary
|
41
75
|
augs:
|
42
|
-
description:
|
76
|
+
description:
|
77
|
+
Auxiliary User System Image
|
78
|
+
Included in APTicket CA extensions, as well as factory manifests.
|
79
|
+
roots:
|
80
|
+
- ExtraContent
|
81
|
+
- ManifestKey
|
43
82
|
aupr:
|
44
83
|
description:
|
45
84
|
auxi:
|
@@ -85,13 +124,16 @@ img4_tags:
|
|
85
124
|
opt in to a more restrictive AuxKC inclusion. The auxp field is a prerequisite for setting the auxr
|
86
125
|
field in the LocalPolicy. Users change the auxr value implicitly when they build a new AuxKC from
|
87
126
|
the Security & Privacy pane in System Preferences.
|
88
|
-
type:
|
127
|
+
type: digest-object
|
89
128
|
subtype: sha2-384
|
90
129
|
access:
|
91
130
|
write:
|
92
131
|
- macOS
|
93
132
|
avef:
|
94
133
|
description: AV Encryption (DRM) Firmware
|
134
|
+
type: digest-object
|
135
|
+
roots:
|
136
|
+
- ManifestKey-DataCenter
|
95
137
|
bat0:
|
96
138
|
description: battery image 0
|
97
139
|
bat1:
|
@@ -100,11 +142,14 @@ img4_tags:
|
|
100
142
|
description: battery full image
|
101
143
|
BLDS:
|
102
144
|
description:
|
103
|
-
|
104
145
|
prid:
|
105
146
|
description: Encrypted Private Key / Private Key Info
|
106
147
|
bles:
|
107
148
|
description:
|
149
|
+
rtmu:
|
150
|
+
description: Restore TMU for AP
|
151
|
+
type: digest-object
|
152
|
+
recovery: true
|
108
153
|
BNCH:
|
109
154
|
description: Boot Nonce Hash - based on the values of com.apple.System.boot-nonces
|
110
155
|
BORD:
|
@@ -118,28 +163,39 @@ img4_tags:
|
|
118
163
|
alias:
|
119
164
|
- board-id
|
120
165
|
bstc:
|
121
|
-
description:
|
166
|
+
description: Base Sysetm Static Trust Cache
|
167
|
+
type: digest-object
|
168
|
+
subtype: trust-cache
|
122
169
|
bsys:
|
123
|
-
description:
|
170
|
+
description: Base System Seal Root Hash
|
171
|
+
type: digest-object
|
172
|
+
subtype: ssv-root-hash
|
124
173
|
CEPO:
|
125
174
|
description: |-
|
126
175
|
Certificate/Chip Epoch. This is a unit of roll-forward time (monotonic) that allows for any security issues
|
127
176
|
in the prior epoch to be fixed by a anti-rollback scheme.
|
177
|
+
nullable: true
|
178
|
+
type: boolean
|
128
179
|
alias:
|
129
180
|
- chip-epoch
|
130
181
|
cfel:
|
131
182
|
description:
|
132
183
|
chg0:
|
133
184
|
description: Charging Image 0
|
185
|
+
type: digest-object
|
186
|
+
subtype: graphic
|
134
187
|
faic:
|
135
188
|
description:
|
136
189
|
type: integer
|
137
190
|
default: 0
|
138
191
|
chg1:
|
139
192
|
description: Charging Image 1
|
193
|
+
type: digest-object
|
194
|
+
subtype: graphic
|
140
195
|
CHIP:
|
141
196
|
description: Unique identifier for a single Apple designed application processor
|
142
197
|
sharing the same GID key
|
198
|
+
type: integer
|
143
199
|
width: 2
|
144
200
|
nsph:
|
145
201
|
description: preboot splat manifest hash
|
@@ -151,14 +207,17 @@ img4_tags:
|
|
151
207
|
description:
|
152
208
|
cmsv:
|
153
209
|
description:
|
210
|
+
rans:
|
211
|
+
description: Restore Apple NAND Storage Firmware
|
212
|
+
type: digest-object
|
154
213
|
coih:
|
155
214
|
title: CustomOS Image4 Manifest Hash (coih)
|
156
215
|
description: >
|
157
216
|
The `coih` is an SHA384 hash of CustomOS Image4 manifest. The payload for that manifest is used
|
158
217
|
by iBoot (instead of the XNU kernel) to transfer control. Users change the `coih` value implicitly when
|
159
218
|
they use the `kmutil` configure-boot command-line tool in 1TR.
|
160
|
-
type:
|
161
|
-
subtype:
|
219
|
+
type: digest-object
|
220
|
+
subtype: IM4M
|
162
221
|
access:
|
163
222
|
write:
|
164
223
|
- 1TR
|
@@ -166,31 +225,71 @@ img4_tags:
|
|
166
225
|
description: Chip promotion fuse value (what is burned in)
|
167
226
|
alias:
|
168
227
|
- certificate-production-status
|
228
|
+
nullable: true
|
169
229
|
type: boolean
|
170
230
|
CSEC:
|
171
231
|
description: Burned-in chip security mode
|
232
|
+
type: boolean
|
233
|
+
nullable: true
|
172
234
|
alias:
|
173
235
|
- certificate-security-mode
|
174
236
|
csys:
|
175
|
-
description:
|
237
|
+
description: Install / Restore SSV Root Hash
|
238
|
+
type: digest-object
|
239
|
+
subtype: ssv-root-hash
|
176
240
|
dali:
|
177
241
|
description:
|
178
242
|
data:
|
179
243
|
description:
|
244
|
+
casy:
|
245
|
+
description: App Cryptex SSV Root Hash
|
246
|
+
type: digest-object
|
247
|
+
subtype: ssv-root-hash
|
248
|
+
roots:
|
249
|
+
- ExtraContent
|
250
|
+
cssy:
|
251
|
+
description: System Cryptex SSV Root Hash
|
252
|
+
type: digest-object
|
253
|
+
subtype: ssv-root-hash
|
254
|
+
roots:
|
255
|
+
- ExtraContent
|
180
256
|
DGST:
|
181
257
|
description: payload digest
|
182
258
|
diag:
|
183
259
|
description:
|
260
|
+
trca:
|
261
|
+
description:
|
262
|
+
type: digest-object
|
263
|
+
roots:
|
264
|
+
- ExtraContent
|
265
|
+
csos:
|
266
|
+
description:
|
267
|
+
type: digest-object
|
268
|
+
roots:
|
269
|
+
- ExtraContent
|
270
|
+
trcs:
|
271
|
+
description:
|
272
|
+
type: digest-object
|
273
|
+
roots:
|
274
|
+
- ExtraContent
|
184
275
|
disk:
|
185
276
|
description:
|
186
277
|
DPRO:
|
187
|
-
description:
|
278
|
+
description: Demote from Production Request
|
279
|
+
Value is used by TSS sever to issue EPRO values, or effective AP prodctuion state.
|
188
280
|
DSEC:
|
189
|
-
description:
|
281
|
+
description: Demote from Secure Request
|
282
|
+
Value is used by TSS server to issue ESEC values, or effective AP Security Mode should the
|
283
|
+
requester be authorized. These requests are not available to consumers, only to Apple Internal.
|
190
284
|
dtre:
|
191
285
|
description: device tree
|
286
|
+
type: digest-object
|
287
|
+
subtype: device-tree
|
192
288
|
dtrs:
|
193
289
|
description: device tree for recovery
|
290
|
+
type: digest-object
|
291
|
+
subtype: device-tree
|
292
|
+
recovery: true
|
194
293
|
ECID:
|
195
294
|
description: Exclusive chip identifier. This is burned into an eFuse at time
|
196
295
|
of manufacture and unique across all devices sharing the same CHIP
|
@@ -211,10 +310,16 @@ img4_tags:
|
|
211
310
|
description:
|
212
311
|
EKEY:
|
213
312
|
description: Effective chip promoted
|
313
|
+
nullable: false
|
314
|
+
type: boolean
|
214
315
|
EPRO:
|
215
316
|
description: Effective chip promotion / demotion state (if CPFM 03 this must be 0 to set ESEC)
|
216
317
|
alias:
|
217
318
|
- effective-production-status-ap
|
319
|
+
nullable: false
|
320
|
+
type: boolean
|
321
|
+
secb:
|
322
|
+
description: Sets a security value such as `trst` or the FDR signing trust object. "security blob?"
|
218
323
|
esca:
|
219
324
|
description:
|
220
325
|
hrlp:
|
@@ -231,6 +336,7 @@ img4_tags:
|
|
231
336
|
- macOS
|
232
337
|
esdm:
|
233
338
|
description: Extended Security Domain fuses
|
339
|
+
type: integer
|
234
340
|
alias:
|
235
341
|
- esdm-fuses
|
236
342
|
styp:
|
@@ -238,6 +344,42 @@ img4_tags:
|
|
238
344
|
type: u32
|
239
345
|
alias:
|
240
346
|
- cryptex subtype
|
347
|
+
roots:
|
348
|
+
- ExtraContent
|
349
|
+
acid:
|
350
|
+
stID:
|
351
|
+
description: Station IDentifier
|
352
|
+
AcID:
|
353
|
+
description: Apple Account DSID
|
354
|
+
type: integer
|
355
|
+
WSKU:
|
356
|
+
description: Wireless SKU
|
357
|
+
WMac:
|
358
|
+
description: Wireless MAC Address
|
359
|
+
TMac:
|
360
|
+
description: Thunderbolt MAC Address
|
361
|
+
manifest: true
|
362
|
+
BMac:
|
363
|
+
description: Bluetooth MAC Address
|
364
|
+
manifest: true
|
365
|
+
SrNm:
|
366
|
+
description: Unit Serial Number
|
367
|
+
manifest: true
|
368
|
+
ptrp:
|
369
|
+
snuf:
|
370
|
+
description: Staged next update firmware?
|
371
|
+
Regn:
|
372
|
+
description: Region Code
|
373
|
+
example: LL/A
|
374
|
+
type: string
|
375
|
+
manifest: true
|
376
|
+
Mod#:
|
377
|
+
CLHS:
|
378
|
+
HmCA:
|
379
|
+
FSCl:
|
380
|
+
ADCL:
|
381
|
+
clid:
|
382
|
+
hop0:
|
241
383
|
oppd:
|
242
384
|
description: Unknown, used by `stg1`/`sepi` - sha384 hash sized
|
243
385
|
ESEC:
|
@@ -247,25 +389,49 @@ img4_tags:
|
|
247
389
|
euou:
|
248
390
|
description: engineering use-only unit
|
249
391
|
clas:
|
250
|
-
description:
|
392
|
+
description: Class for Key / Object - Found in FDR objects
|
393
|
+
examples:
|
394
|
+
roots:
|
395
|
+
- ExtraContent
|
251
396
|
psmh:
|
252
397
|
description: previous stage manifest hash
|
398
|
+
|
253
399
|
fchp:
|
254
|
-
description: Cryptex1,ChipID
|
400
|
+
description: Cryptex1,ChipID - Mask
|
401
|
+
roots:
|
402
|
+
- ExtraContent
|
255
403
|
fdrs:
|
256
404
|
description:
|
405
|
+
rvok:
|
406
|
+
description: Trust object revocation list
|
407
|
+
trpk:
|
408
|
+
description: Trust public keys
|
409
|
+
rssl:
|
410
|
+
description: The valid CA used for secure communications with the FDR server to obtain the FDR objects. This
|
411
|
+
differs from the `trst` object as `rssl` is in transit and `trst` is at rest.
|
257
412
|
fdrt:
|
258
413
|
description:
|
259
414
|
file:
|
260
415
|
description:
|
261
416
|
fpgt:
|
262
417
|
description:
|
418
|
+
ftab:
|
419
|
+
description: >
|
420
|
+
Factory Trust - Auto Boot
|
421
|
+
FTAB images (used for devices such as AirPods, etc) are "hacktivated" or pre-APTicket'ed devices as they
|
422
|
+
lack either a restore connection, or persistet memory. Common early usage of this was the Heywire dongles
|
423
|
+
used for video conversion on the Mac. It was simplest for the device to lack NAND and simply receive the
|
424
|
+
firmware from a host on powerup. FTAB files are fully ready to run blobs often including RTKit OS based
|
425
|
+
memory images.
|
263
426
|
ftap:
|
264
|
-
description:
|
427
|
+
description: >
|
428
|
+
Factory Trust - Application Processor
|
429
|
+
type: hash
|
265
430
|
ftot:
|
266
|
-
description:
|
431
|
+
description: Factory Trust - Other
|
267
432
|
ftsp:
|
268
|
-
description:
|
433
|
+
description: Factory Trust - SEP
|
434
|
+
type: hash
|
269
435
|
fuos:
|
270
436
|
description: Fully Unsigned OS
|
271
437
|
gfxf:
|
@@ -273,7 +439,7 @@ img4_tags:
|
|
273
439
|
ging:
|
274
440
|
description:
|
275
441
|
glyc:
|
276
|
-
description:
|
442
|
+
description: Gyroscope Calibration
|
277
443
|
glyp:
|
278
444
|
description:
|
279
445
|
hash:
|
@@ -286,14 +452,36 @@ img4_tags:
|
|
286
452
|
description:
|
287
453
|
homr:
|
288
454
|
description:
|
289
|
-
|
290
|
-
|
455
|
+
cnch:
|
456
|
+
roots:
|
457
|
+
- ExtraContent
|
458
|
+
ndom:
|
459
|
+
roots:
|
460
|
+
- ExtraContent
|
461
|
+
pave:
|
462
|
+
description: XNU version string?
|
463
|
+
type: string
|
464
|
+
roots:
|
465
|
+
- ExtraContent
|
291
466
|
hypr:
|
292
467
|
description: Hypervisor
|
293
468
|
iBEC:
|
294
469
|
description: iBoot Epoch Change
|
295
|
-
|
470
|
+
ibot:
|
296
471
|
description: iBoot
|
472
|
+
ibdt:
|
473
|
+
description: iBoot Data
|
474
|
+
ibd1:
|
475
|
+
description: iBoot Data Stage 1
|
476
|
+
glyP:
|
477
|
+
ibss:
|
478
|
+
dven:
|
479
|
+
dcp2:
|
480
|
+
ciof:
|
481
|
+
batF:
|
482
|
+
ansf:
|
483
|
+
rfcg:
|
484
|
+
type: boolean
|
297
485
|
iBSS:
|
298
486
|
description: iBoot Second Stage
|
299
487
|
ienv:
|
@@ -315,19 +503,21 @@ img4_tags:
|
|
315
503
|
ispf:
|
316
504
|
description: Image Signal Processor Firmware
|
317
505
|
isys:
|
318
|
-
description:
|
506
|
+
description: Install System SSV Root Hash
|
319
507
|
itst:
|
320
508
|
description:
|
321
509
|
iuob:
|
322
510
|
description:
|
323
511
|
iuos:
|
324
|
-
description:
|
512
|
+
description: Internal Use Only Software
|
325
513
|
iuou:
|
326
|
-
description:
|
514
|
+
description: Internal Use Only Unit
|
327
515
|
kdlv:
|
328
516
|
description:
|
329
517
|
krnl:
|
330
518
|
description: Kernel
|
519
|
+
acdc:
|
520
|
+
description:
|
331
521
|
kuid:
|
332
522
|
title: Key encryption key (KEK) Group UUID (kuid)
|
333
523
|
description: >
|
@@ -348,7 +538,8 @@ img4_tags:
|
|
348
538
|
LNCH:
|
349
539
|
description:
|
350
540
|
lobo:
|
351
|
-
description: Local Boot
|
541
|
+
description: Local Boot Object. Indicates that the object is to be used as the target of a local boot only
|
542
|
+
and not provided by the server for remote / DFU boots.
|
352
543
|
logo:
|
353
544
|
description: Apple logo image
|
354
545
|
love:
|
@@ -363,16 +554,25 @@ img4_tags:
|
|
363
554
|
- 1TR
|
364
555
|
- recoveryOS
|
365
556
|
- macOS
|
557
|
+
roots:
|
558
|
+
- ManifestKey-DataCenter
|
366
559
|
prtp:
|
367
560
|
description: Product ID String
|
368
561
|
type: string
|
369
562
|
example: iPhone16,2
|
563
|
+
roots:
|
564
|
+
- ManifestKey-DataCenter
|
370
565
|
sdkp:
|
371
|
-
description:
|
566
|
+
description: SDK for Product
|
372
567
|
type: string
|
373
|
-
|
568
|
+
roots:
|
569
|
+
- ManifestKey-DataCenter
|
570
|
+
values:
|
571
|
+
- iphoneos
|
572
|
+
- macos
|
374
573
|
lphp:
|
375
574
|
description:
|
575
|
+
mspr:
|
376
576
|
lpnh:
|
377
577
|
title: LocalPolicy Nonce Hash (lpnh)
|
378
578
|
description: >
|
@@ -401,7 +601,7 @@ img4_tags:
|
|
401
601
|
magg:
|
402
602
|
description:
|
403
603
|
MANB:
|
404
|
-
description:
|
604
|
+
description: Manifest B
|
405
605
|
MANP:
|
406
606
|
description: Manifest Payload
|
407
607
|
manx:
|
@@ -421,7 +621,7 @@ img4_tags:
|
|
421
621
|
msec:
|
422
622
|
description:
|
423
623
|
msys:
|
424
|
-
description:
|
624
|
+
description: Merkle Tree Metadata for System Disk
|
425
625
|
mtfw:
|
426
626
|
description:
|
427
627
|
name:
|
@@ -433,7 +633,8 @@ img4_tags:
|
|
433
633
|
nsrv:
|
434
634
|
description:
|
435
635
|
OBJP:
|
436
|
-
description:
|
636
|
+
description: Object Properties - Values that may be assigned per "object" (firmawres) that contain a `DGST`
|
637
|
+
type: sequence
|
437
638
|
omer:
|
438
639
|
description:
|
439
640
|
ooth:
|
@@ -462,6 +663,8 @@ img4_tags:
|
|
462
663
|
description:
|
463
664
|
pmpf:
|
464
665
|
description: Power Management Processor Firmware
|
666
|
+
type: digest-object
|
667
|
+
subtype:
|
465
668
|
pndp:
|
466
669
|
description:
|
467
670
|
prot:
|
@@ -472,8 +675,8 @@ img4_tags:
|
|
472
675
|
over time (because nonces like lpnh are frequently updated). The prot field, which is found only in each
|
473
676
|
macOS LocalPolicy, provides a pairing to indicate the recoveryOS LocalPolicy that corresponds to the
|
474
677
|
macOS LocalPolicy.
|
475
|
-
type:
|
476
|
-
subtype:
|
678
|
+
type: digest-object
|
679
|
+
subtype: trust-measurement
|
477
680
|
access:
|
478
681
|
write:
|
479
682
|
- 1TR
|
@@ -481,18 +684,25 @@ img4_tags:
|
|
481
684
|
- macOS
|
482
685
|
rbmt:
|
483
686
|
description:
|
687
|
+
mtpf:
|
484
688
|
rddg:
|
485
689
|
description:
|
486
690
|
rdsk:
|
487
|
-
description: Restore Disk Image
|
691
|
+
description: Restore Disk Image / ramdisk
|
488
692
|
rdtr:
|
489
693
|
description:
|
490
694
|
recm:
|
491
695
|
description:
|
696
|
+
rcfg:
|
697
|
+
description: >
|
698
|
+
Appears in certificates issues by factory such as `T6031-SDOM1-TssLive-ManifestKey-RevA-Factory`.
|
699
|
+
Potentially indicates that the policy is for a recovery boot only.
|
700
|
+
type: boolean
|
492
701
|
rfta:
|
493
702
|
description:
|
494
703
|
rfts:
|
495
704
|
description:
|
705
|
+
rdcp:
|
496
706
|
rkrn:
|
497
707
|
description: restore kernel
|
498
708
|
rlgo:
|
@@ -501,6 +711,7 @@ img4_tags:
|
|
501
711
|
description:
|
502
712
|
rolp:
|
503
713
|
description: recoveryOS local policy
|
714
|
+
type: boolean
|
504
715
|
ronh:
|
505
716
|
title: recoveryOS Nonce Hash (ronh)
|
506
717
|
description: >
|
@@ -533,6 +744,8 @@ img4_tags:
|
|
533
744
|
change the nsih value implicitly when they perform a software update.
|
534
745
|
type: binary
|
535
746
|
subtype: sha2-384
|
747
|
+
context:
|
748
|
+
lpol:
|
536
749
|
access:
|
537
750
|
write:
|
538
751
|
- 1TR
|
@@ -541,9 +754,10 @@ img4_tags:
|
|
541
754
|
spih:
|
542
755
|
description: Cryptex1 Image4 Hash
|
543
756
|
stng:
|
544
|
-
description: Cryptex1 Generation
|
757
|
+
description: Cryptex1 Generation / Cryptex type?
|
545
758
|
auxh:
|
546
759
|
description: User Authorized Kext List Hash
|
760
|
+
context:
|
547
761
|
rpnh:
|
548
762
|
title: Remote Policy Nonce Hash (rpnh)
|
549
763
|
description: >
|
@@ -559,15 +773,19 @@ img4_tags:
|
|
559
773
|
- macOS
|
560
774
|
RSCH:
|
561
775
|
description: Research mode
|
776
|
+
rcio:
|
777
|
+
description: Restore CIO
|
562
778
|
fgpt:
|
563
|
-
description: factory pre-release
|
779
|
+
description: factory glob al pre-release trust
|
564
780
|
UDID:
|
565
781
|
description: universal device identifier
|
566
782
|
rsch:
|
567
783
|
description: research mode
|
568
784
|
vnum:
|
569
|
-
description:
|
785
|
+
description: Version Number - Update Maximum
|
570
786
|
type: string
|
787
|
+
roots:
|
788
|
+
- ExtraContent
|
571
789
|
rsep:
|
572
790
|
description: Restore SEP Image, paired with oppd/tbms
|
573
791
|
type: string
|
@@ -622,21 +840,21 @@ img4_tags:
|
|
622
840
|
slvn:
|
623
841
|
description:
|
624
842
|
smb0:
|
625
|
-
description: Secure Multi-Boot 0 - Security Mode - Full Security, Reduced, Disabled
|
843
|
+
description: Secure Multi-Boot 0 - Security Mode - Full Security, Reduced, Disabled - Setting to 1 sets to reduced
|
626
844
|
smb1:
|
627
|
-
description: Secure Multi-Boot 1
|
845
|
+
description: Secure Multi-Boot 1 - Setting to 1 allows Permissive
|
628
846
|
smb2:
|
629
847
|
description: Secure Multi-Boot 2 - 3rd Party Kexts Status
|
630
848
|
smb3:
|
631
849
|
description: Secure Multi-Boot 3 - User-allowed MDM Control
|
632
850
|
smb4:
|
633
851
|
description: Secure Multi-Boot 3 - DEP-allowed MDM Control
|
852
|
+
smb5:
|
853
|
+
description: Unknown - but known to exist in Factory signing
|
634
854
|
SNON:
|
635
855
|
description: SEP Nonce
|
636
856
|
snon:
|
637
857
|
description: SEP Nonce
|
638
|
-
snuf:
|
639
|
-
description:
|
640
858
|
srnm:
|
641
859
|
description:
|
642
860
|
ster:
|
@@ -644,12 +862,14 @@ img4_tags:
|
|
644
862
|
svrn:
|
645
863
|
description: Server nonce
|
646
864
|
tbmr:
|
647
|
-
description: Trusted Boot Measurement (Root?)
|
865
|
+
description: Trusted Boot Measurement (Recovery/Root?)
|
648
866
|
tbms:
|
649
867
|
description: Trusted Boot Measurement (Signature?)
|
650
868
|
notes: Likely encrypted by the SEP and opaque to the AP
|
651
869
|
tatp:
|
652
|
-
description: Board Name (such as d84)
|
870
|
+
description: Board Name (such as d84) - Target AP Test
|
871
|
+
roots:
|
872
|
+
- ManifestKey-DataCenter
|
653
873
|
tery:
|
654
874
|
description:
|
655
875
|
test:
|
@@ -657,11 +877,19 @@ img4_tags:
|
|
657
877
|
tics:
|
658
878
|
description:
|
659
879
|
trst:
|
660
|
-
description: Trust
|
880
|
+
description: Trust Object
|
661
881
|
tsys:
|
662
882
|
description:
|
663
883
|
type:
|
664
884
|
description: Cryptex Type
|
885
|
+
type: integer
|
886
|
+
roots:
|
887
|
+
- ExtraContent
|
888
|
+
caos:
|
889
|
+
description:
|
890
|
+
type: digest-object
|
891
|
+
root:
|
892
|
+
- ExtraContent
|
665
893
|
ucer:
|
666
894
|
description: User Cert
|
667
895
|
ucon:
|
@@ -671,6 +899,8 @@ img4_tags:
|
|
671
899
|
uidm:
|
672
900
|
description:
|
673
901
|
type: boolean
|
902
|
+
roots:
|
903
|
+
- ManifestKey-DataCenter
|
674
904
|
vice:
|
675
905
|
description:
|
676
906
|
vkdl:
|
@@ -689,6 +919,9 @@ img4_tags:
|
|
689
919
|
- macOS
|
690
920
|
ware:
|
691
921
|
description:
|
922
|
+
sski:
|
923
|
+
description: SHA2 os some kind
|
924
|
+
type: binary
|
692
925
|
inst:
|
693
926
|
descryption: The key or file to install
|
694
927
|
wchf:
|
data/share/pki.yaml
CHANGED
@@ -5,10 +5,10 @@ metadata:
|
|
5
5
|
certificate_names:
|
6
6
|
dcrt: device certificate
|
7
7
|
dcrt-oid: device owner certificate
|
8
|
-
lcrt:
|
8
|
+
lcrt: Lynx / Secure Storage for SEP Certificate
|
9
9
|
pcrt: product/production certificate?
|
10
10
|
rcrt: remote/recovery certificate?
|
11
|
-
scrt:
|
11
|
+
scrt: SEP Certificate
|
12
12
|
tcrt: test certificate?
|
13
13
|
ucrt: user certificate (mapps to a single iCloud account)
|
14
14
|
vcrt: virtual certificate?
|
@@ -47,17 +47,23 @@ oids:
|
|
47
47
|
example:
|
48
48
|
PUT/FSCl:sik-FXFYFXFFYFFEX-QQRRRDEETFEFYCEIESLIREILCILESCLSELRESERSER
|
49
49
|
- oid: 1.2.840.113635.100.6.1.15
|
50
|
+
name: TSS Signing Delegation Constraints
|
50
51
|
description:
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
52
|
+
Constriction on values that can be specified or signed by this certificate. Conatins two sub-sequesnces, the MANP (Manifest Properties)
|
53
|
+
and the OBJP (Object Properties). Manifest properties are at the issued IM4M, and object properties are per signed object (firmware).
|
54
|
+
Values of NULL mean tha tthis certificate can sign any value for that property, values that are set are values that must be signed
|
55
|
+
with that value by this certificate. This is how for example `T6031-SDOM1` is enforced. The certificate for that set of servers
|
56
|
+
have a null value for ECID (meaning it can be used for any ECID) and have fixed values for CHIP / Security Domain SDOM.
|
57
|
+
|
58
|
+
This is how Live TSS for customers differs from factory signing in what properties it can include. Factory only manifest properties
|
59
|
+
include `augs`, `uidm`
|
55
60
|
found_in:
|
56
61
|
- ucrt
|
57
62
|
- dcrt-oid
|
58
63
|
issuers:
|
59
64
|
- Basic Attestation User Sub CA2
|
60
65
|
- FDRDC-UCRT-SUBCA
|
66
|
+
- T6031-SDOM1-TssLive-ManifestKey-RevA-Factory
|
61
67
|
ous:
|
62
68
|
- BAA Certification
|
63
69
|
- ucrt Leaf Certificate
|
@@ -80,7 +86,7 @@ oids:
|
|
80
86
|
- oid: 1.2.840.113635.100.7.1.1
|
81
87
|
apple_description: 'Apple FairPlay certificate extended Application Authentication & Authorization: Policy'
|
82
88
|
- oid: 1.2.840.113635.100.8.4
|
83
|
-
description:
|
89
|
+
description: Contains a sequence of integer values. Some are 0, some are 1, others appear to be int32 bitmasks.
|
84
90
|
is_asn_body: true
|
85
91
|
is_extension: true
|
86
92
|
found_in:
|
@@ -91,6 +97,7 @@ oids:
|
|
91
97
|
ous:
|
92
98
|
- BAA Certification
|
93
99
|
- oid: 1.2.840.113635.100.8.5
|
100
|
+
description: Similar in nature to `1.2.840.113635.100.8.4`. Non-integer values observed of `ssca`.
|
94
101
|
is_asn_body: true
|
95
102
|
is_extension: true
|
96
103
|
found_in:
|
@@ -190,3 +197,28 @@ known_symbols:
|
|
190
197
|
- _oidAppleTVOSApplicationSigningProdQA
|
191
198
|
roots:
|
192
199
|
FDR-CA1-ROOT-CM:
|
200
|
+
FDR-DC-SSL-ROOT:
|
201
|
+
FDR Sealing Server CA 1:
|
202
|
+
subordinate_cas:
|
203
|
+
FDR-SS-CM-E1:
|
204
|
+
Basic Attestation User Root CA:
|
205
|
+
subordinate_cas:
|
206
|
+
Basic Attestation User Sub CA2:
|
207
|
+
description:
|
208
|
+
Issues `ucrt` subordinate CA's that are used for user level signing. Under this `BAA Certification`
|
209
|
+
certs are issued.
|
210
|
+
Apple Secure Boot Root CA - G6:
|
211
|
+
subordinate_cas:
|
212
|
+
T6031-SDOM1-RecoveryBoot-RevA-Factory:
|
213
|
+
description:
|
214
|
+
T6031-SDOM1-TssLive-ManifestKey-RevA-Factory:
|
215
|
+
Apple X86 Secure Boot Root CA - G1:
|
216
|
+
subject_key_id: 301680147D73CE0A3B41A1A352D2B1141EF6F5B4DD76E6E8
|
217
|
+
subordinate_cas:
|
218
|
+
T6031-SDOM1-TssLive-ManifestKey-Global-RevA-DataCenter:
|
219
|
+
subject_key_id: 0414D8B9E3E9C4A1C542ECB72FC2CF0C2F861E1B3EEF
|
220
|
+
Apple Extra Content Global Root CA - G1:
|
221
|
+
subject_key_id: 30168014AA63251D082C72A381536C94D2864995881CB0D0
|
222
|
+
subordinate_cas:
|
223
|
+
ZFF10-SDOM1-TssLive-ManifestKey-ExtraContent-Global-RevA-DataCenter:
|
224
|
+
subject_key_id: 041442FEAB470561CE2A7471B55AC0D81AB7536F4B36
|
data/share/terms.yaml
CHANGED
@@ -11,12 +11,40 @@ terms:
|
|
11
11
|
description:
|
12
12
|
aop:
|
13
13
|
- title: Always-On Processor
|
14
|
+
AID:
|
15
|
+
- title: Apple ID
|
16
|
+
AltDSID:
|
17
|
+
DvF:
|
18
|
+
nbAc:
|
19
|
+
- title: Nearby Action
|
20
|
+
nbIF:
|
21
|
+
- title: Nearby Interface Type
|
22
|
+
DsFl:
|
23
|
+
AMfD:
|
24
|
+
nbAf:
|
25
|
+
DSID:
|
26
|
+
MRI:
|
27
|
+
MRtI:
|
28
|
+
IDS:
|
29
|
+
- title: Identity Services
|
30
|
+
RSSI:
|
31
|
+
- title: Receive Signal Stength Indicator
|
32
|
+
XPC:
|
33
|
+
RemoteXPC:
|
34
|
+
eOS:
|
35
|
+
- title: embeddedOS (Touch Bar OS for T1)
|
36
|
+
bridgeOS:
|
37
|
+
- title: bridgeOS (Touch Bar / Security OS for T2)
|
14
38
|
AP:
|
15
39
|
- title: Application Processor
|
16
40
|
aps:
|
17
41
|
see:
|
18
42
|
- apns
|
19
43
|
APTicket:
|
44
|
+
Md:
|
45
|
+
- title: Model
|
46
|
+
Nm:
|
47
|
+
- title: User Assigned Name
|
20
48
|
mach:
|
21
49
|
tfp0:
|
22
50
|
gcd:
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apple-data
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.605
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rick Mark
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-02-
|
11
|
+
date: 2024-02-19 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: |2
|
14
14
|
This package includes machine readable data about Apple platforms maintained by hack-different.
|