apple-data 1.0.607 → 1.0.608

Sign up to get free protection for your applications and to get access to all the features.
data/share/img4.yaml CHANGED
@@ -4,39 +4,51 @@ metadata:
4
4
  credits:
5
5
  types:
6
6
  digest-object:
7
- description: Digest Objects are Firmare or Other Hashable Datastreams.
8
- They will exist in NOR, Disk, or be received over USB. These objects
9
- will contain a `DGST` value that is the cryptographic hash of the contents.
10
- They can contain additional properties per object, some of which are standard
11
- and others that are object specific.
7
+ description: Digest Objects are Firmare or Other Hashable Datastreams. They will
8
+ exist in NOR, Disk, or be received over USB. These objects will contain a `DGST`
9
+ value that is the cryptographic hash of the contents. They can contain additional
10
+ properties per object, some of which are standard and others that are object
11
+ specific.
12
12
  common_properties:
13
- ESEC: Effective Security Mode - The security mode after evaluating the chip and any demotion request
14
- EPRO: Effective Production Mode - The peoduction mode after evaluating the chip production and demotation request
15
- EKEY: Effective Key Access - The effective access to teh SEP, used to protect data during demotion
13
+ ESEC: Effective Security Mode - The security mode after evaluating the chip
14
+ and any demotion request
15
+ EPRO: Effective Production Mode - The peoduction mode after evaluating the chip
16
+ production and demotation request
17
+ EKEY: Effective Key Access - The effective access to teh SEP, used to protect
18
+ data during demotion
16
19
  subtypes:
17
20
  local-boot-object:
18
21
  trust-measurement:
19
- description: A trust measurement is requested from the processor to ensure that
20
- the boot flow has not changed since a prior time that measurement was taken.
21
- To date the trust measurement is commonly found on SEP firmware images.
22
+ description: A trust measurement is requested from the processor to ensure
23
+ that the boot flow has not changed since a prior time that measurement was
24
+ taken. To date the trust measurement is commonly found on SEP firmware images.
22
25
  ssv-root-hash:
23
- description: Root Hash values are used to validate the Signature of an APFS Signed
24
- volume or snapshot. They will be paired to a coresponding disk image. Some also
25
- are paired with `ssv-merkle-tree` which includes the metadata for the volume.
26
+ description: Root Hash values are used to validate the Signature of an APFS
27
+ Signed volume or snapshot. They will be paired to a coresponding disk image. Some
28
+ also are paired with `ssv-merkle-tree` which includes the metadata for the
29
+ volume.
26
30
  trust-cache:
27
31
  img4-disk-image:
28
- description: Disk images are often signed IMG4 payloads used for USB boot or as the
29
- arm64BaseSystem.dmg. IMG4 is used for smaller disk images that can be entirely
30
- validated "single shot" unlike larger disks which use SSV and validate on read.
32
+ description: Disk images are often signed IMG4 payloads used for USB boot
33
+ or as the arm64BaseSystem.dmg. IMG4 is used for smaller disk images that
34
+ can be entirely validated "single shot" unlike larger disks which use SSV
35
+ and validate on read.
31
36
  img4_tags:
37
+ acdc:
38
+ description:
32
39
  acfw:
33
40
  description:
34
41
  ache:
35
42
  description:
36
43
  acib:
37
44
  description:
45
+ AcID:
46
+ description: Apple Account DSID
47
+ type: integer
48
+ acid:
38
49
  aciw:
39
50
  description:
51
+ ADCL:
40
52
  ader:
41
53
  description:
42
54
  agfi:
@@ -44,9 +56,9 @@ img4_tags:
44
56
  almo:
45
57
  description: Some internal iBootable image. Unknown purpose
46
58
  AMNM:
47
- description: allow mix-n-match
48
- When set to true, img4s can be any valid signed version, allowing for unusual AP tickets where some
49
- components may be from a prior verson
59
+ description: allow mix-n-match When set to true, img4s can be any valid signed
60
+ version, allowing for unusual AP tickets where some components may be from a
61
+ prior verson
50
62
  type: boolean
51
63
  anef:
52
64
  description: Apple Neural Engine Firmware
@@ -55,6 +67,7 @@ img4_tags:
55
67
  - ManifestKey-DataCenter
56
68
  anrd:
57
69
  description:
70
+ ansf:
58
71
  aofi:
59
72
  description:
60
73
  aopf:
@@ -71,64 +84,79 @@ img4_tags:
71
84
  auac:
72
85
  description:
73
86
  aubt:
74
- description: Auxiliary
87
+ description: Audio Boot Chime
75
88
  augs:
76
- description:
77
- Auxiliary User System Image
78
- Included in APTicket CA extensions, as well as factory manifests.
89
+ description: Auxiliary System Image Included in APTicket CA extensions, as well
90
+ as factory manifests. All cryptex manifests, and APTickets other then the root
91
+ APTicket (the one that is used directly from NOR) have this set to 1, indidcating
92
+ that it is an an addition or replacement to APTicket, but only if authroized. It
93
+ also seems to travel with `aubt` and `aupr`
79
94
  roots:
80
- - ExtraContent
81
- - ManifestKey
95
+ - ExtraContent
96
+ - ManifestKey
82
97
  aupr:
83
- description:
98
+ description: Audio Power Attach Chime
99
+ auxh:
100
+ description: User Authorized Kext List Hash
101
+ context:
84
102
  auxi:
85
- title: Auxiliary Kernel Collection (AuxKC) Image4 Manifest Hash (`auxi`)
86
- description: >
87
- After the system verifies that the UAKL hash matches what’s found in the `auxp` field of the
88
- LocalPolicy, it requests that the AuxKC be signed by the Secure Enclave processor application that’s
89
- responsible for LocalPolicy signing. Next, an SHA384 hash of the AuxKC Image4 manifest signature is placed
90
- into the LocalPolicy to avoid the potential for mixing and matching previously signed AuxKCs to an operating
91
- system at boot time. If iBoot finds the auxi field in the LocalPolicy, it attempts to load the AuxKC from
92
- storage and validate its signature. It also verifies that the hash of the Image4 manifest attached to the
93
- AuxKC matches the value found in the auxi field. If the AuxKC fails to load for any reason, the system
94
- continues to boot without this boot object and (so) without any third-party kexts loaded. The auxp field
95
- is a prerequisite for setting the auxi field in the LocalPolicy. Users change the auxi value implicitly
96
- when they change the UAKL by approving a kext from the Security & Privacy pane in System Preferences.
97
- type: binary
98
- subtype: sha2-384
103
+ title: Auxiliary Image4 Manifest Hash (`auxi`)
104
+ description: 'After the system verifies that the UAKL hash matches what’s found
105
+ in the `auxp` field of the LocalPolicy, it requests that the AuxKC be signed
106
+ by the Secure Enclave processor application that’s responsible for LocalPolicy
107
+ signing. Next, an SHA384 hash of the AuxKC Image4 manifest signature is placed
108
+ into the LocalPolicy to avoid the potential for mixing and matching previously
109
+ signed AuxKCs to an operating system at boot time. If iBoot finds the auxi field
110
+ in the LocalPolicy, it attempts to load the AuxKC from storage and validate
111
+ its signature. It also verifies that the hash of the Image4 manifest attached
112
+ to the AuxKC matches the value found in the auxi field. If the AuxKC fails to
113
+ load for any reason, the system continues to boot without this boot object and
114
+ (so) without any third-party kexts loaded. The auxp field is a prerequisite
115
+ for setting the auxi field in the LocalPolicy. Users change the auxi value implicitly
116
+ when they change the UAKL by approving a kext from the Security & Privacy pane
117
+ in System Preferences.
118
+
119
+ '
120
+ type: digest-object
121
+ subtype: manifest
99
122
  access:
100
123
  write:
101
- - macOS
124
+ - macOS
102
125
  auxk:
103
126
  description: Auxiliary Kernel Cache
104
127
  auxp:
105
- title: Auxiliary Kernel Collection (AuxKC) Policy Hash (auxp)
106
- description: >
107
- The `auxp` is an SHA384 hash of the user-authorized kext list (UAKL) policy. This is used at
108
- AuxKC generation time to help ensure that only user-authorized kexts are included in the AuxKC. `smb2`
109
- is a prerequisite for setting this field. Users change the `auxp` value implicitly when they change the
110
- UAKL by approving a kext from the Security & Privacy pane in System Preferences.
128
+ title: Auxiliary Policy Hash (auxp)
129
+ description: 'The `auxp` is an SHA384 hash of the user-authorized kext list (UAKL)
130
+ policy. This is used at AuxKC generation time to help ensure that only user-authorized
131
+ kexts are included in the AuxKC. `smb2` is a prerequisite for setting this field.
132
+ Users change the `auxp` value implicitly when they change the UAKL by approving
133
+ a kext from the Security & Privacy pane in System Preferences.
134
+
135
+ '
111
136
  type: binary
112
137
  subtype: sha2-384
113
138
  access:
114
139
  write:
115
- - macOS
140
+ - macOS
116
141
  auxr:
117
142
  title: Auxiliary Kernel Collection (AuxKC) Receipt Hash (auxr)
118
- description: >
119
- The `auxr` is an SHA384 hash of the AuxKC receipt, which indicates the exact set of kexts that
120
- were included into the AuxKC. The AuxKC receipt can be a subset of the UAKL, because kexts can be excluded
121
- from the AuxKC even if they’re user authorized if they’re known to be used for attacks. In addition,
122
- some kexts that can be used to break the user-kernel boundary may lead to decreased functionality,
123
- such as an inability to use Apple Pay or play 4K and HDR content. Users who want these capabilities
124
- opt in to a more restrictive AuxKC inclusion. The auxp field is a prerequisite for setting the auxr
125
- field in the LocalPolicy. Users change the auxr value implicitly when they build a new AuxKC from
126
- the Security & Privacy pane in System Preferences.
143
+ description: 'The `auxr` is an SHA384 hash of the AuxKC receipt, which indicates
144
+ the exact set of kexts that were included into the AuxKC. The AuxKC receipt
145
+ can be a subset of the UAKL, because kexts can be excluded from the AuxKC even
146
+ if they’re user authorized if they’re known to be used for attacks. In addition,
147
+ some kexts that can be used to break the user-kernel boundary may lead to decreased
148
+ functionality, such as an inability to use Apple Pay or play 4K and HDR content.
149
+ Users who want these capabilities opt in to a more restrictive AuxKC inclusion.
150
+ The auxp field is a prerequisite for setting the auxr field in the LocalPolicy.
151
+ Users change the auxr value implicitly when they build a new AuxKC from the
152
+ Security & Privacy pane in System Preferences.
153
+
154
+ '
127
155
  type: digest-object
128
156
  subtype: sha2-384
129
157
  access:
130
158
  write:
131
- - macOS
159
+ - macOS
132
160
  avef:
133
161
  description: AV Encryption (DRM) Firmware
134
162
  type: digest-object
@@ -140,18 +168,19 @@ img4_tags:
140
168
  description: battery image 1
141
169
  batf:
142
170
  description: battery full image
171
+ batF:
143
172
  BLDS:
144
173
  description:
145
- prid:
146
- description: Encrypted Private Key / Private Key Info
147
174
  bles:
148
175
  description:
149
- rtmu:
150
- description: Restore TMU for AP
151
- type: digest-object
152
- recovery: true
176
+ BMac:
177
+ description: Bluetooth MAC Address
178
+ manifest: true
153
179
  BNCH:
154
- description: Boot Nonce Hash - based on the values of com.apple.System.boot-nonces
180
+ title: Boot Nonce Hash
181
+ description: Based on the values of com.apple.System.boot-nonces
182
+ type: nonce
183
+ subtype:
155
184
  BORD:
156
185
  description: |-
157
186
  The board the chip is attached to. With iPhones/iPads this is the variation between device sizes (occasionally
@@ -161,15 +190,31 @@ img4_tags:
161
190
  With the T2 this value is unique to all MacBooks with the T2.
162
191
  type: integer
163
192
  alias:
164
- - board-id
193
+ - board-id
165
194
  bstc:
166
- description: Base Sysetm Static Trust Cache
195
+ title: Base Sysetm Trust Cache
196
+ description: 'The Base System Trust Cache is the static trust cache (a file containing
197
+ a list of CDHashes that is to be trusted and executed at platform trust.) that
198
+ coresponds to the Base System (typically arm64BaseSystem.dmg).
199
+
200
+ '
167
201
  type: digest-object
168
202
  subtype: trust-cache
169
203
  bsys:
170
- description: Base System Seal Root Hash
204
+ title: Base System Root Hash
205
+ type: digest-object
206
+ subtype: ssv-root-hash
207
+ caos:
208
+ description:
209
+ type: digest-object
210
+ root:
211
+ - ExtraContent
212
+ casy:
213
+ description: App Cryptex SSV Root Hash
171
214
  type: digest-object
172
215
  subtype: ssv-root-hash
216
+ roots:
217
+ - ExtraContent
173
218
  CEPO:
174
219
  description: |-
175
220
  Certificate/Chip Epoch. This is a unit of roll-forward time (monotonic) that allows for any security issues
@@ -177,17 +222,13 @@ img4_tags:
177
222
  nullable: true
178
223
  type: boolean
179
224
  alias:
180
- - chip-epoch
225
+ - chip-epoch
181
226
  cfel:
182
227
  description:
183
228
  chg0:
184
229
  description: Charging Image 0
185
230
  type: digest-object
186
231
  subtype: graphic
187
- faic:
188
- description:
189
- type: integer
190
- default: 0
191
232
  chg1:
192
233
  description: Charging Image 1
193
234
  type: digest-object
@@ -197,34 +238,44 @@ img4_tags:
197
238
  sharing the same GID key
198
239
  type: integer
199
240
  width: 2
200
- nsph:
201
- description: preboot splat manifest hash
202
241
  CHMH:
203
- description: chained manifest hash
242
+ title: Chained Manifest Hash
243
+ description: Appears in manfiest / APTickets where the ticket is chained from
244
+ another via `nish` or `nsph`.
245
+ ciof:
204
246
  cker:
205
247
  description:
206
248
  ckih:
207
249
  description:
250
+ clas:
251
+ description: Class for Key / Object - Found in FDR objects
252
+ examples:
253
+ roots:
254
+ - ExtraContent
255
+ CLHS:
256
+ clid:
208
257
  cmsv:
209
258
  description:
210
- rans:
211
- description: Restore Apple NAND Storage Firmware
212
- type: digest-object
259
+ cnch:
260
+ roots:
261
+ - ExtraContent
213
262
  coih:
214
263
  title: CustomOS Image4 Manifest Hash (coih)
215
- description: >
216
- The `coih` is an SHA384 hash of CustomOS Image4 manifest. The payload for that manifest is used
217
- by iBoot (instead of the XNU kernel) to transfer control. Users change the `coih` value implicitly when
218
- they use the `kmutil` configure-boot command-line tool in 1TR.
264
+ description: 'The `coih` is an SHA384 hash of CustomOS Image4 manifest. The payload
265
+ for that manifest is used by iBoot (instead of the XNU kernel) to transfer control.
266
+ Users change the `coih` value implicitly when they use the `kmutil` configure-boot
267
+ command-line tool in 1TR.
268
+
269
+ '
219
270
  type: digest-object
220
271
  subtype: IM4M
221
272
  access:
222
273
  write:
223
- - 1TR
274
+ - 1TR
224
275
  CPRO:
225
276
  description: Chip promotion fuse value (what is burned in)
226
277
  alias:
227
- - certificate-production-status
278
+ - certificate-production-status
228
279
  nullable: true
229
280
  type: boolean
230
281
  CSEC:
@@ -232,19 +283,10 @@ img4_tags:
232
283
  type: boolean
233
284
  nullable: true
234
285
  alias:
235
- - certificate-security-mode
236
- csys:
237
- description: Install / Restore SSV Root Hash
238
- type: digest-object
239
- subtype: ssv-root-hash
240
- dali:
241
- description:
242
- data:
286
+ - certificate-security-mode
287
+ csos:
243
288
  description:
244
- casy:
245
- description: App Cryptex SSV Root Hash
246
289
  type: digest-object
247
- subtype: ssv-root-hash
248
290
  roots:
249
291
  - ExtraContent
250
292
  cssy:
@@ -253,34 +295,28 @@ img4_tags:
253
295
  subtype: ssv-root-hash
254
296
  roots:
255
297
  - ExtraContent
298
+ csys:
299
+ description: Install / Restore SSV Root Hash
300
+ type: digest-object
301
+ subtype: ssv-root-hash
302
+ dali:
303
+ description:
304
+ data:
305
+ description:
306
+ dcp2:
256
307
  DGST:
257
308
  description: payload digest
258
309
  diag:
259
310
  description:
260
- trca:
261
- description:
262
- type: digest-object
263
- roots:
264
- - ExtraContent
265
- csos:
266
- description:
267
- type: digest-object
268
- roots:
269
- - ExtraContent
270
- trcs:
271
- description:
272
- type: digest-object
273
- roots:
274
- - ExtraContent
275
311
  disk:
276
312
  description:
277
313
  DPRO:
278
- description: Demote from Production Request
279
- Value is used by TSS sever to issue EPRO values, or effective AP prodctuion state.
314
+ description: Demote from Production Request Value is used by TSS sever to issue
315
+ EPRO values, or effective AP prodctuion state.
280
316
  DSEC:
281
- description: Demote from Secure Request
282
- Value is used by TSS server to issue ESEC values, or effective AP Security Mode should the
283
- requester be authorized. These requests are not available to consumers, only to Apple Internal.
317
+ description: Demote from Secure Request Value is used by TSS server to issue ESEC
318
+ values, or effective AP Security Mode should the requester be authorized. These
319
+ requests are not available to consumers, only to Apple Internal.
284
320
  dtre:
285
321
  description: device tree
286
322
  type: digest-object
@@ -290,6 +326,7 @@ img4_tags:
290
326
  type: digest-object
291
327
  subtype: device-tree
292
328
  recovery: true
329
+ dven:
293
330
  ECID:
294
331
  description: Exclusive chip identifier. This is burned into an eFuse at time
295
332
  of manufacture and unique across all devices sharing the same CHIP
@@ -313,119 +350,57 @@ img4_tags:
313
350
  nullable: false
314
351
  type: boolean
315
352
  EPRO:
316
- description: Effective chip promotion / demotion state (if CPFM 03 this must be 0 to set ESEC)
353
+ description: Effective chip promotion / demotion state (if CPFM 03 this must be
354
+ 0 to set ESEC)
317
355
  alias:
318
- - effective-production-status-ap
356
+ - effective-production-status-ap
319
357
  nullable: false
320
358
  type: boolean
321
- secb:
322
- description: Sets a security value such as `trst` or the FDR signing trust object. "security blob?"
323
359
  esca:
324
360
  description:
325
- hrlp:
326
- title: Has Secure Enclave Signed recoveryOS Local Policy (hrlp)
327
- description: >
328
- The `hrlp` indicates whether or not the `prot` value is the measurement of a Secure Enclave–signed
329
- recoveryOS LocalPolicy. If not, then the recoveryOS LocalPolicy is signed by the Apple online signing server,
330
- which signs things such as macOS Image4 files.
331
- type: boolean
332
- access:
333
- write:
334
- - 1TR
335
- - recoveryOS
336
- - macOS
337
361
  esdm:
338
362
  description: Extended Security Domain fuses
339
363
  type: integer
340
364
  alias:
341
- - esdm-fuses
342
- styp:
343
- description: Crytpex Subtype
344
- type: u32
345
- alias:
346
- - cryptex subtype
347
- roots:
348
- - ExtraContent
349
- acid:
350
- stID:
351
- description: Station IDentifier
352
- AcID:
353
- description: Apple Account DSID
354
- type: integer
355
- WSKU:
356
- description: Wireless SKU
357
- WMac:
358
- description: Wireless MAC Address
359
- TMac:
360
- description: Thunderbolt MAC Address
361
- manifest: true
362
- BMac:
363
- description: Bluetooth MAC Address
364
- manifest: true
365
- SrNm:
366
- description: Unit Serial Number
367
- manifest: true
368
- ptrp:
369
- snuf:
370
- description: Staged next update firmware?
371
- Regn:
372
- description: Region Code
373
- example: LL/A
374
- type: string
375
- manifest: true
376
- Mod#:
377
- CLHS:
378
- HmCA:
379
- FSCl:
380
- ADCL:
381
- clid:
382
- hop0:
383
- oppd:
384
- description: Unknown, used by `stg1`/`sepi` - sha384 hash sized
365
+ - esdm-fuses
385
366
  ESEC:
386
367
  description: Effective security mode
387
368
  alias:
388
- - effective-security-mode-ap
369
+ - effective-security-mode-ap
389
370
  euou:
390
371
  description: engineering use-only unit
391
- clas:
392
- description: Class for Key / Object - Found in FDR objects
393
- examples:
394
- roots:
395
- - ExtraContent
396
- psmh:
397
- description: previous stage manifest hash
398
-
372
+ faic:
373
+ description:
374
+ type: integer
375
+ default: 0
399
376
  fchp:
400
377
  description: Cryptex1,ChipID - Mask
401
378
  roots:
402
379
  - ExtraContent
403
380
  fdrs:
404
381
  description:
405
- rvok:
406
- description: Trust object revocation list
407
- trpk:
408
- description: Trust public keys
409
- rssl:
410
- description: The valid CA used for secure communications with the FDR server to obtain the FDR objects. This
411
- differs from the `trst` object as `rssl` is in transit and `trst` is at rest.
412
382
  fdrt:
413
383
  description:
384
+ fgpt:
385
+ description: factory glob al pre-release trust
414
386
  file:
415
387
  description:
416
388
  fpgt:
417
389
  description:
390
+ FSCl:
418
391
  ftab:
419
- description: >
420
- Factory Trust - Auto Boot
421
- FTAB images (used for devices such as AirPods, etc) are "hacktivated" or pre-APTicket'ed devices as they
422
- lack either a restore connection, or persistet memory. Common early usage of this was the Heywire dongles
423
- used for video conversion on the Mac. It was simplest for the device to lack NAND and simply receive the
424
- firmware from a host on powerup. FTAB files are fully ready to run blobs often including RTKit OS based
425
- memory images.
392
+ description: 'Factory Trust - Auto Boot FTAB images (used for devices such as
393
+ AirPods, etc) are "hacktivated" or pre-APTicket''ed devices as they lack either
394
+ a restore connection, or persistet memory. Common early usage of this was the
395
+ Heywire dongles used for video conversion on the Mac. It was simplest for the
396
+ device to lack NAND and simply receive the firmware from a host on powerup. FTAB
397
+ files are fully ready to run blobs often including RTKit OS based memory images.
398
+
399
+ '
426
400
  ftap:
427
- description: >
428
- Factory Trust - Application Processor
401
+ description: 'Factory Trust - Application Processor
402
+
403
+ '
429
404
  type: hash
430
405
  ftot:
431
406
  description: Factory Trust - Other
@@ -440,6 +415,7 @@ img4_tags:
440
415
  description:
441
416
  glyc:
442
417
  description: Gyroscope Calibration
418
+ glyP:
443
419
  glyp:
444
420
  description:
445
421
  hash:
@@ -448,46 +424,41 @@ img4_tags:
448
424
  description:
449
425
  hime:
450
426
  description:
427
+ HmCA:
451
428
  hmmr:
452
429
  description:
453
430
  homr:
454
431
  description:
455
- cnch:
456
- roots:
457
- - ExtraContent
458
- ndom:
459
- roots:
460
- - ExtraContent
461
- pave:
462
- description: XNU version string?
463
- type: string
464
- roots:
465
- - ExtraContent
432
+ hop0:
433
+ hrlp:
434
+ title: Has Secure Enclave Signed recoveryOS Local Policy (hrlp)
435
+ description: 'The `hrlp` indicates whether or not the `prot` value is the measurement
436
+ of a Secure Enclave–signed recoveryOS LocalPolicy. If not, then the recoveryOS
437
+ LocalPolicy is signed by the Apple online signing server, which signs things
438
+ such as macOS Image4 files.
439
+
440
+ '
441
+ type: boolean
442
+ access:
443
+ write:
444
+ - 1TR
445
+ - recoveryOS
446
+ - macOS
466
447
  hypr:
467
448
  description: Hypervisor
449
+ ibd1:
450
+ description: iBoot Data Stage 1
451
+ ibdt:
452
+ description: iBoot Data
468
453
  iBEC:
469
454
  description: iBoot Epoch Change
470
455
  ibot:
471
456
  description: iBoot
472
- ibdt:
473
- description: iBoot Data
474
- ibd1:
475
- description: iBoot Data Stage 1
476
- glyP:
477
457
  ibss:
478
- dven:
479
- dcp2:
480
- ciof:
481
- batF:
482
- ansf:
483
- rfcg:
484
- type: boolean
485
458
  iBSS:
486
459
  description: iBoot Second Stage
487
460
  ienv:
488
461
  description:
489
- LLB:
490
- description: Low Level iBoot
491
462
  IM4M:
492
463
  description:
493
464
  IM4P:
@@ -496,6 +467,8 @@ img4_tags:
496
467
  description:
497
468
  IMG4:
498
469
  description:
470
+ inst:
471
+ descryption: The key or file to install
499
472
  ipdf:
500
473
  description:
501
474
  isor:
@@ -516,84 +489,78 @@ img4_tags:
516
489
  description:
517
490
  krnl:
518
491
  description: Kernel
519
- acdc:
520
- description:
521
492
  kuid:
522
493
  title: Key encryption key (KEK) Group UUID (kuid)
523
- description: >
524
- The kuid indicates the volume that was booted. The key encryption key has typically been used
525
- for Data Protection. For each LocalPolicy, it’s used to protect the LocalPolicy signing key. The
526
- kuid is set by the user implicitly when creating a new operating system install.
494
+ description: 'The kuid indicates the volume that was booted. The key encryption
495
+ key has typically been used for Data Protection. For each LocalPolicy, it’s
496
+ used to protect the LocalPolicy signing key. The kuid is set by the user implicitly
497
+ when creating a new operating system install.
498
+
499
+ '
527
500
  type: binary
528
501
  subtype: sha2-384
529
502
  access:
530
503
  write:
531
- - 1TR
532
- - recoveryOS
533
- - macOS
504
+ - 1TR
505
+ - recoveryOS
506
+ - macOS
534
507
  lamo:
535
508
  description:
536
509
  lckr:
537
510
  description:
511
+ LLB:
512
+ description: Low Level iBoot
538
513
  LNCH:
539
514
  description:
540
515
  lobo:
541
- description: Local Boot Object. Indicates that the object is to be used as the target of a local boot only
542
- and not provided by the server for remote / DFU boots.
516
+ description: Local Boot Object. Indicates that the object is to be used as the
517
+ target of a local boot only and not provided by the server for remote / DFU
518
+ boots.
543
519
  logo:
544
520
  description: Apple logo image
545
521
  love:
546
- title: Local Operating System Version (love)
547
- description: >
548
- The love indicates the OS version that the LocalPolicy is created for. The version is obtained from the
549
- next state manifest during LocalPolicy creation and is used to enforce recoveryOS pairing restrictions.
522
+ title: Long Operating System Version (love)
523
+ description: 'The love indicates the OS version that the LocalPolicy is created
524
+ for. The version is obtained from the next state manifest during LocalPolicy
525
+ creation and is used to enforce recoveryOS pairing restrictions.
526
+
527
+ '
550
528
  type: string
551
- example: "21.3.66.0.0,0"
529
+ example: 21.3.66.0.0,0
552
530
  access:
553
531
  write:
554
- - 1TR
555
- - recoveryOS
556
- - macOS
557
- roots:
558
- - ManifestKey-DataCenter
559
- prtp:
560
- description: Product ID String
561
- type: string
562
- example: iPhone16,2
563
- roots:
564
- - ManifestKey-DataCenter
565
- sdkp:
566
- description: SDK for Product
567
- type: string
532
+ - 1TR
533
+ - recoveryOS
534
+ - macOS
568
535
  roots:
569
536
  - ManifestKey-DataCenter
570
- values:
571
- - iphoneos
572
- - macos
573
537
  lphp:
574
538
  description:
575
- mspr:
576
539
  lpnh:
577
540
  title: LocalPolicy Nonce Hash (lpnh)
578
- description: >
579
- The lpnh is used for anti-replay of the LocalPolicy. This is an SHA384 hash of the LocalPolicy Nonce
580
- (LPN), which is stored in the Secure Storage Component and accessible using the Secure Enclave Boot
581
- ROM or Secure Enclave. The raw nonce is never visible to the Application Processor, only to the
582
- sepOS. An attacker wanting to convince LLB that a previous LocalPolicy they had captured was valid
583
- would need to place a value into the Secure Storage Component, which hashes to the same lpnh value
584
- found in the LocalPolicy they want to replay. Normally there is a single LPN valid on the system—except
585
- during software updates, when two are simultaneously valid—to allow for the possibility of falling back
586
- to booting the old software in the event of an update error. When any LocalPolicy for any operating
587
- system is changed, all policies are re-signed with the new lpnh value corresponding to the new LPN
588
- found in the Secure Storage Component. This change happens when the user changes security settings
589
- or creates new operating systems with a new LocalPolicy for each.
541
+ description: 'The lpnh is used for anti-replay of the LocalPolicy. This is an
542
+ SHA384 hash of the LocalPolicy Nonce (LPN), which is stored in the Secure Storage
543
+ Component and accessible using the Secure Enclave Boot ROM or Secure Enclave.
544
+ The raw nonce is never visible to the Application Processor, only to the sepOS.
545
+ An attacker wanting to convince LLB that a previous LocalPolicy they had captured
546
+ was valid would need to place a value into the Secure Storage Component, which
547
+ hashes to the same lpnh value found in the LocalPolicy they want to replay.
548
+ Normally there is a single LPN valid on the system—except during software updates,
549
+ when two are simultaneously valid—to allow for the possibility of falling back
550
+ to booting the old software in the event of an update error. When any LocalPolicy
551
+ for any operating system is changed, all policies are re-signed with the new
552
+ lpnh value corresponding to the new LPN found in the Secure Storage Component.
553
+ This change happens when the user changes security settings or creates new operating
554
+ systems with a new LocalPolicy for each.
555
+
556
+ '
590
557
  type: binary
591
558
  subtype: sha2-384
592
559
  access:
593
560
  write:
594
- - 1TR
595
- - recoveryOS
596
- - macOS
561
+ - 1TR
562
+ - recoveryOS
563
+ - macOS
597
564
  lpol:
598
565
  description: Local Policy
599
566
  ltrs:
@@ -616,29 +583,70 @@ img4_tags:
616
583
  description:
617
584
  mmsv:
618
585
  description:
586
+ Mod#:
619
587
  mpro:
620
588
  description:
621
589
  msec:
622
590
  description:
591
+ mspr:
623
592
  msys:
624
- description: Merkle Tree Metadata for System Disk
593
+ description: 'System Volume Cannonical Metadata Contains a Merkle Tree of the
594
+ System Volume. The Merkle-Tree is used to verify Signed System Volume, in a
595
+ similar way to a Git repository, where every file is included in the tree of
596
+ the folder and so on up to the root node. The root node is validated against
597
+ the coresponding `root_hash`. The inclusion of the merkle tree allows for discovery
598
+ of where the system volume''s data is broken, as the root_hash can only tell
599
+ you if it is broken.
600
+
601
+ '
625
602
  mtfw:
626
603
  description:
604
+ mtpf:
627
605
  name:
628
606
  description:
607
+ ndom:
608
+ roots:
609
+ - ExtraContent
610
+ nish:
611
+ title: Next Stage Image4 Manifest Hash (nsih)
612
+ description: 'The nsih field represents an SHA384 hash of the Image4 manifest
613
+ data structure that describes the booted macOS. The macOS Image4 manifest contains
614
+ measurements for all the boot objects—such as iBoot, the static trust cache,
615
+ device tree, Boot Kernel Collection, and signed system volume (SSV) volume root
616
+ hash. When LLB is directed to boot a given macOS, it’s designed to ensure that
617
+ the hash of the macOS Image4 manifest attached to iBoot matches what’s captured
618
+ in the nsih field of the LocalPolicy. In this way, the nsih captures the user
619
+ intention of what operating system the user has created a LocalPolicy for. Users
620
+ change the nsih value implicitly when they perform a software update.
621
+
622
+ '
623
+ type: binary
624
+ subtype: sha2-384
625
+ context:
626
+ lpol:
627
+ access:
628
+ write:
629
+ - 1TR
630
+ - recoveryOS
631
+ - macOS
629
632
  nrde:
630
633
  description:
631
634
  nsih:
632
635
  description: Next Stage Image Hash
636
+ nsph:
637
+ description: Next Stage preboot splat manifest hash
633
638
  nsrv:
634
639
  description:
635
640
  OBJP:
636
- description: Object Properties - Values that may be assigned per "object" (firmawres) that contain a `DGST`
641
+ description: Object Properties - Values that may be assigned per "object" (firmawres)
642
+ that contain a `DGST`
637
643
  type: sequence
638
644
  omer:
639
645
  description:
640
646
  ooth:
641
647
  description:
648
+ oppd:
649
+ description: Unknown, used by `stg1`/`sepi` - sha384 hash sized
642
650
  osev:
643
651
  description:
644
652
  osrd:
@@ -647,6 +655,14 @@ img4_tags:
647
655
  description:
648
656
  owns:
649
657
  description:
658
+ pave:
659
+ description: 'Pre-authorization Version (XNU) The version of a pre-authorized
660
+ Cryptex.
661
+
662
+ '
663
+ type: string
664
+ roots:
665
+ - ExtraContent
650
666
  PAYP:
651
667
  description:
652
668
  pcrp:
@@ -667,24 +683,48 @@ img4_tags:
667
683
  subtype:
668
684
  pndp:
669
685
  description:
686
+ prid:
687
+ description: Encrypted Private Key / Private Key Info
670
688
  prot:
671
689
  title: Paired recoveryOS Trusted Boot Policy Measurement (prot)
672
- description: >
673
- A paired recoveryOS Trusted Boot Policy Measurement (TBPM) is a special iterative SHA384 hash calculation
674
- over the Image4 manifest of a LocalPolicy, excluding nonces, in order to give a consistent measurement
675
- over time (because nonces like lpnh are frequently updated). The prot field, which is found only in each
676
- macOS LocalPolicy, provides a pairing to indicate the recoveryOS LocalPolicy that corresponds to the
677
- macOS LocalPolicy.
690
+ description: 'A paired recoveryOS Trusted Boot Policy Measurement (TBPM) is a
691
+ special iterative SHA384 hash calculation over the Image4 manifest of a LocalPolicy,
692
+ excluding nonces, in order to give a consistent measurement over time (because
693
+ nonces like lpnh are frequently updated). The prot field, which is found only
694
+ in each macOS LocalPolicy, provides a pairing to indicate the recoveryOS LocalPolicy
695
+ that corresponds to the macOS LocalPolicy.
696
+
697
+ '
678
698
  type: digest-object
679
699
  subtype: trust-measurement
680
700
  access:
681
701
  write:
682
- - 1TR
683
- - recoveryOS
684
- - macOS
702
+ - 1TR
703
+ - recoveryOS
704
+ - macOS
705
+ prtp:
706
+ description: Product Type String
707
+ type: string
708
+ example: iPhone16,2
709
+ roots:
710
+ - ManifestKey-DataCenter
711
+ psmh:
712
+ description: previous stage manifest hash
713
+ ptrp:
714
+ rans:
715
+ description: Restore Apple NAND Storage Firmware
716
+ type: digest-object
685
717
  rbmt:
686
718
  description:
687
- mtpf:
719
+ rcfg:
720
+ description: 'Appears in certificates issues by factory such as `T6031-SDOM1-TssLive-ManifestKey-RevA-Factory`.
721
+ Potentially indicates that the policy is for a recovery boot only.
722
+
723
+ '
724
+ type: boolean
725
+ rcio:
726
+ description: Restore CIO
727
+ rdcp:
688
728
  rddg:
689
729
  description:
690
730
  rdsk:
@@ -693,16 +733,17 @@ img4_tags:
693
733
  description:
694
734
  recm:
695
735
  description:
696
- rcfg:
697
- description: >
698
- Appears in certificates issues by factory such as `T6031-SDOM1-TssLive-ManifestKey-RevA-Factory`.
699
- Potentially indicates that the policy is for a recovery boot only.
736
+ Regn:
737
+ description: Region Code
738
+ example: LL/A
739
+ type: string
740
+ manifest: true
741
+ rfcg:
700
742
  type: boolean
701
743
  rfta:
702
744
  description:
703
745
  rfts:
704
746
  description:
705
- rdcp:
706
747
  rkrn:
707
748
  description: restore kernel
708
749
  rlgo:
@@ -714,78 +755,45 @@ img4_tags:
714
755
  type: boolean
715
756
  ronh:
716
757
  title: recoveryOS Nonce Hash (ronh)
717
- description: >
718
- The ronh behaves the same way as the lpnh, but is found exclusively in the LocalPolicy for system
719
- recoveryOS. It’s updated when the system recoveryOS is updated, such as on software updates. A
720
- separate nonce from the lpnh and rpnh is used so that when a device is put into a disabled state
721
- by Find My, existing operating systems can be disabled (by removing their LPN and RPN from the
722
- Secure Storage Component), while still leaving the system recoveryOS bootable. In this way, the
723
- operating systems can be reenabled when the system owner proves their control over the system by
724
- putting in their iCloud password used for the Find My account. This change happens when a user updates
725
- the system recoveryOS or creates new operating systems.
758
+ description: 'The ronh behaves the same way as the lpnh, but is found exclusively
759
+ in the LocalPolicy for system recoveryOS. It’s updated when the system recoveryOS
760
+ is updated, such as on software updates. A separate nonce from the lpnh and
761
+ rpnh is used so that when a device is put into a disabled state by Find My,
762
+ existing operating systems can be disabled (by removing their LPN and RPN from
763
+ the Secure Storage Component), while still leaving the system recoveryOS bootable.
764
+ In this way, the operating systems can be reenabled when the system owner proves
765
+ their control over the system by putting in their iCloud password used for the
766
+ Find My account. This change happens when a user updates the system recoveryOS
767
+ or creates new operating systems.
768
+
769
+ '
726
770
  type: binary
727
771
  subtype: sha2-384
728
772
  access:
729
773
  write:
730
- - 1TR
731
- - recoveryOS
732
- - macOS
774
+ - 1TR
775
+ - recoveryOS
776
+ - macOS
733
777
  rosi:
734
778
  description:
735
- nish:
736
- title: Next Stage Image4 Manifest Hash (nsih)
737
- description: >
738
- The nsih field represents an SHA384 hash of the Image4 manifest data structure that describes the booted
739
- macOS. The macOS Image4 manifest contains measurements for all the boot objects—such as iBoot, the static
740
- trust cache, device tree, Boot Kernel Collection, and signed system volume (SSV) volume root hash. When
741
- LLB is directed to boot a given macOS, it’s designed to ensure that the hash of the macOS Image4 manifest
742
- attached to iBoot matches what’s captured in the nsih field of the LocalPolicy. In this way, the nsih
743
- captures the user intention of what operating system the user has created a LocalPolicy for. Users
744
- change the nsih value implicitly when they perform a software update.
745
- type: binary
746
- subtype: sha2-384
747
- context:
748
- lpol:
749
- access:
750
- write:
751
- - 1TR
752
- - recoveryOS
753
- - macOS
754
- spih:
755
- description: Cryptex1 Image4 Hash
756
- stng:
757
- description: Cryptex1 Generation / Cryptex type?
758
- auxh:
759
- description: User Authorized Kext List Hash
760
- context:
761
779
  rpnh:
762
780
  title: Remote Policy Nonce Hash (rpnh)
763
- description: >
764
- The rpnh behaves the same way as the lpnh but is updated only when the remote policy is updated, such as when
765
- changing the state of Find My enrollment. This change happens when the user changes the state of Find My on
766
- their Mac.
781
+ description: 'The rpnh behaves the same way as the lpnh but is updated only when
782
+ the remote policy is updated, such as when changing the state of Find My enrollment.
783
+ This change happens when the user changes the state of Find My on their Mac.
784
+
785
+ '
767
786
  type: binary
768
787
  subtype: sha2-384
769
788
  access:
770
789
  write:
771
- - 1TR
772
- - recoveryOS
773
- - macOS
774
- RSCH:
775
- description: Research mode
776
- rcio:
777
- description: Restore CIO
778
- fgpt:
779
- description: factory glob al pre-release trust
780
- UDID:
781
- description: universal device identifier
790
+ - 1TR
791
+ - recoveryOS
792
+ - macOS
782
793
  rsch:
783
794
  description: research mode
784
- vnum:
785
- description: Version Number - Update Maximum
786
- type: string
787
- roots:
788
- - ExtraContent
795
+ RSCH:
796
+ description: Research mode
789
797
  rsep:
790
798
  description: Restore SEP Image, paired with oppd/tbms
791
799
  type: string
@@ -798,12 +806,31 @@ img4_tags:
798
806
  description:
799
807
  rso3:
800
808
  description:
809
+ rssl:
810
+ description: The valid CA used for secure communications with the FDR server to
811
+ obtain the FDR objects. This differs from the `trst` object as `rssl` is in
812
+ transit and `trst` is at rest.
813
+ rtmu:
814
+ description: Restore TMU for AP
815
+ type: digest-object
816
+ firmware: true
817
+ recovery: true
801
818
  rtpf:
802
819
  description:
803
820
  rtsc:
804
821
  description:
822
+ rvok:
823
+ description: Trust object revocation list
805
824
  scef:
806
825
  description:
826
+ sdkp:
827
+ description: SDK Platform
828
+ type: string
829
+ roots:
830
+ - ManifestKey-DataCenter
831
+ values:
832
+ - iphoneos
833
+ - macos
807
834
  SDOM:
808
835
  description: |-
809
836
  Security domain, or which set of certificates govern device security.
@@ -812,15 +839,18 @@ img4_tags:
812
839
  0x01 - Main Production certificates
813
840
  width: 2
814
841
  alias:
815
- - security-domain
842
+ - security-domain
843
+ secb:
844
+ description: Sets a security value such as `trst` or the FDR signing trust object. "security
845
+ blob?". Known to include `trst` (yes a `trst` partition with a `secb` object with a `trst` object),
846
+ `rssl` (Factory SSL root CA), `rvok` (Revocation list) and `trpk` (trusted public keys?)
816
847
  SECM:
817
848
  description:
818
849
  seid:
819
850
  description: Secure Enclave ID
820
- stg1:
821
- description: stage 1 bootloader
822
- type: string
823
- encoding: sha2-384
851
+ sei3:
852
+ description: Secure Enclave ID (alternate)?
853
+ Appears to have a value identical to `seid`.
824
854
  sepi:
825
855
  description: SEP Image, contains oppd and tbms in seal
826
856
  type: string
@@ -832,15 +862,18 @@ img4_tags:
832
862
  sip0:
833
863
  description: System Integrity Protection (SIP) 0 Status - Overall
834
864
  sip1:
835
- description: System Integrity Protection (SIP) 1 Status - Signed System Volume Status
865
+ description: System Integrity Protection (SIP) 1 Status - Signed System Volume
866
+ Status
836
867
  sip2:
837
868
  description: System Integrity Protection (SIP) 2 Status - Kernel CTRR Status
838
869
  sip3:
839
- description: System Integrity Protection (SIP) 3 Status - Boot Args Filtering Status
870
+ description: System Integrity Protection (SIP) 3 Status - Boot Args Filtering
871
+ Status
840
872
  slvn:
841
873
  description:
842
874
  smb0:
843
- description: Secure Multi-Boot 0 - Security Mode - Full Security, Reduced, Disabled - Setting to 1 sets to reduced
875
+ description: Secure Multi-Boot 0 - Security Mode - Full Security, Reduced, Disabled
876
+ - Setting to 1 sets to reduced
844
877
  smb1:
845
878
  description: Secure Multi-Boot 1 - Setting to 1 allows Permissive
846
879
  smb2:
@@ -851,31 +884,74 @@ img4_tags:
851
884
  description: Secure Multi-Boot 3 - DEP-allowed MDM Control
852
885
  smb5:
853
886
  description: Unknown - but known to exist in Factory signing
854
- SNON:
855
- description: SEP Nonce
856
887
  snon:
857
888
  description: SEP Nonce
889
+ SNON:
890
+ description: SEP Nonce
891
+ snuf:
892
+ description: Staged next update firmware?
893
+ spih:
894
+ description: Cryptex1 Image4 Hash
895
+ SPTM:
896
+ description: Secure Page Table Monitor
858
897
  srnm:
859
898
  description:
899
+ SrNm:
900
+ description: Unit Serial Number
901
+ manifest: true
902
+ ssca:
903
+ sski:
904
+ description: SHA2 os some kind
905
+ type: binary
860
906
  ster:
861
907
  description:
908
+ stg1:
909
+ description: stage 1 bootloader
910
+ type: string
911
+ encoding: sha2-384
912
+ stID:
913
+ description: Station IDentifier
914
+ stng:
915
+ description: Cryptex1 Generation / Cryptex type?
916
+ styp:
917
+ description: Crytpex Subtype
918
+ type: u32
919
+ alias:
920
+ - cryptex subtype
921
+ roots:
922
+ - ExtraContent
862
923
  svrn:
863
924
  description: Server nonce
925
+ tatp:
926
+ description: Target Type (board name)
927
+ roots:
928
+ - ManifestKey-DataCenter
864
929
  tbmr:
865
930
  description: Trusted Boot Measurement (Recovery/Root?)
866
931
  tbms:
867
932
  description: Trusted Boot Measurement (Signature?)
868
933
  notes: Likely encrypted by the SEP and opaque to the AP
869
- tatp:
870
- description: Board Name (such as d84) - Target AP Test
871
- roots:
872
- - ManifestKey-DataCenter
873
934
  tery:
874
935
  description:
875
936
  test:
876
937
  description:
877
938
  tics:
878
939
  description:
940
+ TMac:
941
+ description: Thunderbolt MAC Address
942
+ manifest: true
943
+ trca:
944
+ description:
945
+ type: digest-object
946
+ roots:
947
+ - ExtraContent
948
+ trcs:
949
+ description:
950
+ type: digest-object
951
+ roots:
952
+ - ExtraContent
953
+ trpk:
954
+ description: Trust public keys
879
955
  trst:
880
956
  description: Trust Object
881
957
  tsys:
@@ -885,15 +961,12 @@ img4_tags:
885
961
  type: integer
886
962
  roots:
887
963
  - ExtraContent
888
- caos:
889
- description:
890
- type: digest-object
891
- root:
892
- - ExtraContent
893
964
  ucer:
894
965
  description: User Cert
895
966
  ucon:
896
967
  description:
968
+ UDID:
969
+ description: universal device identifier
897
970
  udid:
898
971
  description: Unique Device ID
899
972
  uidm:
@@ -905,34 +978,38 @@ img4_tags:
905
978
  description:
906
979
  vkdl:
907
980
  description:
981
+ vnum:
982
+ description: Version Number - Update Maximum
983
+ type: string
984
+ roots:
985
+ - ExtraContent
908
986
  vuid:
909
987
  title: APFS volume group UUID (vuid)
910
- description: >
911
- The vuid indicates the volume group the kernel should use as root. This field is primarily informational
912
- and isn’t used for security constraints. This vuid is set by the user implicitly when creating a new
913
- operating system install.
988
+ description: 'The vuid indicates the volume group the kernel should use as root.
989
+ This field is primarily informational and isn’t used for security constraints.
990
+ This vuid is set by the user implicitly when creating a new operating system
991
+ install.
992
+
993
+ '
914
994
  type: binary
915
995
  subtype: sha2-384
916
996
  access:
917
- - 1TR
918
- - recoveryOS
919
- - macOS
997
+ - 1TR
998
+ - recoveryOS
999
+ - macOS
920
1000
  ware:
921
1001
  description:
922
- sski:
923
- description: SHA2 os some kind
924
- type: binary
925
- inst:
926
- descryption: The key or file to install
1002
+ WCHF:
1003
+ description: Wireless Charging Firmware
927
1004
  wchf:
928
1005
  description: Wireless Charging Framework
1006
+ WMac:
1007
+ description: Wireless MAC Address
1008
+ WSKU:
1009
+ description: Wireless SKU
929
1010
  xbtc:
930
1011
  description: x86 Boot Trust Cache
931
1012
  xsys:
932
1013
  description: x86 System Root Hash
933
1014
  xugs:
934
1015
  description:
935
- SPTM:
936
- description: Secure Page Table Monitor
937
- WCHF:
938
- description: Wireless Charging Firmware