apple-data 1.0.607 → 1.0.608

Sign up to get free protection for your applications and to get access to all the features.
data/share/pki.yaml CHANGED
@@ -10,203 +10,324 @@ certificate_names:
10
10
  rcrt: remote/recovery certificate?
11
11
  scrt: SEP Certificate
12
12
  tcrt: test certificate?
13
- ucrt: user certificate (mapps to a single iCloud account)
13
+ ucrt:
14
+ name: User Identity Certificate
15
+ issuer: Basic Attestation User Root CA
14
16
  vcrt: virtual certificate?
15
17
  keys:
16
18
  uik:
17
- description: User Identity Key
19
+ title: User Identity Key
20
+ certificates:
21
+ - ucrt
18
22
  sik:
19
- description: System Identity Key
23
+ title: System Identity Key
24
+ certificates:
25
+ - dcrt
20
26
  oik:
21
- description: Owner Identity Key (the first password after restore)
27
+ title: Owner Identity Key
22
28
  constants:
23
29
  private_oid_root: 1.2.840.113635
24
30
  oids:
25
- - oid: 1.2.840.113635.100.6.17
26
- description: Contains the name of the key
27
- - oid: 1.2.840.113635.100.5.3
31
+ 1.2.840.113635.100.10:
32
+ description: >
33
+ `ucrt` extension root
34
+ 1.2.840.113635.100.10.1:
35
+ description: Hardware device identifiers of the machine the certificate is issued
36
+ to contains BORD, CHIP, ECID, srnm, udid, seid
37
+ found_in:
38
+ - ucrt
39
+ issuers:
40
+ - FDRDC-UCRT-SUBCA
41
+ ous:
42
+ - ucrt Leaf Certificate
43
+ 1.2.840.113635.100.10.2:
44
+ found_in:
45
+ - ucrt
46
+ issuers:
47
+ - FDRDC-UCRT-SUBCA
48
+ ous:
49
+ - ucrt Leaf Certificate
50
+ 1.2.840.113635.100.4.1:
51
+ symbol: oidAppleExtendedKeyUsageCodeSigning
52
+ 1.2.840.113635.100.4.1.1:
53
+ symbol: oidAppleExtendedKeyUsageCodeSigningDev
54
+ 1.2.840.113635.100.4.11:
55
+ symbol: oidAppleCertExtOSXProvisioningProfileSigning
56
+ 1.2.840.113635.100.5.12:
57
+ symbol: oidApplePolicyMobileStore
58
+ 1.2.840.113635.100.5.12.1:
59
+ symbol: oidApplePolicyMobileStoreProdQA
60
+ 1.2.840.113635.100.5.3:
28
61
  apple_description: ADC Certificate Policy
29
- - oid: 1.2.840.113635.100.5.4
30
- apple_description: Markers for iPhone OS Device Certificate Policies, used for external sources to trust iPhone OS devices
31
- - oid: 1.2.840.113635.100.5.4.1
62
+ 1.2.840.113635.100.5.4:
63
+ apple_description: Markers for iPhone OS Device Certificate Policies, used for
64
+ external sources to trust iPhone OS devices
65
+ 1.2.840.113635.100.5.4.1:
32
66
  apple_description: BBC's Policy
33
- - oid: 1.2.840.113635.100.6.1.1
67
+ 1.2.840.113635.100.6.1.1:
34
68
  apple_description: Apple Released Code Signature
35
- - oid: 1.2.840.113635.100.6.1.2
36
- apple_description: Apple World Wide Developer Relations Certificates for Code Signing during development
37
- - oid: 1.2.840.113635.100.6.1.3
38
- apple_description: Apple World Wide Developer Relations Certificates for Code Signing for General Release through the iTMS
39
- - oid: 1.2.840.113635.100.6.1.3.1
40
- apple_description: Apple World Wide Developer Relations Certificates for Code Signing for Test Release through the iTMS
41
- - oid: 1.2.840.113635.100.6.1.4
42
- apple_description: Apple World Wide Developer Relations Certificates for Code Signing GM from developer to Apple
43
- - oid: 1.2.840.113635.100.6.16
44
- description:
45
- A sequence of FDR programming commands, seperated by ";". Each command is "PUT" or "GET" prior to a
46
- 4CC value, followed by a ":" then the value of the key.
47
- example:
48
- PUT/FSCl:sik-FXFYFXFFYFFEX-QQRRRDEETFEFYCEIESLIREILCILESCLSELRESERSER
49
- - oid: 1.2.840.113635.100.6.1.15
50
- name: TSS Signing Delegation Constraints
51
- description:
52
- Constriction on values that can be specified or signed by this certificate. Conatins two sub-sequesnces, the MANP (Manifest Properties)
53
- and the OBJP (Object Properties). Manifest properties are at the issued IM4M, and object properties are per signed object (firmware).
54
- Values of NULL mean tha tthis certificate can sign any value for that property, values that are set are values that must be signed
55
- with that value by this certificate. This is how for example `T6031-SDOM1` is enforced. The certificate for that set of servers
56
- have a null value for ECID (meaning it can be used for any ECID) and have fixed values for CHIP / Security Domain SDOM.
57
-
58
- This is how Live TSS for customers differs from factory signing in what properties it can include. Factory only manifest properties
59
- include `augs`, `uidm`
69
+ symbol: oidAppleSecureBootCertSpec
70
+ 1.2.840.113635.100.6.1.11:
71
+ symbol: oidAppleSecureBootTicketCertSpec
72
+ 1.2.840.113635.100.6.1.15:
73
+ name: IMG4 Manifest Certificate Specification
74
+ description: "Constriction on values that can be specified or signed by this certificate.
75
+ \ Conatins two sub-sequesnces, \nthe MANP (Manifest Properties) and the OBJP
76
+ (Object Properties). Manifest properties are at the issued \nIM4M, and object
77
+ properties are per signed object (firmware). Values of NULL mean tha tthis certificate\ncan
78
+ sign any value for that property, values that are set are values that must be
79
+ signed with that value\nby this certificate. This is how for example `T6031-SDOM1`
80
+ is enforced. The certificate for that set of\nservers have a null value for
81
+ ECID (meaning it can be used for any ECID) and have fixed values for CHIP /\nSecurity
82
+ Domain SDOM.\nThis is how Live TSS for customers differs from factory signing
83
+ in what properties it can include. Factory\nonly manifest properties include
84
+ `augs`, `uidm`"
60
85
  found_in:
61
- - ucrt
62
- - dcrt-oid
86
+ - ucrt
87
+ - dcrt-oid
88
+ symbol: oidAppleImg4ManifestCertSpec
63
89
  issuers:
64
- - Basic Attestation User Sub CA2
65
- - FDRDC-UCRT-SUBCA
66
- - T6031-SDOM1-TssLive-ManifestKey-RevA-Factory
90
+ - Basic Attestation User Sub CA2
91
+ - FDRDC-UCRT-SUBCA
92
+ - T6031-SDOM1-TssLive-ManifestKey-RevA-Factory
67
93
  ous:
68
- - BAA Certification
69
- - ucrt Leaf Certificate
70
- - oid: 1.2.840.113635.100.6.2.1
94
+ - BAA Certification
95
+ - ucrt Leaf Certificate
96
+ 1.2.840.113635.100.6.1.16:
97
+ symbol: oidAppleInstallerPackagingSigningExternal
98
+ 1.2.840.113635.100.6.1.2:
99
+ apple_description: Apple World Wide Developer Relations Certificates for Code
100
+ Signing during development
101
+ 1.2.840.113635.100.6.1.24:
102
+ symbol: oidAppleTVOSApplicationSigningProd
103
+ 1.2.840.113635.100.6.1.24.1:
104
+ symbol: oidAppleCertExtATVAppSigningProdQA
105
+ 1.2.840.113635.100.6.1.28:
106
+ symbol: oidAppleCertExtTrustCacheSigning
107
+ 1.2.840.113635.100.6.1.28.1:
108
+ symbol: oidAppleCertExtTrustCacheSigningTest
109
+ 1.2.840.113635.100.6.1.3:
110
+ apple_description: Apple World Wide Developer Relations Certificates for Code
111
+ Signing for General Release through the iTMS
112
+ symbol: oidAppleApplicationSigning
113
+ 1.2.840.113635.100.6.1.3.1:
114
+ apple_description: Apple World Wide Developer Relations Certificates for Code
115
+ Signing for Test Release through the iTMS
116
+ 1.2.840.113635.100.6.1.36:
117
+ symbol: oidAppleXROSApplicationSigningProd
118
+ 1.2.840.113635.100.6.1.36.1:
119
+ symbol: oidAppleXROSApplicationSigningProdQA
120
+ 1.2.840.113635.100.6.1.4:
121
+ apple_description: Apple World Wide Developer Relations Certificates for Code
122
+ Signing GM from developer to Apple
123
+ 1.2.840.113635.100.6.16:
124
+ description: A sequence of FDR programming commands, seperated by ";". Each command
125
+ is "PUT" or "GET" prior to a 4CC value, followed by a ":" then the value of
126
+ the key.
127
+ example: PUT/FSCl:sik-FXFYFXFFYFFEX-QQRRRDEETFEFYCEIESLIREILCILESCLSELRESERSER
128
+ 1.2.840.113635.100.6.17:
129
+ description: Contains the name of the key
130
+ 1.2.840.113635.100.6.2.1:
71
131
  apple_description: Marker for the WWDR Intermediate Certificate
72
- - oid: 1.2.840.113635.100.6.2.2
132
+ symbol: oidAppleProvisioningProfile
133
+ 1.2.840.113635.100.6.2.10:
134
+ symbol: oidAppleIntmMarkerAppleSystemIntg2
135
+ 1.2.840.113635.100.6.2.12:
136
+ symbol: oidAppleIntmMarkerAppleServerAuthentication
137
+ 1.2.840.113635.100.6.2.13:
138
+ symbol: oidAppleIntmMarkerAppleSystemIntgG3
139
+ 1.2.840.113635.100.6.2.16:
140
+ symbol: oidAppleIntmMarkerAppleHomeKitServerCA
141
+ 1.2.840.113635.100.6.2.2:
73
142
  apple_description: Marker for the iTunes Store Intermediate Certificate
74
- - oid: 1.2.840.113635.100.6.3.1
75
- apple_description: Apple World Wide Developer Relations Client SSL Certificates for Accessing the Development Apple Push Service
76
- - oid: 1.2.840.113635.100.6.3.2
77
- apple_description: Apple World Wide Developer Relations Client SSL Certificates for Accessing the Production Apple Push Service
78
- - oid: 1.2.840.113635.100.6.4.1
79
- apple_description: Extension Markers for device version string, expects UTF8 to follow in SubjectAltName
80
- - oid: 1.2.840.113635.100.6 4.2
81
- apple_description: Extension Markers for OS version string, expects UTF8 to follow in SubjectAltName
82
- - oid: 1.2.840.113635.100.6.5.1
83
- apple_description: Apple iTunes Store Certificates for Signing Receipts of Purchases from the iTS
84
- - oid: 1.2.840.113635.100.6.5.2
85
- apple_description: Apple iTunes Store Certificates for Signing Requests to Purchase for the iTS
86
- - oid: 1.2.840.113635.100.7.1.1
87
- apple_description: 'Apple FairPlay certificate extended Application Authentication & Authorization: Policy'
88
- - oid: 1.2.840.113635.100.8.4
89
- description: Contains a sequence of integer values. Some are 0, some are 1, others appear to be int32 bitmasks.
143
+ 1.2.840.113635.100.6.2.3:
144
+ symbol: oidAppleIntmMarkerAppleID
145
+ 1.2.840.113635.100.6.2.7:
146
+ symbol: oidAppleIntmMarkerAppleID2
147
+ 1.2.840.113635.100.6.23.1:
148
+ symbol: oidApplePolicyEscrowService
149
+ 1.2.840.113635.100.6.25:
150
+ symbol: oidAppleCertExtensionAppleIDRecordValidationSigning
151
+ 1.2.840.113635.100.6.27.1:
152
+ symbol: oidAppleCertExtAppleServerAuthentication
153
+ 1.2.840.113635.100.6.27.11.1:
154
+ symbol: oidAppleCertExtMMCSServerAuthProdQA
155
+ 1.2.840.113635.100.6.27.11.2:
156
+ symbol: oidAppleCertExtMMCSServerAuthProd
157
+ 1.2.840.113635.100.6.27.15.1:
158
+ symbol: oidAppleCertExtiCloudSetupServerAuthProdQA
159
+ 1.2.840.113635.100.6.27.15.2:
160
+ symbol: oidAppleCertExtiCloudSetupServerAuthProd
161
+ 1.2.840.113635.100.6.27.2:
162
+ symbol: oidAppleCertExtAppleServerAuthenticationGS
163
+ 1.2.840.113635.100.6.27.3.1:
164
+ symbol: oidAppleCertExtAppleServerAuthenticationPPQProdQA
165
+ 1.2.840.113635.100.6.27.3.2:
166
+ symbol: oidAppleCertExtAppleServerAuthenticationPPQProd
167
+ 1.2.840.113635.100.6.27.4.1:
168
+ symbol: oidAppleCertExtAppleServerAuthenticationIDSProdQA
169
+ 1.2.840.113635.100.6.27.4.2:
170
+ symbol: oidAppleCertExtAppleServerAuthenticationIDSProd
171
+ 1.2.840.113635.100.6.27.5.1:
172
+ symbol: oidAppleCertExtAppleServerAuthenticationAPNProdQA
173
+ 1.2.840.113635.100.6.27.5.2:
174
+ symbol: oidAppleCertExtAppleServerAuthenticationAPNProd
175
+ 1.2.840.113635.100.6.27.6.1:
176
+ symbol: oidAppleCertExtFMiPServerAuthProdQA
177
+ 1.2.840.113635.100.6.27.6.2:
178
+ symbol: oidAppleCertExtFMiPServerAuthProd
179
+ 1.2.840.113635.100.6.27.7.1:
180
+ symbol: oidAppleCertExtEscrowProxyServerAuthProdQA
181
+ 1.2.840.113635.100.6.27.7.2:
182
+ symbol: oidAppleCertExtEscrowProxyServerAuthProd
183
+ 1.2.840.113635.100.6.27.8.1:
184
+ symbol: oidAppleCertExtAST2DiagnosticsServerAuthProdQA
185
+ 1.2.840.113635.100.6.27.8.2:
186
+ symbol: oidAppleCertExtAST2DiagnosticsServerAuthProd
187
+ 1.2.840.113635.100.6.27.9:
188
+ symbol: oidAppleCertExtHomeKitServerAuth
189
+ 1.2.840.113635.100.6.3.1:
190
+ apple_description: Apple World Wide Developer Relations Client SSL Certificates
191
+ for Accessing the Development Apple Push Service
192
+ 1.2.840.113635.100.6.3.2:
193
+ apple_description: Apple World Wide Developer Relations Client SSL Certificates
194
+ for Accessing the Production Apple Push Service
195
+ 1.2.840.113635.100.6.30:
196
+ symbol: oidAppleCertExtAppleSMPEncryption
197
+ 1.2.840.113635.100.6.38.1:
198
+ symbol: oidAppleCertExtApplePPQSigningProdQA
199
+ 1.2.840.113635.100.6.38.2:
200
+ symbol: oidAppleCertExtApplePPQSigningProd
201
+ 1.2.840.113635.100.6.39:
202
+ symbol: oidAppleCertExtCryptoServicesExtEncryption
203
+ 1.2.840.113635.100.6.4.1:
204
+ apple_description: Extension Markers for device version string, expects UTF8 to
205
+ follow in SubjectAltName
206
+ 1.2.840.113635.100.6.4.2:
207
+ apple_description: Extension Markers for OS version string, expects UTF8 to follow
208
+ in SubjectAltName
209
+ 1.2.840.113635.100.6.43:
210
+ symbol: oidAppleCertExtATVVPNProfileSigning
211
+ 1.2.840.113635.100.6.5.1:
212
+ apple_description: Apple iTunes Store Certificates for Signing Receipts of Purchases
213
+ from the iTS
214
+ 1.2.840.113635.100.6.5.2:
215
+ apple_description: Apple iTunes Store Certificates for Signing Requests to Purchase
216
+ for the iTS
217
+ 1.2.840.113635.100.7.1.1:
218
+ apple_description: 'Apple FairPlay certificate extended Application Authentication
219
+ & Authorization: Policy'
220
+ 1.2.840.113635.100.8:
221
+ description: Local Policy OID Root
222
+ 1.2.840.113635.100.8.4:
223
+ description: Contains a sequence of integer values. Some are 0, some are 1, others
224
+ appear to be int32 bitmasks.
90
225
  is_asn_body: true
91
226
  is_extension: true
92
227
  found_in:
93
- - dcrt
94
- - dcrt-oid
228
+ - dcrt
229
+ - dcrt-oid
95
230
  issuers:
96
- - Basic Attestation User Sub CA2
231
+ - Basic Attestation User Sub CA2
97
232
  ous:
98
- - BAA Certification
99
- - oid: 1.2.840.113635.100.8.5
100
- description: Similar in nature to `1.2.840.113635.100.8.4`. Non-integer values observed of `ssca`.
233
+ - BAA Certification
234
+ symbol:
235
+ 1.2.840.113635.100.8.5:
236
+ description: Similar in nature to `1.2.840.113635.100.8.4`. Non-integer values
237
+ observed of `ssca`.
101
238
  is_asn_body: true
102
239
  is_extension: true
103
240
  found_in:
104
- - dcrt
105
- - dcrt-oid
241
+ - dcrt
242
+ - dcrt-oid
106
243
  issuers:
107
- - Basic Attestation User Sub CA2
244
+ - Basic Attestation User Sub CA2
108
245
  ous:
109
- - BAA Certification
110
- - oid: 1.2.840.113635.100.8.7
246
+ - BAA Certification
247
+ 1.2.840.113635.100.8.7:
111
248
  description: ASN1 data for the version of macOS for the issued under (e.g. 12.2)
112
249
  is_asn_body: true
113
250
  is_extension: true
114
251
  found_in:
115
- - dcrt
116
- - dcrt-oid
117
- issuers:
118
- - Basic Attestation User Sub CA2
119
- ous:
120
- - BAA Certification
121
- - oid: 1.2.840.113635.100.10.1
122
- description:
123
- Hardware device identifiers of the machine the certificate is issued to
124
- contains BORD, CHIP, ECID, srnm, udid, seid
125
- found_in:
126
- - ucrt
127
- issuers:
128
- - FDRDC-UCRT-SUBCA
129
- ous:
130
- - ucrt Leaf Certificate
131
- - oid: 1.2.840.113635.100.10.2
132
- found_in:
133
- - ucrt
252
+ - dcrt
253
+ - dcrt-oid
134
254
  issuers:
135
- - FDRDC-UCRT-SUBCA
255
+ - Basic Attestation User Sub CA2
136
256
  ous:
137
- - ucrt Leaf Certificate
257
+ - BAA Certification
258
+ 1.3.6.1.4.1.311.2.1.12:
259
+ symbol: oidMicrosoftSpcSpOpusInfo
260
+ 1.3.6.1.4.1.311.2.1.15:
261
+ symbol: oidMicrosoftSpcPEImageData
262
+ 1.3.6.1.4.1.311.2.1.4:
263
+ symbol: oidMicrosoftSpcIndirectDataContext
138
264
  known_symbols:
139
265
  ekus:
140
- - _oidAppleExtendedKeyUsageAppleID
141
- - _oidAppleExtendedKeyUsageCodeSigning
142
- - _oidAppleExtendedKeyUsageCodeSigningDev
143
- - _oidAppleExtendedKeyUsagePassbook
144
- - _oidAppleExtendedKeyUsageProfileSigning
145
- - _oidAppleExtendedKeyUsageQAProfileSigning
266
+ - _oidAppleExtendedKeyUsageAppleID
267
+ - _oidAppleExtendedKeyUsageCodeSigning
268
+ - _oidAppleExtendedKeyUsageCodeSigningDev
269
+ - _oidAppleExtendedKeyUsagePassbook
270
+ - _oidAppleExtendedKeyUsageProfileSigning
271
+ - _oidAppleExtendedKeyUsageQAProfileSigning
146
272
  purposes:
147
- - _oidAppleApplicationSigning
148
- - _oidAppleProvisioningProfile
149
- - _oidAppleInstallerPackagingSigningExternal
150
- - _oidApplePushServiceClient
273
+ - _oidAppleApplicationSigning
274
+ - _oidAppleProvisioningProfile
275
+ - _oidAppleInstallerPackagingSigningExternal
276
+ - _oidApplePushServiceClient
151
277
  extensions:
152
- - _oidAppleCertExtAST2DiagnosticsServerAuthProd
153
- - _oidAppleCertExtAST2DiagnosticsServerAuthProdQA
154
- - _oidAppleCertExtATVAppSigningProd
155
- - _oidAppleCertExtATVAppSigningProdQA
156
- - _oidAppleCertExtATVVPNProfileSigning
157
- - _oidAppleCertExtApplePPQSigningProd
158
- - _oidAppleCertExtApplePPQSigningProdQA
159
- - _oidAppleCertExtAppleSMPEncryption
160
- - _oidAppleCertExtAppleServerAuthentication
161
- - _oidAppleCertExtAppleServerAuthenticationAPNProd
162
- - _oidAppleCertExtAppleServerAuthenticationAPNProdQA
163
- - _oidAppleCertExtAppleServerAuthenticationGS
164
- - _oidAppleCertExtAppleServerAuthenticationIDSProd
165
- - _oidAppleCertExtAppleServerAuthenticationIDSProdQA
166
- - _oidAppleCertExtAppleServerAuthenticationMMCSProd
167
- - _oidAppleCertExtAppleServerAuthenticationMMCSProdQA
168
- - _oidAppleCertExtAppleServerAuthenticationPPQProd
169
- - _oidAppleCertExtAppleServerAuthenticationPPQProdQA
170
- - _oidAppleCertExtAppleServerAuthenticationiCloudSetupProd
171
- - _oidAppleCertExtAppleServerAuthenticationiCloudSetupProdQA
172
- - _oidAppleCertExtCryptoServicesExtEncryption
173
- - _oidAppleCertExtEscrowProxyServerAuthProd
174
- - _oidAppleCertExtEscrowProxyServerAuthProdQA
175
- - _oidAppleCertExtFMiPServerAuthProd
176
- - _oidAppleCertExtFMiPServerAuthProdQA
177
- - _oidAppleCertExtHomeKitServerAuth
178
- - _oidAppleCertExtOSXProvisioningProfileSigning
179
- - _oidAppleCertExtTrustCacheSigning
180
- - _oidAppleCertExtTrustCacheSigningTest
181
- - _oidAppleCertExtensionAppleIDRecordValidationSigning
278
+ - _oidAppleCertExtAST2DiagnosticsServerAuthProd
279
+ - _oidAppleCertExtAST2DiagnosticsServerAuthProdQA
280
+ - _oidAppleCertExtATVAppSigningProd
281
+ - _oidAppleCertExtATVAppSigningProdQA
282
+ - _oidAppleCertExtATVVPNProfileSigning
283
+ - _oidAppleCertExtApplePPQSigningProd
284
+ - _oidAppleCertExtApplePPQSigningProdQA
285
+ - _oidAppleCertExtAppleSMPEncryption
286
+ - _oidAppleCertExtAppleServerAuthentication
287
+ - _oidAppleCertExtAppleServerAuthenticationAPNProd
288
+ - _oidAppleCertExtAppleServerAuthenticationAPNProdQA
289
+ - _oidAppleCertExtAppleServerAuthenticationGS
290
+ - _oidAppleCertExtAppleServerAuthenticationIDSProd
291
+ - _oidAppleCertExtAppleServerAuthenticationIDSProdQA
292
+ - _oidAppleCertExtAppleServerAuthenticationMMCSProd
293
+ - _oidAppleCertExtAppleServerAuthenticationMMCSProdQA
294
+ - _oidAppleCertExtAppleServerAuthenticationPPQProd
295
+ - _oidAppleCertExtAppleServerAuthenticationPPQProdQA
296
+ - _oidAppleCertExtAppleServerAuthenticationiCloudSetupProd
297
+ - _oidAppleCertExtAppleServerAuthenticationiCloudSetupProdQA
298
+ - _oidAppleCertExtCryptoServicesExtEncryption
299
+ - _oidAppleCertExtEscrowProxyServerAuthProd
300
+ - _oidAppleCertExtEscrowProxyServerAuthProdQA
301
+ - _oidAppleCertExtFMiPServerAuthProd
302
+ - _oidAppleCertExtFMiPServerAuthProdQA
303
+ - _oidAppleCertExtHomeKitServerAuth
304
+ - _oidAppleCertExtOSXProvisioningProfileSigning
305
+ - _oidAppleCertExtTrustCacheSigning
306
+ - _oidAppleCertExtTrustCacheSigningTest
307
+ - _oidAppleCertExtensionAppleIDRecordValidationSigning
182
308
  unknown:
183
- - _oidAppleImg4ManifestCertSpec
184
- - _oidAppleIntmMarkerAppleHomeKitServerCA
185
- - _oidAppleIntmMarkerAppleID
186
- - _oidAppleIntmMarkerAppleID2
187
- - _oidAppleIntmMarkerAppleServerAuthentication
188
- - _oidAppleIntmMarkerAppleSystemIntg2
189
- - _oidAppleIntmMarkerAppleSystemIntgG3
190
- - _oidAppleIntmMarkerAppleWWDR
191
- - _oidApplePolicyEscrowService
192
- - _oidApplePolicyMobileStore
193
- - _oidApplePolicyMobileStoreProdQA
194
- - _oidAppleSecureBootCertSpec
195
- - _oidAppleSecureBootTicketCertSpec
196
- - _oidAppleTVOSApplicationSigningProd
197
- - _oidAppleTVOSApplicationSigningProdQA
309
+ - _oidAppleImg4ManifestCertSpec
310
+ - _oidAppleIntmMarkerAppleHomeKitServerCA
311
+ - _oidAppleIntmMarkerAppleID
312
+ - _oidAppleIntmMarkerAppleID2
313
+ - _oidAppleIntmMarkerAppleServerAuthentication
314
+ - _oidAppleIntmMarkerAppleSystemIntg2
315
+ - _oidAppleIntmMarkerAppleSystemIntgG3
316
+ - _oidAppleIntmMarkerAppleWWDR
317
+ - _oidApplePolicyEscrowService
318
+ - _oidApplePolicyMobileStore
319
+ - _oidApplePolicyMobileStoreProdQA
320
+ - _oidAppleSecureBootCertSpec
321
+ - _oidAppleSecureBootTicketCertSpec
322
+ - _oidAppleTVOSApplicationSigningProd
323
+ - _oidAppleTVOSApplicationSigningProdQA
198
324
  roots:
199
- FDR-CA1-ROOT-CM:
200
- FDR-DC-SSL-ROOT:
201
- FDR Sealing Server CA 1:
202
- subordinate_cas:
203
- FDR-SS-CM-E1:
204
- Basic Attestation User Root CA:
325
+ Apple Extra Content Global Root CA - G1:
326
+ subject_key_id: 30168014AA63251D082C72A381536C94D2864995881CB0D0
205
327
  subordinate_cas:
206
- Basic Attestation User Sub CA2:
207
- description:
208
- Issues `ucrt` subordinate CA's that are used for user level signing. Under this `BAA Certification`
209
- certs are issued.
328
+ ZFF10-SDOM1-TssLive-ManifestKey-ExtraContent-Global-RevA-DataCenter:
329
+ subject_key_id: 041442FEAB470561CE2A7471B55AC0D81AB7536F4B36
330
+ Apple Secure Boot Root CA - G2:
210
331
  Apple Secure Boot Root CA - G6:
211
332
  subordinate_cas:
212
333
  T6031-SDOM1-RecoveryBoot-RevA-Factory:
@@ -217,8 +338,13 @@ roots:
217
338
  subordinate_cas:
218
339
  T6031-SDOM1-TssLive-ManifestKey-Global-RevA-DataCenter:
219
340
  subject_key_id: 0414D8B9E3E9C4A1C542ECB72FC2CF0C2F861E1B3EEF
220
- Apple Extra Content Global Root CA - G1:
221
- subject_key_id: 30168014AA63251D082C72A381536C94D2864995881CB0D0
341
+ Basic Attestation User Root CA:
222
342
  subordinate_cas:
223
- ZFF10-SDOM1-TssLive-ManifestKey-ExtraContent-Global-RevA-DataCenter:
224
- subject_key_id: 041442FEAB470561CE2A7471B55AC0D81AB7536F4B36
343
+ Basic Attestation User Sub CA2:
344
+ description: Issues `ucrt` subordinate CA's that are used for user level signing. Under
345
+ this `BAA Certification` certs are issued.
346
+ FDR Sealing Server CA 1:
347
+ subordinate_cas:
348
+ FDR-SS-CM-E1:
349
+ FDR-CA1-ROOT-CM:
350
+ FDR-DC-SSL-ROOT: