apple-data 1.0.611 → 1.0.613

data/share/nvram.yaml

@@ -4,6 +4,13 @@ metadata:
   credits:
   collections:
   - nvram_variables
+nvram_scopes:
+  system:
+    description: For Apple Silicon Macs - The SFR / System Level NVRAM
+    uuid: 40A0DDD2-77F8-4392-B4A3-1E7304206516
+  common:
+    description: For Apple Silicon Macs - The Per OS or Non-SFR / System NVRAM
+    uuid:
 nvram_variables:
   _csegbufsz_experiment:
   _libmalloc_experiment:
@@ -63,6 +70,9 @@ nvram_variables:
   bluetoothInternalControllerInfo:
   BluetoothUHEDevices:
   board-id:
+  boop-storage-nonces:
+    scopes:
+    - system
   boot-args:
     description: String passed to the XNU kernel at boot (M1's do filter this though)
     type: string
@@ -99,7 +109,7 @@ nvram_variables:
   boot-stage:
   boot-volume:
   bootdelay:
-    description: Seconds to pause before autoboot
+    description: Seconds to pause before `auto-boot`
     type: number
     persistent: true
   BOSCatalogURL:
@@ -109,6 +119,11 @@ nvram_variables:
   build-version:
   cam-use-ext-ldo:
   com.apple.System.boot-nonce:
+    description: The persisted random seed that is hashed to become APNonce.  While
+      this value is not changed, the APNonce remains the same.  When a device is booted
+      from DFU, a new value is computed for this which is later in restore saved to
+      ensure that the APTicket remains valid.  Upgrades to APTicket will generate
+      a new nonce value.
   com.apple.System.fp-state:
   com.apple.System.sep.art:
   com.apple.System.tz0-size:
@@ -250,6 +265,12 @@ nvram_variables:
     - PPC
   IOBusyInterest:
   IODeviceMemory:
+  IONVRAM-FORCESYNCNOW-PROPERTY:
+    description: 'Embedded still throttles NVRAM commits via kIONVRAMSyncNowPropertyKey,
+      but some clients still need a stricter NVRAM commit contract. Please use this
+      with care.
+
+      '
   IOPlatformActiveAction:
   IOPlatformHaltRestartAction:
   IOPlatformPanicAction:
@@ -288,6 +309,7 @@ nvram_variables:
   oem-logo:
   oem-logo?:
   one-time-boot-command:
+    description: A boot command to be used on the next reboot, which is then cleared
   ota-anomalies:
   ota-brain-version:
   ota-breadcrumbs:
@@ -356,6 +378,7 @@ nvram_variables:
   pmgr_cpu_override:
   pmgr_gpu_override:
   policy-nonce-digests:
+    description: The hashed digests of the recoveryOS, remote and local policies.
   pre-recovery-ota-failure-uuid:
   preferred-count:
     scopes:
@@ -366,7 +389,7 @@ nvram_variables:
   preserve-debuggability:
   prev-lang-diags:kbd:
   prev-lang:kbd:
-    description: Default keyboard layout
+    description: The last selected language and keyboard layout pair
     type: string
     scopes:
     - common
@@ -425,6 +448,7 @@ nvram_variables:
   security-password:
   selftest-#megs:
     type: number
+  sep-debug-args:
   serverip:
   SleepWakeFailurePanic:
   SleepWakeFailureString:

data/share/pki.yaml

@@ -7,8 +7,8 @@ metadata:
   - keys
   - oids
 certificate_names:
-  dcrt: device certificate
-  dcrt-oid: device owner certificate
+  dcrt: Device Identity Certificate
+  dcrt-oid: Device Owner Identity Certificate
   lcrt: Lynx / Secure Storage for SEP Certificate
   pcrt: product/production certificate?
   rcrt: remote/recovery certificate?
@@ -50,6 +50,8 @@ oids:
     - FDRDC-UCRT-SUBCA
     ous:
     - ucrt Leaf Certificate
+  1.2.840.113635.100.11.1:
+    description: Component Certificate - Component Type
   1.2.840.113635.100.4.1:
     symbol: oidAppleExtendedKeyUsageCodeSigning
   1.2.840.113635.100.4.1.1:
@@ -167,6 +169,8 @@ oids:
     symbol: oidAppleCertExtAppleServerAuthenticationPPQProdQA
   1.2.840.113635.100.6.27.3.2:
     symbol: oidAppleCertExtAppleServerAuthenticationPPQProd
+  1.2.840.113635.100.6.27.32:
+    description: Apple SSL Certificate
   1.2.840.113635.100.6.27.4.1:
     symbol: oidAppleCertExtAppleServerAuthenticationIDSProdQA
   1.2.840.113635.100.6.27.4.2:
@@ -197,6 +201,8 @@ oids:
       for Accessing the Production Apple Push Service
   1.2.840.113635.100.6.30:
     symbol: oidAppleCertExtAppleSMPEncryption
+  1.2.840.113635.100.6.36:
+    description: Made for iDevice (MFi) - Authentication v3
   1.2.840.113635.100.6.38.1:
     symbol: oidAppleCertExtApplePPQSigningProdQA
   1.2.840.113635.100.6.38.2:
@@ -217,11 +223,18 @@ oids:
   1.2.840.113635.100.6.5.2:
     apple_description: Apple iTunes Store Certificates for Signing Requests to Purchase
       for the iTS
+  1.2.840.113635.100.6.59.1:
+    description: Software Authentication GeneralCapabilities
+  1.2.840.113635.100.6.71.1:
+    description: Made for iDevice (MFi) - Authentication v4 - Apple Accessory Properties
+      Extension
   1.2.840.113635.100.7.1.1:
     apple_description: 'Apple FairPlay certificate extended Application Authentication
       & Authorization: Policy'
   1.2.840.113635.100.8:
-    description: Local Policy OID Root
+    description: Apple Local Device Attestation (BAA)
+  1.2.840.113635.100.8.2:
+    symbol: CTOidItemAppleDeviceAttestationNonce
   1.2.840.113635.100.8.4:
     description: Contains a sequence of integer values.  Some are 0, some are 1, others
       appear to be int32 bitmasks.
@@ -234,10 +247,11 @@ oids:
     - Basic Attestation User Sub CA2
     ous:
     - BAA Certification
-    symbol:
+    symbol: CTOidItemAppleDeviceAttestationHardwareProperties
   1.2.840.113635.100.8.5:
     description: Similar in nature to `1.2.840.113635.100.8.4`. Non-integer values
       observed of `ssca`.
+    symbol: CTOidItemAppleDeviceAttestationKeyUsageProperties
     is_asn_body: true
     is_extension: true
     found_in:
@@ -248,7 +262,8 @@ oids:
     ous:
     - BAA Certification
   1.2.840.113635.100.8.7:
-    description: ASN1 data for the version of macOS for the issued under (e.g. 12.2)
+    description: Information about the OS environment that performed that local attestation
+    symbol: CTOidItemAppleDeviceAttestationDeviceOSInformation
     is_asn_body: true
     is_extension: true
     found_in:
@@ -331,7 +346,11 @@ roots:
       ZFF10-SDOM1-TssLive-ManifestKey-ExtraContent-Global-RevA-DataCenter:
         subject_key_id: 041442FEAB470561CE2A7471B55AC0D81AB7536F4B36
   Apple Secure Boot Root CA - G2:
+    description: Primary iDevice SecureROM - Root of Trust
+    subordinate_cas:
+      T6031-SDOM1-TssLive-ManifestKey-RevA-DataCenter:
   Apple Secure Boot Root CA - G6:
+    description: Seems to be a CA for local policy signatures of boot firmware
     subordinate_cas:
       T6031-SDOM1-RecoveryBoot-RevA-Factory:
         description:
@@ -351,3 +370,6 @@ roots:
       FDR-SS-CM-E1:
   FDR-CA1-ROOT-CM:
   FDR-DC-SSL-ROOT:
+  Apple DDI Secure Boot Root CA - G1:
+    subordinate_cas:
+      ZFF10-SDOM1-TssLive-ManifestKey-ExtraContent-RevA-DataCenter:

data/share/storage.yaml

@@ -0,0 +1,54 @@
+---
+metadata:
+  description:
+  credits:
+  collections:
+non_volatile_storage:
+  NVMe:
+    parts:
+      fsys:
+        dsecription: The user filesystem.
+      EAN:
+      diagnostics:
+  NAND:
+    parts:
+      none:
+        title:
+      boot:
+        title: Boot Block
+      diag:
+        title: Diagnostic Data
+      scfg:
+        title: System Config
+      firm:
+        title: Firmware
+      nvrm:
+        title: Firmware
+      fsys:
+        title: Filesystem
+      plog:
+        title: Effaceable
+      fbbt:
+        title: Bad Block Table
+  NOR:
+  EAN:
+    description: Emulated Apple NOR?
+    parts:
+  SysCfg:
+  nvram:
+    parts:
+      anvram: ARM NVRAM (Default for iDevices)
+      rnvram: Intel NVRAM (For devices with a T2)
+      system: The "system" layer NVRAM for Apple Silicon (for the domain of the SFR
+        and core APTicket)
+      common: Classical NVRAM for OS specific installs
+    formats:
+      NVV3:
+  ramrod_shadow:
+    formats:
+      nvram.plist:
+  xarts:
+    formats:
+      GigaLocker:
+  SEP:
+    description: The Lynx or Ocelot directly attached to the SEP

data/share/syscfg.yaml

@@ -8,6 +8,7 @@ metadata:
   - entitlements
 stores:
   0Cfg:
+    description: Hypervisor Domain 0 SysCfg
   ADCL:
     name: Apple Display Calibration Store
   ADDA:

data/share/terms.yaml

@@ -17,10 +17,14 @@ term_list:
   - title: 64bit ARM v8+ Architecture
   aarch64e:
   - title: 64bit ARM v8.3+ Architecture with Pointer Authentication
+  AASP:
+  - title: Apple Authorised Service Partner
   ACC:
   - title: Apple Core Cluster
   ACE:
   - title: USB-C Port Controller
+  ACM:
+  - title: Apple Credential Manager Service
   AES:
   - title: Advanced Encryption Standard
   AGX:
@@ -29,6 +33,8 @@ term_list:
   - title: Apple Hardware Test
   AID:
   - title: Apple ID
+  AKS:
+  - title: Apple Key Storage Service
   AltDSID:
   AMCC:
   - title: Apple Memory Cache Controller
@@ -39,7 +45,7 @@ term_list:
   ANE:
   - title: Apple Neural Engine
   anpi:
-  - title:
+  - title: Apple NCM Private Interface
   ANS:
   - title: Apple NAND Storage
   AOP:
@@ -85,7 +91,7 @@ term_list:
   AWDL:
   - title: Apple Wireless Direct Link
   BAA:
-  - title: Basic Attestation Authority (BAA)
+  - title: Basic Attestation Authority (BAA) - Used for Local Policy signing
   baseband:
   - title:
     see:
@@ -106,6 +112,9 @@ term_list:
     - APNonce
   BootKC:
   BootPolicy:
+  BootROM:
+  - see: SEPROM
+  - see: SecureROM
   bridge:
   bridgeOS:
   BRK:
@@ -127,12 +136,14 @@ term_list:
   CPSR:
   CRAM:
   - title: Cache-as-RAM
+  CRC:
+  - title: Cyclic Redundancy Check
   CRNG:
   - title: Cryptographic Random Number Generator
-  cs:
-  - title: Code Signing
   CS:
   - title: Code Signing
+  cs:
+  - title: Code Signing
   CSPRNG:
   - title: Cryptographically Secure Pseudorandom Number Generator
   CSR:
@@ -140,10 +151,13 @@ term_list:
     see:
     - sip
   CTRR:
+  - title: Configurable Text Readonly Region
   DART:
   - title: Device Address Resolution Table
   DCC:
   - title: Debug Communications Channel
+  dcrt:
+  - title: Device Certificate
   defaults:
   DEP:
   - title: Data Execute Prevention
@@ -177,6 +191,11 @@ term_list:
   - title: Error Checking and Correction
   eCore:
   - title: Efficiency Core
+  EEPROM:
+  - title: Electronically Erasable Programmable Read Only Memory
+  EffaceableStorage:
+  - title: Effaceable Storage
+    description:
   EFI:
   - title: Extensible Firmware Interface
   EHCI:
@@ -200,6 +219,10 @@ term_list:
   - title: Embedded Subscriber Identification Module
     see:
     - SIM
+  eSPI:
+  - title: Enhanced Serial Peripheral Interconnect
+    description: Used by the T2 to provide MacEFI to the Intel Chip
+    url: https://www.intel.com/content/dam/support/us/en/documents/software/chipset-software/327432-004_espi_base_specification_rev1.0_cb.pdf
   eUICC:
   - title: Embedded Universal Integrated Circuit Card
     see:
@@ -232,6 +255,8 @@ term_list:
 
       '
   Framework:
+  fuOS:
+  - title: Fully Unsigned OS
   FW:
   - see:
     - FireWire
@@ -246,6 +271,10 @@ term_list:
       '
   GENTER:
   GEXIT:
+  GID:
+  - title: Group Identity Key (Chip group key)
+    description: An AES key used to encrypt objects for all Apple CPUs with the same
+      CHIP identity
   gif:
   GL0:
   - title: Guarded Level 0
@@ -257,6 +286,8 @@ term_list:
     - GXF
   GXF:
   - title: Guarded Execution Feature
+  HDCP:
+  - title: High Definition Content Protection
   HFS:
   - title: Hierarchical File System (HFS/HFS+)
     description:
@@ -336,6 +367,18 @@ term_list:
     description: A Mach-O Object containing a series of KEXTs (Kernel Extensions)
       to be loaded alongside the kernel itself.  Usually one of three types, the Boot,
       the System and the Auxiliary.
+  KernelIdentityProtection:
+  - title: Kernel Identity Protection
+    description: After the operating system kernel completes initialization, Kernel
+      Integrity Protection (KIP) is enabled to help prevent modifications of kernel
+      and driver code. The memory controller provides a protected physical memory
+      region that iBoot uses to load the kernel and kernel extensions. After startup
+      is complete, the memory controller denies writes to the protected physical memory
+      region. The Application Processor’s Memory Management Unit (MMU) is configured
+      to help prevent mapping privileged code from physical memory outside the protected
+      memory region and to help prevent writeable mappings of physical memory within
+      the kernel memory region. To prevent reconfiguration, the hardware used to enable
+      KIP is locked after the boot process is complete.
   kext:
   - title: Kernel Extension
   key:
@@ -358,6 +401,8 @@ term_list:
       for correctness.  This ensures that the kernel guarantees are mathematically
       verified against defects.
   launchd:
+  lcrt:
+  - title: Lynx (SEP Secure Storage) Certificate
   LDM:
   - title: Lock Down Mode
   LLB:
@@ -395,6 +440,8 @@ term_list:
   LSB:
   - title: Least Significant Byte/Bit
   - title: Lower Side-Band
+  LVDS:
+  - title: Low Voltage Differential Signaling
   LZFSE:
   mach:
   mach_port:
@@ -412,11 +459,15 @@ term_list:
   MMU:
   - title: Memory Management Unit
   MRI:
+  - title: Mobile Resource Inspector
+    see:
+    - diags
   MRtI:
   MSB:
   - title: Most Significant Byte/Bit
   msm:
   - title: Qualcomm Baseband (Models are MSM) Motorola SoC Modem?
+  - title: Thunderbolt IP - Cactus Ridge Thunderbolt Controller
   MSR:
   - title: Model/Machine Specific Register
     see:
@@ -432,6 +483,8 @@ term_list:
   nbIF:
   - title: Nearby Interface Type
     context: nearbyd
+  NHI:
+  - title: Native Host Interface
   Nm:
   - title: User Assigned Name
   nmi:
@@ -454,6 +507,8 @@ term_list:
   - title: Other Architecture Handler (Rosetta2)
   OHCI:
   - title: Open Host Controller Interface (USB)
+  OIC:
+  - title: Owner Identity Certificate
   oic:
   - title: Owner Identity Certificate (OIC)
   oid:
@@ -560,6 +615,10 @@ term_list:
     - DRAM
     - CRAM
     - SRAM
+  ramrod:
+  - title: Ramrod Plugin
+    description: A plugin to `patchd` (the OTA system) to allow for full restores
+      via the OTA system.  (Such as with the Watch which lacks consumer USB connections).
   recovery:
   reg:
   - see: register
@@ -569,6 +628,8 @@ term_list:
   RemoteXPC:
   restore:
   Rosetta:
+  RSA:
+  - title: RSA (Rivest–Shamir–Adleman) Public Key Cryptography
   rsep:
   - title: Restore SEP Firmware Image
   RSSI:
@@ -618,6 +679,11 @@ term_list:
       in the nvram variable `csr-status`.
     see:
     - CSR
+  SKP:
+  - title: Sealed Key Protection
+  SKS:
+  - title: Secure Key Store Service
+  SMBus:
   SMC:
   - title: System Management Controller
   - title: Secure Monitor Call (el3)
@@ -640,6 +706,10 @@ term_list:
       models made use of a smaller (in the few megabytes range) NOR chip to load iBoot,
       and stored the user's data on a larger NAND flash chip. In newer devices the
       NOR/SPI flash is synthetic and provided by ANS2/3.
+  SPIFlash:
+  - title: Serial Peripheral Interconnect Flash Memory Protocol
+    see:
+    - NOR
   SPMI:
   - title: System Power Management Interface
     url: https://www.mipi.org/specifications/system-power-management-interface
@@ -701,6 +771,7 @@ term_list:
   TDM:
   - title: Target Disk Mode
   tfp0:
+  - title: Task for PID 0 (Kernel)
   trpk:
   - title: Trusted Public Keys
     description: Occurs in `trst` objects
@@ -721,7 +792,13 @@ term_list:
     - tz1
   - title: Time Zone
   tz0:
+  - title: TrustZone for SEP
+  SCIP:
+    - title: System Coprocessor Integrity Protection
+  KIP:
+    - title: Kernel Integrity Protection
   tz1:
+  - title: TrustZone for AP (Trusted Boot Monitor)
   UART:
   - title: Universal Asynchronous Receiver / Transmitter
   ucrt:
@@ -730,6 +807,9 @@ term_list:
   - title: Universal Integrated Circuit Card
     see:
     - sim
+  UID:
+  - title: User Identity Key (Device specific key)
+    description: A unique AES key per device.
   uik:
   - title: User Identity Key (UIK)
   UIKit:

data/share/uuid.yaml

@@ -0,0 +1,11 @@
+---
+uuids:
+  40A0DDD2-77F8-4392-B4A3-1E7304206516:
+    description: System Firmware NVRAM Scope
+  3D3287DE-280D-4619-AAAB-D97469CA9C71:
+    description: Primary System Recovery
+  C8858560-55AC-400F-BBB9-C9220A8DAC0D:
+    description: Fallback Recovery
+metadata:
+  description:
+  credits: []

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: apple-data
 version: !ruby/object:Gem::Version
-  version: 1.0.611
+  version: 1.0.613
 platform: ruby
 authors:
 - Rick Mark
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-02-24 00:00:00.000000000 Z
+date: 2024-02-27 00:00:00.000000000 Z
 dependencies: []
 description: |2
       This package includes machine readable data about Apple platforms maintained by hack-different.
@@ -268,9 +268,11 @@ files:
 - share/services.yaml
 - share/sip.yaml
 - share/smc.yaml
+- share/storage.yaml
 - share/syscfg.yaml
 - share/terms.yaml
 - share/tipw_sync.yaml
+- share/uuid.yaml
 - share/vmapple.yaml
 homepage: https://docs.hackdiffe.rent
 licenses: