apple-data 1.0.607 → 1.0.608
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/apple_data/version.rb +1 -1
- data/share/img4.yaml +463 -386
- data/share/pki.yaml +288 -162
- data/share/terms.yaml +173 -169
- metadata +2 -2
data/share/pki.yaml
CHANGED
@@ -10,203 +10,324 @@ certificate_names:
|
|
10
10
|
rcrt: remote/recovery certificate?
|
11
11
|
scrt: SEP Certificate
|
12
12
|
tcrt: test certificate?
|
13
|
-
ucrt:
|
13
|
+
ucrt:
|
14
|
+
name: User Identity Certificate
|
15
|
+
issuer: Basic Attestation User Root CA
|
14
16
|
vcrt: virtual certificate?
|
15
17
|
keys:
|
16
18
|
uik:
|
17
|
-
|
19
|
+
title: User Identity Key
|
20
|
+
certificates:
|
21
|
+
- ucrt
|
18
22
|
sik:
|
19
|
-
|
23
|
+
title: System Identity Key
|
24
|
+
certificates:
|
25
|
+
- dcrt
|
20
26
|
oik:
|
21
|
-
|
27
|
+
title: Owner Identity Key
|
22
28
|
constants:
|
23
29
|
private_oid_root: 1.2.840.113635
|
24
30
|
oids:
|
25
|
-
|
26
|
-
description:
|
27
|
-
|
31
|
+
1.2.840.113635.100.10:
|
32
|
+
description: >
|
33
|
+
`ucrt` extension root
|
34
|
+
1.2.840.113635.100.10.1:
|
35
|
+
description: Hardware device identifiers of the machine the certificate is issued
|
36
|
+
to contains BORD, CHIP, ECID, srnm, udid, seid
|
37
|
+
found_in:
|
38
|
+
- ucrt
|
39
|
+
issuers:
|
40
|
+
- FDRDC-UCRT-SUBCA
|
41
|
+
ous:
|
42
|
+
- ucrt Leaf Certificate
|
43
|
+
1.2.840.113635.100.10.2:
|
44
|
+
found_in:
|
45
|
+
- ucrt
|
46
|
+
issuers:
|
47
|
+
- FDRDC-UCRT-SUBCA
|
48
|
+
ous:
|
49
|
+
- ucrt Leaf Certificate
|
50
|
+
1.2.840.113635.100.4.1:
|
51
|
+
symbol: oidAppleExtendedKeyUsageCodeSigning
|
52
|
+
1.2.840.113635.100.4.1.1:
|
53
|
+
symbol: oidAppleExtendedKeyUsageCodeSigningDev
|
54
|
+
1.2.840.113635.100.4.11:
|
55
|
+
symbol: oidAppleCertExtOSXProvisioningProfileSigning
|
56
|
+
1.2.840.113635.100.5.12:
|
57
|
+
symbol: oidApplePolicyMobileStore
|
58
|
+
1.2.840.113635.100.5.12.1:
|
59
|
+
symbol: oidApplePolicyMobileStoreProdQA
|
60
|
+
1.2.840.113635.100.5.3:
|
28
61
|
apple_description: ADC Certificate Policy
|
29
|
-
|
30
|
-
apple_description: Markers for iPhone OS Device Certificate Policies, used for
|
31
|
-
|
62
|
+
1.2.840.113635.100.5.4:
|
63
|
+
apple_description: Markers for iPhone OS Device Certificate Policies, used for
|
64
|
+
external sources to trust iPhone OS devices
|
65
|
+
1.2.840.113635.100.5.4.1:
|
32
66
|
apple_description: BBC's Policy
|
33
|
-
|
67
|
+
1.2.840.113635.100.6.1.1:
|
34
68
|
apple_description: Apple Released Code Signature
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
description:
|
52
|
-
Constriction on values that can be specified or signed by this certificate. Conatins two sub-sequesnces, the MANP (Manifest Properties)
|
53
|
-
and the OBJP (Object Properties). Manifest properties are at the issued IM4M, and object properties are per signed object (firmware).
|
54
|
-
Values of NULL mean tha tthis certificate can sign any value for that property, values that are set are values that must be signed
|
55
|
-
with that value by this certificate. This is how for example `T6031-SDOM1` is enforced. The certificate for that set of servers
|
56
|
-
have a null value for ECID (meaning it can be used for any ECID) and have fixed values for CHIP / Security Domain SDOM.
|
57
|
-
|
58
|
-
This is how Live TSS for customers differs from factory signing in what properties it can include. Factory only manifest properties
|
59
|
-
include `augs`, `uidm`
|
69
|
+
symbol: oidAppleSecureBootCertSpec
|
70
|
+
1.2.840.113635.100.6.1.11:
|
71
|
+
symbol: oidAppleSecureBootTicketCertSpec
|
72
|
+
1.2.840.113635.100.6.1.15:
|
73
|
+
name: IMG4 Manifest Certificate Specification
|
74
|
+
description: "Constriction on values that can be specified or signed by this certificate.
|
75
|
+
\ Conatins two sub-sequesnces, \nthe MANP (Manifest Properties) and the OBJP
|
76
|
+
(Object Properties). Manifest properties are at the issued \nIM4M, and object
|
77
|
+
properties are per signed object (firmware). Values of NULL mean tha tthis certificate\ncan
|
78
|
+
sign any value for that property, values that are set are values that must be
|
79
|
+
signed with that value\nby this certificate. This is how for example `T6031-SDOM1`
|
80
|
+
is enforced. The certificate for that set of\nservers have a null value for
|
81
|
+
ECID (meaning it can be used for any ECID) and have fixed values for CHIP /\nSecurity
|
82
|
+
Domain SDOM.\nThis is how Live TSS for customers differs from factory signing
|
83
|
+
in what properties it can include. Factory\nonly manifest properties include
|
84
|
+
`augs`, `uidm`"
|
60
85
|
found_in:
|
61
|
-
|
62
|
-
|
86
|
+
- ucrt
|
87
|
+
- dcrt-oid
|
88
|
+
symbol: oidAppleImg4ManifestCertSpec
|
63
89
|
issuers:
|
64
|
-
|
65
|
-
|
66
|
-
|
90
|
+
- Basic Attestation User Sub CA2
|
91
|
+
- FDRDC-UCRT-SUBCA
|
92
|
+
- T6031-SDOM1-TssLive-ManifestKey-RevA-Factory
|
67
93
|
ous:
|
68
|
-
|
69
|
-
|
70
|
-
|
94
|
+
- BAA Certification
|
95
|
+
- ucrt Leaf Certificate
|
96
|
+
1.2.840.113635.100.6.1.16:
|
97
|
+
symbol: oidAppleInstallerPackagingSigningExternal
|
98
|
+
1.2.840.113635.100.6.1.2:
|
99
|
+
apple_description: Apple World Wide Developer Relations Certificates for Code
|
100
|
+
Signing during development
|
101
|
+
1.2.840.113635.100.6.1.24:
|
102
|
+
symbol: oidAppleTVOSApplicationSigningProd
|
103
|
+
1.2.840.113635.100.6.1.24.1:
|
104
|
+
symbol: oidAppleCertExtATVAppSigningProdQA
|
105
|
+
1.2.840.113635.100.6.1.28:
|
106
|
+
symbol: oidAppleCertExtTrustCacheSigning
|
107
|
+
1.2.840.113635.100.6.1.28.1:
|
108
|
+
symbol: oidAppleCertExtTrustCacheSigningTest
|
109
|
+
1.2.840.113635.100.6.1.3:
|
110
|
+
apple_description: Apple World Wide Developer Relations Certificates for Code
|
111
|
+
Signing for General Release through the iTMS
|
112
|
+
symbol: oidAppleApplicationSigning
|
113
|
+
1.2.840.113635.100.6.1.3.1:
|
114
|
+
apple_description: Apple World Wide Developer Relations Certificates for Code
|
115
|
+
Signing for Test Release through the iTMS
|
116
|
+
1.2.840.113635.100.6.1.36:
|
117
|
+
symbol: oidAppleXROSApplicationSigningProd
|
118
|
+
1.2.840.113635.100.6.1.36.1:
|
119
|
+
symbol: oidAppleXROSApplicationSigningProdQA
|
120
|
+
1.2.840.113635.100.6.1.4:
|
121
|
+
apple_description: Apple World Wide Developer Relations Certificates for Code
|
122
|
+
Signing GM from developer to Apple
|
123
|
+
1.2.840.113635.100.6.16:
|
124
|
+
description: A sequence of FDR programming commands, seperated by ";". Each command
|
125
|
+
is "PUT" or "GET" prior to a 4CC value, followed by a ":" then the value of
|
126
|
+
the key.
|
127
|
+
example: PUT/FSCl:sik-FXFYFXFFYFFEX-QQRRRDEETFEFYCEIESLIREILCILESCLSELRESERSER
|
128
|
+
1.2.840.113635.100.6.17:
|
129
|
+
description: Contains the name of the key
|
130
|
+
1.2.840.113635.100.6.2.1:
|
71
131
|
apple_description: Marker for the WWDR Intermediate Certificate
|
72
|
-
|
132
|
+
symbol: oidAppleProvisioningProfile
|
133
|
+
1.2.840.113635.100.6.2.10:
|
134
|
+
symbol: oidAppleIntmMarkerAppleSystemIntg2
|
135
|
+
1.2.840.113635.100.6.2.12:
|
136
|
+
symbol: oidAppleIntmMarkerAppleServerAuthentication
|
137
|
+
1.2.840.113635.100.6.2.13:
|
138
|
+
symbol: oidAppleIntmMarkerAppleSystemIntgG3
|
139
|
+
1.2.840.113635.100.6.2.16:
|
140
|
+
symbol: oidAppleIntmMarkerAppleHomeKitServerCA
|
141
|
+
1.2.840.113635.100.6.2.2:
|
73
142
|
apple_description: Marker for the iTunes Store Intermediate Certificate
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
143
|
+
1.2.840.113635.100.6.2.3:
|
144
|
+
symbol: oidAppleIntmMarkerAppleID
|
145
|
+
1.2.840.113635.100.6.2.7:
|
146
|
+
symbol: oidAppleIntmMarkerAppleID2
|
147
|
+
1.2.840.113635.100.6.23.1:
|
148
|
+
symbol: oidApplePolicyEscrowService
|
149
|
+
1.2.840.113635.100.6.25:
|
150
|
+
symbol: oidAppleCertExtensionAppleIDRecordValidationSigning
|
151
|
+
1.2.840.113635.100.6.27.1:
|
152
|
+
symbol: oidAppleCertExtAppleServerAuthentication
|
153
|
+
1.2.840.113635.100.6.27.11.1:
|
154
|
+
symbol: oidAppleCertExtMMCSServerAuthProdQA
|
155
|
+
1.2.840.113635.100.6.27.11.2:
|
156
|
+
symbol: oidAppleCertExtMMCSServerAuthProd
|
157
|
+
1.2.840.113635.100.6.27.15.1:
|
158
|
+
symbol: oidAppleCertExtiCloudSetupServerAuthProdQA
|
159
|
+
1.2.840.113635.100.6.27.15.2:
|
160
|
+
symbol: oidAppleCertExtiCloudSetupServerAuthProd
|
161
|
+
1.2.840.113635.100.6.27.2:
|
162
|
+
symbol: oidAppleCertExtAppleServerAuthenticationGS
|
163
|
+
1.2.840.113635.100.6.27.3.1:
|
164
|
+
symbol: oidAppleCertExtAppleServerAuthenticationPPQProdQA
|
165
|
+
1.2.840.113635.100.6.27.3.2:
|
166
|
+
symbol: oidAppleCertExtAppleServerAuthenticationPPQProd
|
167
|
+
1.2.840.113635.100.6.27.4.1:
|
168
|
+
symbol: oidAppleCertExtAppleServerAuthenticationIDSProdQA
|
169
|
+
1.2.840.113635.100.6.27.4.2:
|
170
|
+
symbol: oidAppleCertExtAppleServerAuthenticationIDSProd
|
171
|
+
1.2.840.113635.100.6.27.5.1:
|
172
|
+
symbol: oidAppleCertExtAppleServerAuthenticationAPNProdQA
|
173
|
+
1.2.840.113635.100.6.27.5.2:
|
174
|
+
symbol: oidAppleCertExtAppleServerAuthenticationAPNProd
|
175
|
+
1.2.840.113635.100.6.27.6.1:
|
176
|
+
symbol: oidAppleCertExtFMiPServerAuthProdQA
|
177
|
+
1.2.840.113635.100.6.27.6.2:
|
178
|
+
symbol: oidAppleCertExtFMiPServerAuthProd
|
179
|
+
1.2.840.113635.100.6.27.7.1:
|
180
|
+
symbol: oidAppleCertExtEscrowProxyServerAuthProdQA
|
181
|
+
1.2.840.113635.100.6.27.7.2:
|
182
|
+
symbol: oidAppleCertExtEscrowProxyServerAuthProd
|
183
|
+
1.2.840.113635.100.6.27.8.1:
|
184
|
+
symbol: oidAppleCertExtAST2DiagnosticsServerAuthProdQA
|
185
|
+
1.2.840.113635.100.6.27.8.2:
|
186
|
+
symbol: oidAppleCertExtAST2DiagnosticsServerAuthProd
|
187
|
+
1.2.840.113635.100.6.27.9:
|
188
|
+
symbol: oidAppleCertExtHomeKitServerAuth
|
189
|
+
1.2.840.113635.100.6.3.1:
|
190
|
+
apple_description: Apple World Wide Developer Relations Client SSL Certificates
|
191
|
+
for Accessing the Development Apple Push Service
|
192
|
+
1.2.840.113635.100.6.3.2:
|
193
|
+
apple_description: Apple World Wide Developer Relations Client SSL Certificates
|
194
|
+
for Accessing the Production Apple Push Service
|
195
|
+
1.2.840.113635.100.6.30:
|
196
|
+
symbol: oidAppleCertExtAppleSMPEncryption
|
197
|
+
1.2.840.113635.100.6.38.1:
|
198
|
+
symbol: oidAppleCertExtApplePPQSigningProdQA
|
199
|
+
1.2.840.113635.100.6.38.2:
|
200
|
+
symbol: oidAppleCertExtApplePPQSigningProd
|
201
|
+
1.2.840.113635.100.6.39:
|
202
|
+
symbol: oidAppleCertExtCryptoServicesExtEncryption
|
203
|
+
1.2.840.113635.100.6.4.1:
|
204
|
+
apple_description: Extension Markers for device version string, expects UTF8 to
|
205
|
+
follow in SubjectAltName
|
206
|
+
1.2.840.113635.100.6.4.2:
|
207
|
+
apple_description: Extension Markers for OS version string, expects UTF8 to follow
|
208
|
+
in SubjectAltName
|
209
|
+
1.2.840.113635.100.6.43:
|
210
|
+
symbol: oidAppleCertExtATVVPNProfileSigning
|
211
|
+
1.2.840.113635.100.6.5.1:
|
212
|
+
apple_description: Apple iTunes Store Certificates for Signing Receipts of Purchases
|
213
|
+
from the iTS
|
214
|
+
1.2.840.113635.100.6.5.2:
|
215
|
+
apple_description: Apple iTunes Store Certificates for Signing Requests to Purchase
|
216
|
+
for the iTS
|
217
|
+
1.2.840.113635.100.7.1.1:
|
218
|
+
apple_description: 'Apple FairPlay certificate extended Application Authentication
|
219
|
+
& Authorization: Policy'
|
220
|
+
1.2.840.113635.100.8:
|
221
|
+
description: Local Policy OID Root
|
222
|
+
1.2.840.113635.100.8.4:
|
223
|
+
description: Contains a sequence of integer values. Some are 0, some are 1, others
|
224
|
+
appear to be int32 bitmasks.
|
90
225
|
is_asn_body: true
|
91
226
|
is_extension: true
|
92
227
|
found_in:
|
93
|
-
|
94
|
-
|
228
|
+
- dcrt
|
229
|
+
- dcrt-oid
|
95
230
|
issuers:
|
96
|
-
|
231
|
+
- Basic Attestation User Sub CA2
|
97
232
|
ous:
|
98
|
-
|
99
|
-
|
100
|
-
|
233
|
+
- BAA Certification
|
234
|
+
symbol:
|
235
|
+
1.2.840.113635.100.8.5:
|
236
|
+
description: Similar in nature to `1.2.840.113635.100.8.4`. Non-integer values
|
237
|
+
observed of `ssca`.
|
101
238
|
is_asn_body: true
|
102
239
|
is_extension: true
|
103
240
|
found_in:
|
104
|
-
|
105
|
-
|
241
|
+
- dcrt
|
242
|
+
- dcrt-oid
|
106
243
|
issuers:
|
107
|
-
|
244
|
+
- Basic Attestation User Sub CA2
|
108
245
|
ous:
|
109
|
-
|
110
|
-
|
246
|
+
- BAA Certification
|
247
|
+
1.2.840.113635.100.8.7:
|
111
248
|
description: ASN1 data for the version of macOS for the issued under (e.g. 12.2)
|
112
249
|
is_asn_body: true
|
113
250
|
is_extension: true
|
114
251
|
found_in:
|
115
|
-
|
116
|
-
|
117
|
-
issuers:
|
118
|
-
- Basic Attestation User Sub CA2
|
119
|
-
ous:
|
120
|
-
- BAA Certification
|
121
|
-
- oid: 1.2.840.113635.100.10.1
|
122
|
-
description:
|
123
|
-
Hardware device identifiers of the machine the certificate is issued to
|
124
|
-
contains BORD, CHIP, ECID, srnm, udid, seid
|
125
|
-
found_in:
|
126
|
-
- ucrt
|
127
|
-
issuers:
|
128
|
-
- FDRDC-UCRT-SUBCA
|
129
|
-
ous:
|
130
|
-
- ucrt Leaf Certificate
|
131
|
-
- oid: 1.2.840.113635.100.10.2
|
132
|
-
found_in:
|
133
|
-
- ucrt
|
252
|
+
- dcrt
|
253
|
+
- dcrt-oid
|
134
254
|
issuers:
|
135
|
-
|
255
|
+
- Basic Attestation User Sub CA2
|
136
256
|
ous:
|
137
|
-
|
257
|
+
- BAA Certification
|
258
|
+
1.3.6.1.4.1.311.2.1.12:
|
259
|
+
symbol: oidMicrosoftSpcSpOpusInfo
|
260
|
+
1.3.6.1.4.1.311.2.1.15:
|
261
|
+
symbol: oidMicrosoftSpcPEImageData
|
262
|
+
1.3.6.1.4.1.311.2.1.4:
|
263
|
+
symbol: oidMicrosoftSpcIndirectDataContext
|
138
264
|
known_symbols:
|
139
265
|
ekus:
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
266
|
+
- _oidAppleExtendedKeyUsageAppleID
|
267
|
+
- _oidAppleExtendedKeyUsageCodeSigning
|
268
|
+
- _oidAppleExtendedKeyUsageCodeSigningDev
|
269
|
+
- _oidAppleExtendedKeyUsagePassbook
|
270
|
+
- _oidAppleExtendedKeyUsageProfileSigning
|
271
|
+
- _oidAppleExtendedKeyUsageQAProfileSigning
|
146
272
|
purposes:
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
273
|
+
- _oidAppleApplicationSigning
|
274
|
+
- _oidAppleProvisioningProfile
|
275
|
+
- _oidAppleInstallerPackagingSigningExternal
|
276
|
+
- _oidApplePushServiceClient
|
151
277
|
extensions:
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
278
|
+
- _oidAppleCertExtAST2DiagnosticsServerAuthProd
|
279
|
+
- _oidAppleCertExtAST2DiagnosticsServerAuthProdQA
|
280
|
+
- _oidAppleCertExtATVAppSigningProd
|
281
|
+
- _oidAppleCertExtATVAppSigningProdQA
|
282
|
+
- _oidAppleCertExtATVVPNProfileSigning
|
283
|
+
- _oidAppleCertExtApplePPQSigningProd
|
284
|
+
- _oidAppleCertExtApplePPQSigningProdQA
|
285
|
+
- _oidAppleCertExtAppleSMPEncryption
|
286
|
+
- _oidAppleCertExtAppleServerAuthentication
|
287
|
+
- _oidAppleCertExtAppleServerAuthenticationAPNProd
|
288
|
+
- _oidAppleCertExtAppleServerAuthenticationAPNProdQA
|
289
|
+
- _oidAppleCertExtAppleServerAuthenticationGS
|
290
|
+
- _oidAppleCertExtAppleServerAuthenticationIDSProd
|
291
|
+
- _oidAppleCertExtAppleServerAuthenticationIDSProdQA
|
292
|
+
- _oidAppleCertExtAppleServerAuthenticationMMCSProd
|
293
|
+
- _oidAppleCertExtAppleServerAuthenticationMMCSProdQA
|
294
|
+
- _oidAppleCertExtAppleServerAuthenticationPPQProd
|
295
|
+
- _oidAppleCertExtAppleServerAuthenticationPPQProdQA
|
296
|
+
- _oidAppleCertExtAppleServerAuthenticationiCloudSetupProd
|
297
|
+
- _oidAppleCertExtAppleServerAuthenticationiCloudSetupProdQA
|
298
|
+
- _oidAppleCertExtCryptoServicesExtEncryption
|
299
|
+
- _oidAppleCertExtEscrowProxyServerAuthProd
|
300
|
+
- _oidAppleCertExtEscrowProxyServerAuthProdQA
|
301
|
+
- _oidAppleCertExtFMiPServerAuthProd
|
302
|
+
- _oidAppleCertExtFMiPServerAuthProdQA
|
303
|
+
- _oidAppleCertExtHomeKitServerAuth
|
304
|
+
- _oidAppleCertExtOSXProvisioningProfileSigning
|
305
|
+
- _oidAppleCertExtTrustCacheSigning
|
306
|
+
- _oidAppleCertExtTrustCacheSigningTest
|
307
|
+
- _oidAppleCertExtensionAppleIDRecordValidationSigning
|
182
308
|
unknown:
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
309
|
+
- _oidAppleImg4ManifestCertSpec
|
310
|
+
- _oidAppleIntmMarkerAppleHomeKitServerCA
|
311
|
+
- _oidAppleIntmMarkerAppleID
|
312
|
+
- _oidAppleIntmMarkerAppleID2
|
313
|
+
- _oidAppleIntmMarkerAppleServerAuthentication
|
314
|
+
- _oidAppleIntmMarkerAppleSystemIntg2
|
315
|
+
- _oidAppleIntmMarkerAppleSystemIntgG3
|
316
|
+
- _oidAppleIntmMarkerAppleWWDR
|
317
|
+
- _oidApplePolicyEscrowService
|
318
|
+
- _oidApplePolicyMobileStore
|
319
|
+
- _oidApplePolicyMobileStoreProdQA
|
320
|
+
- _oidAppleSecureBootCertSpec
|
321
|
+
- _oidAppleSecureBootTicketCertSpec
|
322
|
+
- _oidAppleTVOSApplicationSigningProd
|
323
|
+
- _oidAppleTVOSApplicationSigningProdQA
|
198
324
|
roots:
|
199
|
-
|
200
|
-
|
201
|
-
FDR Sealing Server CA 1:
|
202
|
-
subordinate_cas:
|
203
|
-
FDR-SS-CM-E1:
|
204
|
-
Basic Attestation User Root CA:
|
325
|
+
Apple Extra Content Global Root CA - G1:
|
326
|
+
subject_key_id: 30168014AA63251D082C72A381536C94D2864995881CB0D0
|
205
327
|
subordinate_cas:
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
certs are issued.
|
328
|
+
ZFF10-SDOM1-TssLive-ManifestKey-ExtraContent-Global-RevA-DataCenter:
|
329
|
+
subject_key_id: 041442FEAB470561CE2A7471B55AC0D81AB7536F4B36
|
330
|
+
Apple Secure Boot Root CA - G2:
|
210
331
|
Apple Secure Boot Root CA - G6:
|
211
332
|
subordinate_cas:
|
212
333
|
T6031-SDOM1-RecoveryBoot-RevA-Factory:
|
@@ -217,8 +338,13 @@ roots:
|
|
217
338
|
subordinate_cas:
|
218
339
|
T6031-SDOM1-TssLive-ManifestKey-Global-RevA-DataCenter:
|
219
340
|
subject_key_id: 0414D8B9E3E9C4A1C542ECB72FC2CF0C2F861E1B3EEF
|
220
|
-
|
221
|
-
subject_key_id: 30168014AA63251D082C72A381536C94D2864995881CB0D0
|
341
|
+
Basic Attestation User Root CA:
|
222
342
|
subordinate_cas:
|
223
|
-
|
224
|
-
|
343
|
+
Basic Attestation User Sub CA2:
|
344
|
+
description: Issues `ucrt` subordinate CA's that are used for user level signing. Under
|
345
|
+
this `BAA Certification` certs are issued.
|
346
|
+
FDR Sealing Server CA 1:
|
347
|
+
subordinate_cas:
|
348
|
+
FDR-SS-CM-E1:
|
349
|
+
FDR-CA1-ROOT-CM:
|
350
|
+
FDR-DC-SSL-ROOT:
|