apple-data 1.0.627 → 1.0.629

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e09bbdb36c01d1537c95dd27e41d6f51973c6b5adfeadfc5aefe285885a7baea
4
- data.tar.gz: 0f84832c4ff3f51c1530c88fb78409040c24c598c0a065ad84bf761d93b3f3aa
3
+ metadata.gz: 7ccec50a6440b05805fb2139a50c19abcfa15433b0f33c93a0564b934446fb9c
4
+ data.tar.gz: 062551007e74d609abe1c4858040a25f63656345256ddf2eefce434fee62fafa
5
5
  SHA512:
6
- metadata.gz: e049aa109923c74bc5674293dbc7cb8e7cdb07a4bec508e1f73acd724f8bc0a5de9aa3a5f9ae6c24678abd2a3c2fdc77ae1874fe0fcb07f68347adab1cc50d46
7
- data.tar.gz: dedabf2ca8f995c3a1f4079d047cb73245a302c57e34bf4c2ed15a8ed16d289309429f5c55942e4eba034b053f0f405fcb34d42864bb8d83943fcb70bf06e0d7
6
+ metadata.gz: e52bb4d0d08328bb56a946cffa4f597f765610e20b7adad4f8f1db8721f843c7a528c724da39abadba7634cb6f97af2d0ae2543aadf42db403e2b410f48b4f2f
7
+ data.tar.gz: ff8cd17c5f061a4c5078a3db242b5871873e89c88f6c02428c5940e3616e94c09ecf765a98a4bd47cd16b8752eab4f0e7a50b1832cb828edf9d0b55b63b27e5f
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module AppleData
4
- VERSION = '1.0.627'
4
+ VERSION = '1.0.629'
5
5
  end
data/share/baseband.yaml CHANGED
@@ -6,6 +6,46 @@ metadata:
6
6
  - product_basebands
7
7
  esim:
8
8
  root_keys:
9
+ baseband_behaviors:
10
+ - FlashPSI-Version
11
+ - ModemStack-Digest
12
+ - ModemStack-Length
13
+ - RamPSI-Version
14
+ - FlashPSI-SecPackDigest
15
+ - ModemStack-SecPackDigest
16
+ - FlashPSI-Digest
17
+ - EBL-Digest
18
+ - RamPSI-PartialDigest
19
+ - FlashPSI-PartialDigest
20
+ - RamPSI-Blob
21
+ - RestoreRamPSI-Blob
22
+ - PSI-Blob
23
+ - RestorePSI-Blob
24
+ - PSI2-Blob
25
+ - RestorePSI2-Blob
26
+ - FlashPSI-Blob
27
+ - BBTicket
28
+ - DBL-Version
29
+ - DBL-PartialDigest
30
+ - ENANDPRG-Version
31
+ - ENANDPRG-PartialDigest
32
+ - DBL-Blob
33
+ - ENANDPRG-Blob
34
+ - OSBL-DownloadDigest
35
+ - AMSS-DownloadDigest
36
+ - AMSS-HashTableDigest
37
+ - PartitionTable-Digest
38
+ - eDBL-Version
39
+ - eDBL-PartialDigest
40
+ - eDBL-Blob
41
+ - RestoreDBL-Version
42
+ - RestoreDBL-PartialDigest
43
+ - RestoreDBL-Blob
44
+ - DSP1-DownloadDigest
45
+ - DSP1-HashTableDigest
46
+ - DSP2-DownloadDigest
47
+ - DSP2-HashTableDigest
48
+ - SBL1-Version
9
49
  products: {}
10
50
  product_basebands:
11
51
  iPad11,2:
data/share/bundles.yaml CHANGED
@@ -5,46 +5,82 @@ metadata:
5
5
  collections:
6
6
  - bundles
7
7
  bundles:
8
+ app_mode_loader:
8
9
  com.apple.accessibility.universalAccessAuthWarn:
9
10
  com.apple.AirPlayUIAgent:
10
11
  com.apple.appkit.xpc.openAndSavePanelService:
11
12
  com.apple.AppSSOAgent:
12
13
  com.apple.AppStore:
14
+ com.apple.appstore.AppDownloadLauncher:
15
+ com.apple.apreceivermac:
13
16
  com.apple.AquaAppearanceHelper:
14
17
  com.apple.AssistantServices:
18
+ com.apple.Authorization.LAContextAuthorizationTestApp:
15
19
  com.apple.AVKit.RoutePickerViewService:
20
+ com.apple.avkittester:
21
+ com.apple.bni.AppleNetInstall:
22
+ com.apple.Cauldron:
16
23
  com.apple.controlcenter:
17
24
  com.apple.controlstrip:
18
25
  com.apple.CoreLocationAgent:
19
26
  com.apple.coreservices.uiagent:
20
27
  com.apple.CoreSimulator.CoreSimulatorService:
21
28
  com.apple.CoreSimulator.SimulatorTrampoline:
29
+ com.apple.dashboardlauncher:
30
+ com.apple.DCSD:
22
31
  com.apple.dock:
23
32
  com.apple.dock.extra:
33
+ com.apple.dt.uxi.client:
24
34
  com.apple.dt.Xcode:
35
+ com.apple.dt.XCPreviewAgent:
36
+ com.apple.factory.SNIFF:
25
37
  com.apple.finder:
38
+ com.apple.finder.Open-iCloudDrive:
39
+ com.apple.frontrowlauncher:
40
+ com.apple.FruitBasket:
41
+ com.apple.green-restore:
26
42
  com.apple.imdpersistence.IMDPersistenceAgent:
27
43
  com.apple.imtransferservices.IMTransferAgent:
28
44
  com.apple.inputmethod.EmojiFunctionRowItem:
45
+ com.apple.internal.ApplePayAutomation:
46
+ com.apple.internal.Blade.xctrunner:
47
+ com.apple.internal.CarDisplaySim:
48
+ com.apple.iOS-Menu:
49
+ com.apple.iPhoneMenu:
50
+ com.apple.iRemoteX:
51
+ com.apple.ist.Radar7:
52
+ com.apple.jett.Switch:
29
53
  com.apple.LocalAuthentication.UIAgent:
30
54
  com.apple.locationd:
31
55
  com.apple.locationmenu:
32
56
  com.apple.loginwindow:
33
57
  com.apple.LookupViewService:
58
+ com.apple.macFieldDiags.DiagsLoader:
34
59
  com.apple.nbagent:
35
60
  com.apple.notificationcenterui:
36
61
  com.apple.NowPlayingTouchUI:
37
62
  com.apple.OSDUIHelper:
38
63
  com.apple.PowerChime:
64
+ com.apple.PowerWarriorX:
39
65
  com.apple.Preferences:
66
+ com.apple.PurpleCrashReporter:
67
+ com.apple.PurplePod:
68
+ com.apple.purpleRegister:
69
+ com.apple.PurpleRestore:
40
70
  com.apple.quicklook.QuickLookUIService:
41
71
  com.apple.QuickLookThumbnailing.extension.ThumbnailExtension-macOS:
42
72
  com.apple.QuickLookUIFramework.QLPreviewGenerationExtension:
73
+ com.apple.Redwood.app.SafeViewAgent:
74
+ com.apple.remoteinstallmacosx:
43
75
  com.apple.Safari:
44
76
  com.apple.Safari.SandboxBroker:
77
+ com.apple.ScreenShotr:
45
78
  com.apple.security.Keychain-Circle-Notification:
46
79
  com.apple.SoftwareUpdateNotificationManager:
47
80
  com.apple.Spotlight:
81
+ com.apple.stack:
82
+ com.apple.SumacUI:
83
+ com.apple.SwiftUIColorGrid:
48
84
  com.apple.systemuiserver:
49
85
  com.apple.talagent:
50
86
  com.apple.Terminal:
@@ -52,6 +88,8 @@ bundles:
52
88
  com.apple.TextInputSwitcher:
53
89
  com.apple.TV:
54
90
  com.apple.UIKitSystemApp:
91
+ com.apple.UIKitSystemApp.HelloWorld:
92
+ com.apple.usbqa.USBProber:
55
93
  com.apple.ViewBridgeAuxiliary:
56
94
  com.apple.WebKit.GPU:
57
95
  com.apple.WebKit.Networking:
@@ -25,7 +25,6 @@ provisioning:
25
25
  kAMAuthinstallProvisioningICCID:
26
26
  kAMAuthinstallProvisioningMANIFESTDATA:
27
27
  kAMAuthinstallProvisioningRequest:
28
-
29
28
  install:
30
29
  monet:
31
30
  kAMAuthInstallMonetLocalDefaultTrustURL:
@@ -127,7 +126,6 @@ application_processor:
127
126
  kAMAuthInstallTagCryptex1Version:
128
127
  kAMAuthInstallTagCryptex1PreauthorizationVersion:
129
128
  kAMAuthInstallTagCryptex1FakeRoot:
130
-
131
129
  options:
132
130
  kAMAuthInstallApParameterAllowMixAndMatch:
133
131
  kAMAuthInstallApParameterApInternalUseOnlySW:
@@ -200,8 +198,13 @@ application_processor:
200
198
  kAMAuthInstallApImg4LocalTicketTagnsrv:
201
199
  kAMAuthInstallApImg4LocalTicketTagrsep:
202
200
  kAMAuthInstallApImg4LocalTicketTagsepi:
203
-
204
201
  secondary_cores:
202
+ AppleNandStorage:
203
+ type: aarch64
204
+ description: Processor that presents NVMe to the AP and provides both NVMe storage
205
+ as well as emulated SPI flash for early boot. This
206
+ firmware_type: ansf
207
+ restore_firmware_type: rans
205
208
  AppleTypeCRetimer:
206
209
  options:
207
210
  kATCRTTicketNameFormat:
@@ -221,53 +224,6 @@ secondary_cores:
221
224
  kATCRTHardwareIDKeyChipID:
222
225
  kATCRTDeviceInfoKeyHardwareID:
223
226
  kATCRTDeviceInfoKeyInfoArray:
224
- TCON:
225
- options:
226
- kAppleTCONCommonIORegPropProdFuseValue:
227
- kAppleTCONCommonIORegPropNonce:
228
- kAppleTCONCommonIORegPropECID:
229
- kAppleTCONCommonIORegPropPRODStatus:
230
- kAppleTCONCommonIORegPropSDOMStatus:
231
- kAppleTCONCommonIORegPropFirmwareVer:
232
- kAppleTCONCommonIORegPropBundleVer:
233
- kAppleTCONCommonIORegPropDeviceID:
234
- kAppleTCONCommonOptionFuseProd:
235
- kAppleTCONCommonOptionFuseSDOM:
236
- kAppleTCONCommonOptionSkipSameVersion:
237
- kAppleTCONCommonOptionInternalBundle:
238
- kAppleTCONCommonTagBuildIdentityPathKey:
239
- kAppleTCONCommonTagBuildIdentityInfoKey:
240
- kAppleTCONCommonTagMeasurementDigest:
241
- TCON2:
242
- options:
243
- Vynal:
244
- options:
245
- kAMAuthInstallPROverrideVinylFirmwareKey:
246
- kAMAuthInstallTagVinylApProductionMode:
247
- kAMAuthInstallTagVinylRootKeyID:
248
- kAMAuthInstallTagVinylDigest:
249
- kAMAuthInstallTagVinylNonce:
250
- kAMAuthInstallTagVinylMain:
251
- kAMAuthInstallTagVinylGold:
252
- kAMAuthInstallTagVinylEID:
253
- kAMAuthInstallTagVinylChipID:
254
- kAMAuthInstallTagVinylTicketResponse:
255
- kAMAuthInstallTagVinylTicket:
256
- kAMAuthInstallVinylIm4pVersion:
257
- kAMAuthInstallVinyl4CCManpMain:
258
- kAMAuthInstallVinyl4CCManpGold:
259
- kAMAuthInstallTagVinylVendorAuthDataGold:
260
- kAMAuthInstallTagVinylVendorAuthDataMain:
261
- kAMAuthInstallTagVinylFwLoaderVersionPlist:
262
- kAMAuthInstallTagVinylRootKeyIdentifierPlist:
263
-
264
-
265
- AppleNandStorage:
266
- type: aarch64
267
- description: Processor that presents NVMe to the AP and provides both NVMe storage
268
- as well as emulated SPI flash for early boot. This
269
- firmware_type: ansf
270
- restore_firmware_type: rans
271
227
  Baseband:
272
228
  description: Comes from multiple vendors, encoded in `bbfw` file. See `baseband.yaml`
273
229
  for more info.
@@ -393,12 +349,88 @@ secondary_cores:
393
349
  kAMAuthInstallTagBbAppsDownloadDigest:
394
350
  kAMAuthInstallTagBbDsp3HashSectionDigest:
395
351
  kAMAuthInstallTagBbDsp3DownloadDigest:
396
-
352
+ eUICC:
353
+ options:
354
+ eUICCprofileObjectSpec:
355
+ eUICCprofileOptionSpec:
356
+ eUICCcertChainSpec:
357
+ eUICCSignIdPayloadSpec:
358
+ eUICCPCFObjectSpec:
359
+ eUICCPCFValueSpec:
360
+ eUICCPCFValueDataSpec:
361
+ tags:
362
+ kAMAuthInstallTagEuiccCSN:
363
+ kAMAuthInstallTagEuiccMainNonce:
364
+ kAMAuthInstallTagEuiccGoldNonce:
365
+ kAMAuthInstallTagEuiccTicketVersion:
366
+ kAMAuthInstallTagEuiccCertIdentifier:
367
+ kAMAuthInstallTagEuiccSignedTicketMain:
368
+ kAMAuthInstallTagEuiccSignedTicketGold:
369
+ kAMAuthInstallTagEuiccChipID:
370
+ kAMAuthInstallTagEuiccFirmwareLoaderVersion:
371
+ kAMAuthInstallTagEuiccSignedProfileMain:
372
+ kAMAuthInstallTagEuiccSignedProfileGold:
397
373
  ImageSignalProcessor:
398
374
  firmware_type: ispf
399
375
  description: Image Signal Processor
400
376
  Juliet:
401
377
  description: The Infared FaceID camera
378
+ kT200:
379
+ kT200CertificationURL:
380
+ kT200PersonalizationOption;:
381
+ kT200RestoreSystemPartition:
382
+ kT200SkipFirmwareMapStore:
383
+ kT200TagRequestFirmwareTicket:
384
+ kT200TagResponseFirmwareTicket:
385
+ kT200DeviceInfoChipID:
386
+ kT200DeviceInfoNonce:
387
+ kT200DeviceInfoUniqueID:
388
+ kT200DeviceInfoRevision:
389
+ kT200DeviceInfoProductionMode:
390
+ kT200DeviceInfoUpdateType:
391
+ kT200DeviceInfoChemistryID:
392
+ kT200DeviceInfoLocalSigningID:
393
+ kT200DeviceHWVersion:
394
+ kT200UpdaterOptions:
395
+ kT200TagChipID:
396
+ kT200TagBoardID:
397
+ kT200TagNonce:
398
+ kT200TagUniqueID:
399
+ kT200TagRevision:
400
+ kT200TagProductionMode:
401
+ kT200TagCertificateEpoch:
402
+ kT200TagFAEnable:
403
+ kT200TagVNVEnable:
404
+ kT200TagFWOverWrite:
405
+ kT200TagEFFV:
406
+ kT200TagFAEnableOption:
407
+ kT200TagVNVEnableOption:
408
+ kT200TagFWSkipSameVersion:
409
+ kT200TagRollbackFWVer:
410
+ kT200TagPreflight:
411
+ kT200TagMeasurementFirmware:
412
+ kT200TagMeasurementFirmwarePlist:
413
+ kT200TagDerFirmwarePlist:
414
+ kT200TagBoardId:
415
+ kT200MeasurementDictFirmware:
416
+ kT200DigestDERDictFirmware:
417
+ kT200TagMeasurementDigest:
418
+ kT200OptionDebugArgs:
419
+ kT200OptionUpdateType:
420
+ kT200OptionFirmwareData:
421
+ kT200OptionFirmwareIsOverride:
422
+ kT200OptionOptions:
423
+ kT200OptionRestoreInternal:
424
+ kT200OptionDeviceInfo:
425
+ kT200OptionBuildIdentity:
426
+ kT200OptionTicket:
427
+ kT200OptionRequest:
428
+ kT200OptionSourceBundlePath:
429
+ kT200OptionDestBundlePath:
430
+ kT200ReturnTagsInBI:
431
+ kT200ReturnTagsInTssResponse:
432
+ kT200BuildIdentityInfoKey:
433
+ kT200BuildIdentityPathKey:
402
434
  Maggie:
403
435
  description: Ultra low power FPGA (iCE5LP4K) / Lattice iCEcube2
404
436
  firmware_type: magg
@@ -406,16 +438,6 @@ secondary_cores:
406
438
  description: The FaceID assembly
407
439
  options:
408
440
  kAMAuthInstallTagPearlCertificationRootPub:
409
- x86:
410
- options:
411
- kAMAuthInstallTagX86ProductionMode:
412
- kAMAuthInstallTagX86SecurityMode:
413
- kAMAuthInstallTagX86Nonce:
414
- kAMAuthInstallTagX86UseGlobalSigning:
415
- kAMAuthInstallTagX86AllowMixAndMatch:
416
- kAMAuthInstallTagX86OSLongVersion:
417
- kAMAuthInstallTagX86Img4Ticket:
418
- kAMAuthInstallTagX86RequestImg4Ticket:
419
441
  PowerManagementProcessor:
420
442
  type: arm7m
421
443
  description: Power Management Processor. Provides ARM Cortex-M processor for
@@ -424,27 +446,51 @@ secondary_cores:
424
446
  `volume-up-debounce` and `volume-down-debounce`. There have been reported copies
425
447
  of debug firmwares in the wild which might avoid such power sequencing.
426
448
  firmware_type: pmpf
427
- eUICC:
449
+ PS190:
428
450
  options:
429
- eUICCprofileObjectSpec:
430
- eUICCprofileOptionSpec:
431
- eUICCcertChainSpec:
432
- eUICCSignIdPayloadSpec:
433
- eUICCPCFObjectSpec:
434
- eUICCPCFValueSpec:
435
- eUICCPCFValueDataSpec:
451
+ kPS190SecurityDomainTagFormat:
452
+ kPS190BoardIDTagFormat:
453
+ kPS190FirmwareTagFormat:
454
+ kPS190SecurityDomainTagSuffix:
455
+ kPS190BoardIDTagSuffix:
456
+ kPS190FirmwareTagSuffix:
457
+ kPS190TagNameFormatString:
458
+ kPS190TicketNameFormatString:
459
+ kPS190FirmwareKeySecurityDomain:
460
+ kPS190FirmwareKeyBoardID:
461
+ kPS190FirmwareKeyFirmwareData:
462
+ info:
463
+ kPS190DeviceInfoKeyApplicationProcessorInfo:
464
+ kPS190DeviceInfoKeyFWFeatureConfig:
465
+ kPS190DeviceInfokeyUseHDCPEntitlement:
466
+ kPS190DeviceInfoKeyDebugEnableOverride:
467
+ kPS190DeviceInfoKeyTagNumber:
468
+ kPS190DeviceInfoKeyTicketName:
469
+ kPS190DeviceInfoKeyAuthlistFormattedECID:
470
+ kPS190DeviceInfoKeyNeedsOTPProgramming:
471
+ kPS190DeviceInfoKeyRequiresPersonalization:
472
+ kPS190DeviceInfoKeySecurityMode:
473
+ kPS190DeviceInfoKeySecurityDomain:
474
+ kPS190DeviceInfoKeyRealHDCPKeysPresent:
475
+ kPS190DeviceInfoKeyProductionMode:
476
+ kPS190DeviceInfoKeyNonce:
477
+ kPS190DeviceInfokeyECID:
478
+ kPS190DeviceInfoKeyDebugDisable:
479
+ kPS190DeviceInfoKeyChipID:
480
+ kPS190DeviceInfoKeyCertificateEpoch:
481
+ kPS190DeviceInfoKeyBoardID:
482
+ kPS190DeviceInfoKeyHardwareID:
483
+ kPS190DeviceInfoKeyInfoArray:
484
+ Rose:
436
485
  tags:
437
- kAMAuthInstallTagEuiccCSN:
438
- kAMAuthInstallTagEuiccMainNonce:
439
- kAMAuthInstallTagEuiccGoldNonce:
440
- kAMAuthInstallTagEuiccTicketVersion:
441
- kAMAuthInstallTagEuiccCertIdentifier:
442
- kAMAuthInstallTagEuiccSignedTicketMain:
443
- kAMAuthInstallTagEuiccSignedTicketGold:
444
- kAMAuthInstallTagEuiccChipID:
445
- kAMAuthInstallTagEuiccFirmwareLoaderVersion:
446
- kAMAuthInstallTagEuiccSignedProfileMain:
447
- kAMAuthInstallTagEuiccSignedProfileGold:
486
+ kRoseTagDigest:
487
+ kRoseTagMeasurementRTKitOS:
488
+ kRoseTagMeasurementSwBinDsp1:
489
+ options:
490
+ kRoseSwDsp1:
491
+ kRoseRtkitos:
492
+ kRoseRestoreRtkitos:
493
+ kRoseRtkitosICNF:
448
494
  Savage:
449
495
  description:
450
496
  options:
@@ -475,8 +521,6 @@ secondary_cores:
475
521
  kSavageReturnTagsInTssResponse:
476
522
  kSavageBuildIdentityInfoKey:
477
523
  kSavageBuildIdentityPathKey:
478
-
479
-
480
524
  tags:
481
525
  kSavageTagRequestTicket:
482
526
  kSavageTagResponseTicket:
@@ -524,96 +568,6 @@ secondary_cores:
524
568
  kSavageTagMeasurementBFProdPatchVT:
525
569
  kSavageMeasurementDictPatch:
526
570
  kSavageMeasurementDictPatchVT:
527
- Veridian:
528
- type: arm7m
529
- is_rtkit: false
530
- stack_size: 24576
531
- ram_base: 536870912
532
- mmio_base: 1073741824
533
- Vinyl:
534
- description: |
535
- the eUICC or eSIM Contains a ZIP file with various hash specifiers, each containing two directories. One `recovery` is seemingly empty (strange as this would imply a bad eUICC can never be recovered but also is consistent with observed behaviour of a eSIM surviving DFU recovery). Update seems to contain two folders "main" and "gold".
536
- These folders contain a `firmware.der` as well as a `profile.bin`
537
- These folders contain a number of "root keys" as defined in the eUICC spec.
538
- firmware_packing:
539
- - zip
540
- Yonkers:
541
- description:
542
- options:
543
- kYonkersPreflightRequiredOption:
544
- kYonkersOptions:
545
- kYonkersSkipOption:
546
- kYonkersFirmwareData:
547
- kYonkersTagRequestTicket:
548
- kYonkersTagResponseTicket:
549
- kYonkersDeviceInfo:
550
- kYonkersTagDeviceBoardID:
551
- kYonkersTagDeviceChipID:
552
- kYonkersTagDeviceNonce:
553
- kYonkersTagDeviceECID:
554
- kYonkersTagDeviceFabRevision:
555
- kYonkersTagDeviceProductionMode:
556
- kYonkersTagDeviceRootPublicKeyIdentifier:
557
- kYonkersTagPatchEpoch:
558
- kYonkersTagSepObject:
559
- kYonkersTagReadECKey:
560
- kYonkersTagWriteECKey:
561
- kYonkersTagWriteECID:
562
- kYonkersTagWriteEpoch:
563
- kYonkersTagReadGID:
564
- kYonkersTagReadFWKey:
565
- kYonkersTagAllowOfflineBoot:
566
- kYonkersTagTempDemote:
567
- kYonkersTagAccessSensor:
568
- kYonkersTagAccessSecurity:
569
- kYonkersTagFADemote:
570
- kYonkersTagDebugStatus:
571
- kYonkersTagProvisioning:
572
- Rose:
573
- tags:
574
- kRoseTagDigest:
575
- kRoseTagMeasurementRTKitOS:
576
- kRoseTagMeasurementSwBinDsp1:
577
- options:
578
- kRoseSwDsp1:
579
- kRoseRtkitos:
580
- kRoseRestoreRtkitos:
581
- kRoseRtkitosICNF:
582
- PS190:
583
- options:
584
- kPS190SecurityDomainTagFormat:
585
- kPS190BoardIDTagFormat:
586
- kPS190FirmwareTagFormat:
587
- kPS190SecurityDomainTagSuffix:
588
- kPS190BoardIDTagSuffix:
589
- kPS190FirmwareTagSuffix:
590
- kPS190TagNameFormatString:
591
- kPS190TicketNameFormatString:
592
- kPS190FirmwareKeySecurityDomain:
593
- kPS190FirmwareKeyBoardID:
594
- kPS190FirmwareKeyFirmwareData:
595
- info:
596
- kPS190DeviceInfoKeyApplicationProcessorInfo:
597
- kPS190DeviceInfoKeyFWFeatureConfig:
598
- kPS190DeviceInfokeyUseHDCPEntitlement:
599
- kPS190DeviceInfoKeyDebugEnableOverride:
600
- kPS190DeviceInfoKeyTagNumber:
601
- kPS190DeviceInfoKeyTicketName:
602
- kPS190DeviceInfoKeyAuthlistFormattedECID:
603
- kPS190DeviceInfoKeyNeedsOTPProgramming:
604
- kPS190DeviceInfoKeyRequiresPersonalization:
605
- kPS190DeviceInfoKeySecurityMode:
606
- kPS190DeviceInfoKeySecurityDomain:
607
- kPS190DeviceInfoKeyRealHDCPKeysPresent:
608
- kPS190DeviceInfoKeyProductionMode:
609
- kPS190DeviceInfoKeyNonce:
610
- kPS190DeviceInfokeyECID:
611
- kPS190DeviceInfoKeyDebugDisable:
612
- kPS190DeviceInfoKeyChipID:
613
- kPS190DeviceInfoKeyCertificateEpoch:
614
- kPS190DeviceInfoKeyBoardID:
615
- kPS190DeviceInfoKeyHardwareID:
616
- kPS190DeviceInfoKeyInfoArray:
617
571
  SecureEnclaveProcessor:
618
572
  options:
619
573
  kSEOptionDebugSESA:
@@ -663,63 +617,100 @@ secondary_cores:
663
617
  kSETagMeasurementUpdatePayload:
664
618
  kSETagMeasurementDevHash:
665
619
  kSETagMeasurementProdHash:
666
- kT200:
667
- kT200CertificationURL:
668
- kT200PersonalizationOption;:
669
- kT200RestoreSystemPartition:
670
- kT200SkipFirmwareMapStore:
671
- kT200TagRequestFirmwareTicket:
672
- kT200TagResponseFirmwareTicket:
673
- kT200DeviceInfoChipID:
674
- kT200DeviceInfoNonce:
675
- kT200DeviceInfoUniqueID:
676
- kT200DeviceInfoRevision:
677
- kT200DeviceInfoProductionMode:
678
- kT200DeviceInfoUpdateType:
679
- kT200DeviceInfoChemistryID:
680
- kT200DeviceInfoLocalSigningID:
681
- kT200DeviceHWVersion:
682
- kT200UpdaterOptions:
683
- kT200TagChipID:
684
- kT200TagBoardID:
685
- kT200TagNonce:
686
- kT200TagUniqueID:
687
- kT200TagRevision:
688
- kT200TagProductionMode:
689
- kT200TagCertificateEpoch:
690
- kT200TagFAEnable:
691
- kT200TagVNVEnable:
692
- kT200TagFWOverWrite:
693
- kT200TagEFFV:
694
- kT200TagFAEnableOption:
695
- kT200TagVNVEnableOption:
696
- kT200TagFWSkipSameVersion:
697
- kT200TagRollbackFWVer:
698
- kT200TagPreflight:
699
- kT200TagMeasurementFirmware:
700
- kT200TagMeasurementFirmwarePlist:
701
- kT200TagDerFirmwarePlist:
702
- kT200TagBoardId:
703
- kT200MeasurementDictFirmware:
704
- kT200DigestDERDictFirmware:
705
- kT200TagMeasurementDigest:
706
- kT200OptionDebugArgs:
707
- kT200OptionUpdateType:
708
- kT200OptionFirmwareData:
709
- kT200OptionFirmwareIsOverride:
710
- kT200OptionOptions:
711
- kT200OptionRestoreInternal:
712
- kT200OptionDeviceInfo:
713
- kT200OptionBuildIdentity:
714
- kT200OptionTicket:
715
- kT200OptionRequest:
716
- kT200OptionSourceBundlePath:
717
- kT200OptionDestBundlePath:
718
- kT200ReturnTagsInBI:
719
- kT200ReturnTagsInTssResponse:
720
- kT200BuildIdentityInfoKey:
721
- kT200BuildIdentityPathKey:
722
-
620
+ TCON:
621
+ options:
622
+ kAppleTCONCommonIORegPropProdFuseValue:
623
+ kAppleTCONCommonIORegPropNonce:
624
+ kAppleTCONCommonIORegPropECID:
625
+ kAppleTCONCommonIORegPropPRODStatus:
626
+ kAppleTCONCommonIORegPropSDOMStatus:
627
+ kAppleTCONCommonIORegPropFirmwareVer:
628
+ kAppleTCONCommonIORegPropBundleVer:
629
+ kAppleTCONCommonIORegPropDeviceID:
630
+ kAppleTCONCommonOptionFuseProd:
631
+ kAppleTCONCommonOptionFuseSDOM:
632
+ kAppleTCONCommonOptionSkipSameVersion:
633
+ kAppleTCONCommonOptionInternalBundle:
634
+ kAppleTCONCommonTagBuildIdentityPathKey:
635
+ kAppleTCONCommonTagBuildIdentityInfoKey:
636
+ kAppleTCONCommonTagMeasurementDigest:
637
+ TCON2:
638
+ options:
639
+ Veridian:
640
+ type: arm7m
641
+ is_rtkit: false
642
+ stack_size: 24576
643
+ ram_base: 536870912
644
+ mmio_base: 1073741824
645
+ Vinyl:
646
+ description: |
647
+ the eUICC or eSIM Contains a ZIP file with various hash specifiers, each containing two directories. One `recovery` is seemingly empty (strange as this would imply a bad eUICC can never be recovered but also is consistent with observed behaviour of a eSIM surviving DFU recovery). Update seems to contain two folders "main" and "gold".
648
+ These folders contain a `firmware.der` as well as a `profile.bin`
649
+ These folders contain a number of "root keys" as defined in the eUICC spec.
650
+ firmware_packing:
651
+ - zip
652
+ Vynal:
653
+ options:
654
+ kAMAuthInstallPROverrideVinylFirmwareKey:
655
+ kAMAuthInstallTagVinylApProductionMode:
656
+ kAMAuthInstallTagVinylRootKeyID:
657
+ kAMAuthInstallTagVinylDigest:
658
+ kAMAuthInstallTagVinylNonce:
659
+ kAMAuthInstallTagVinylMain:
660
+ kAMAuthInstallTagVinylGold:
661
+ kAMAuthInstallTagVinylEID:
662
+ kAMAuthInstallTagVinylChipID:
663
+ kAMAuthInstallTagVinylTicketResponse:
664
+ kAMAuthInstallTagVinylTicket:
665
+ kAMAuthInstallVinylIm4pVersion:
666
+ kAMAuthInstallVinyl4CCManpMain:
667
+ kAMAuthInstallVinyl4CCManpGold:
668
+ kAMAuthInstallTagVinylVendorAuthDataGold:
669
+ kAMAuthInstallTagVinylVendorAuthDataMain:
670
+ kAMAuthInstallTagVinylFwLoaderVersionPlist:
671
+ kAMAuthInstallTagVinylRootKeyIdentifierPlist:
672
+ x86:
673
+ options:
674
+ kAMAuthInstallTagX86ProductionMode:
675
+ kAMAuthInstallTagX86SecurityMode:
676
+ kAMAuthInstallTagX86Nonce:
677
+ kAMAuthInstallTagX86UseGlobalSigning:
678
+ kAMAuthInstallTagX86AllowMixAndMatch:
679
+ kAMAuthInstallTagX86OSLongVersion:
680
+ kAMAuthInstallTagX86Img4Ticket:
681
+ kAMAuthInstallTagX86RequestImg4Ticket:
682
+ Yonkers:
683
+ description:
684
+ options:
685
+ kYonkersPreflightRequiredOption:
686
+ kYonkersOptions:
687
+ kYonkersSkipOption:
688
+ kYonkersFirmwareData:
689
+ kYonkersTagRequestTicket:
690
+ kYonkersTagResponseTicket:
691
+ kYonkersDeviceInfo:
692
+ kYonkersTagDeviceBoardID:
693
+ kYonkersTagDeviceChipID:
694
+ kYonkersTagDeviceNonce:
695
+ kYonkersTagDeviceECID:
696
+ kYonkersTagDeviceFabRevision:
697
+ kYonkersTagDeviceProductionMode:
698
+ kYonkersTagDeviceRootPublicKeyIdentifier:
699
+ kYonkersTagPatchEpoch:
700
+ kYonkersTagSepObject:
701
+ kYonkersTagReadECKey:
702
+ kYonkersTagWriteECKey:
703
+ kYonkersTagWriteECID:
704
+ kYonkersTagWriteEpoch:
705
+ kYonkersTagReadGID:
706
+ kYonkersTagReadFWKey:
707
+ kYonkersTagAllowOfflineBoot:
708
+ kYonkersTagTempDemote:
709
+ kYonkersTagAccessSensor:
710
+ kYonkersTagAccessSecurity:
711
+ kYonkersTagFADemote:
712
+ kYonkersTagDebugStatus:
713
+ kYonkersTagProvisioning:
723
714
  other:
724
715
  keys:
725
716
  KeyCellIDSkip:
data/share/fdr.yaml CHANGED
@@ -4,6 +4,35 @@ metadata:
4
4
  credits:
5
5
  collections:
6
6
  - fdr_properties
7
+ fdr_modes:
8
+ '':
9
+ description: Objects for the device directly, indicates no factory process or
10
+ mode in use.
11
+ mansta:
12
+ description: The "Management Station", or factory station being used to configure
13
+ a device at an Apple factory using factory tooling and images
14
+ mandev:
15
+ description: The "Managed Device", or the device attached to the `mansta` to be
16
+ configured or tested at a factory
17
+ fdr_objects:
18
+ trst:
19
+ description: The trust object establishes the signing root for FDR objects, the
20
+ SSL CA for connections to FDR, the set of revoked keys, as well as trusted public
21
+ keys
22
+ fCfg:
23
+ eCfg:
24
+ dCfg:
25
+ appv:
26
+ ADCL:
27
+ FSCl:
28
+ HmCA:
29
+ hop0:
30
+ lcrt:
31
+ NvMR:
32
+ sePk:
33
+ pcrt:
34
+ scrt:
35
+ seal:
7
36
  fdr_properties:
8
37
  ADCL:
9
38
  description: Raw Panel / Coverglass
data/share/img4.yaml CHANGED
@@ -12,6 +12,62 @@ metadata:
12
12
  - core
13
13
  - types
14
14
  - cryptex_properties
15
+ unmapped:
16
+ - ApRelaxedImageVerification
17
+ - "@BCert"
18
+ - "@Managed"
19
+ - "@AlternateSU"
20
+ - Ap,UseGlobalSigning
21
+ - AllowNeRDBoot
22
+ - NeRDEpoch
23
+ - PermitNeRDPivot
24
+ - Ap,OSEnvironment
25
+ - Ap,CurrentOSSecurityVersion
26
+ - Ap,MinimumOSSecurityVersion
27
+ - Ap,EnableGroundhog
28
+ - Ap,SoftwareUpdateDeviceID
29
+ - ApCertificateEpoch
30
+ - ApLeafCertStatus
31
+ - BuildString
32
+ - Name
33
+ - UID_MODE
34
+ - "@Cryptex1,Ticket"
35
+ - Cryptex1,Ticket
36
+ - Cryptex1,ChipID
37
+ - Cryptex1,ProductClass
38
+ - Cryptex1,UseProductClass
39
+ - Cryptex1,Nonce
40
+ - Cryptex1,NonceDomain
41
+ - Cryptex1,ProductionMode
42
+ - Cryptex1,UseGlobalSigning
43
+ - Cryptex1,Version
44
+ - Cryptex1,FakeRoot
45
+ - PearlCertificationRootPub
46
+ - x86,ProductionMode
47
+ - x86,SecurityMode
48
+ - x86,Nonce
49
+ - x86,UseGlobalSigning
50
+ - x86,AllowMixAndMatch
51
+ - x86,OSLongVersion
52
+ - x86,Ticket
53
+ - "@x86,Ticket"
54
+ - "@Locality"
55
+ - "@BBTicket"
56
+ - BbSNUM
57
+ - BbGoldCertId
58
+ - BbSkeyId
59
+ - BbNonce
60
+ - BpApBindingDigest
61
+ - BbServerNonce
62
+ - BbVendorData
63
+ - BbFieldDiagsEnable
64
+ - "@EUICCTicket"
65
+ - EuiccMainTicket
66
+ - EuiccGoldTicket
67
+ - EUICCSignedProfileMain
68
+ - EUICCSignedProfileGold
69
+ - BbAntennaType
70
+ - BbBehavior
15
71
  core:
16
72
  IM4M:
17
73
  description: Image4 Manifest Object (No payload, only manifest). IM4M, verion,
@@ -29,6 +85,7 @@ core:
29
85
  OBJP:
30
86
  description: Object Properties - Values that may be assigned per "object" (firmwares)
31
87
  that contain a `DGST`
88
+ name: ObjectPayloadPropertyDigest
32
89
  type: sequence
33
90
  types:
34
91
  digest-object:
@@ -38,7 +95,9 @@ types:
38
95
  additional properties per object, some of which are standard and others that
39
96
  are object specific.
40
97
  common_properties:
41
- DGST: The cryptographic digest of the object
98
+ DGST:
99
+ description: The cryptographic digest of the object
100
+ name: Digest
42
101
  EKEY:
43
102
  description: Effective Key Access - The effective access to teh SEP, used
44
103
  to protect data during demotion. Effective chip promoted
@@ -101,6 +160,7 @@ types:
101
160
  with a `secb` object with a `trst` object), `rssl` (Factory SSL root CA),
102
161
  `rvok` (Revocation list) and `trpk` (trusted public keys?)
103
162
  lpol_properties:
163
+ AMNM:
104
164
  auxi:
105
165
  title: Auxiliary Image4 Manifest Hash (`auxi`)
106
166
  description: After the system verifies that the UAKL hash matches what’s found
@@ -151,6 +211,15 @@ lpol_properties:
151
211
  access:
152
212
  write:
153
213
  - macOS
214
+ bat0:
215
+ bat1:
216
+ batf:
217
+ BNCH:
218
+ BORD:
219
+ CEPO:
220
+ chg0:
221
+ chg1:
222
+ CHIP:
154
223
  coih:
155
224
  title: CustomOS Image4 Manifest Hash (coih)
156
225
  description: The `coih` is an SHA384 hash of CustomOS Image4 manifest. The payload
@@ -162,8 +231,20 @@ lpol_properties:
162
231
  access:
163
232
  write:
164
233
  - 1TR
234
+ CPRO:
235
+ CSEC:
236
+ DGST:
237
+ diag:
238
+ DPRO:
239
+ DSEC:
240
+ dtre:
241
+ ECID:
242
+ EPRO:
243
+ ESEC:
165
244
  gaid:
166
245
  description: Gaia Authentication ID (Apple Internal)
246
+ glyc:
247
+ glyp:
167
248
  hrlp:
168
249
  title: Has Secure Enclave Signed recoveryOS Local Policy (hrlp)
169
250
  description: The `hrlp` indicates whether or not the `prot` value is the measurement
@@ -176,6 +257,9 @@ lpol_properties:
176
257
  - 1TR
177
258
  - recoveryOS
178
259
  - macOS
260
+ ibot:
261
+ illb:
262
+ krnl:
179
263
  kuid:
180
264
  title: Key encryption key (KEK) Group UUID (kuid)
181
265
  description: The kuid indicates the volume that was booted. The key encryption
@@ -189,10 +273,13 @@ lpol_properties:
189
273
  - 1TR
190
274
  - recoveryOS
191
275
  - macOS
276
+ LCST:
277
+ LNCH:
192
278
  lobo:
193
279
  description: Local Boot Object. Indicates that the object is to be used as the
194
280
  target of a local boot only and not provided by the server for remote / DFU
195
281
  boots.
282
+ logo:
196
283
  lpnh:
197
284
  title: LocalPolicy Nonce Hash (lpnh)
198
285
  description: The lpnh is used for anti-replay of the LocalPolicy. This is an SHA384
@@ -228,6 +315,7 @@ lpol_properties:
228
315
  intention of what operating system the user has created a LocalPolicy for. Users
229
316
  change the nsih value implicitly when they perform a software update.
230
317
  type: binary
318
+ name: Ap,NextStageCryptex1IM4MHash
231
319
  subtype: sha2-384
232
320
  context:
233
321
  lpol:
@@ -236,6 +324,7 @@ lpol_properties:
236
324
  - 1TR
237
325
  - recoveryOS
238
326
  - macOS
327
+ nsrv:
239
328
  prot:
240
329
  title: Paired recoveryOS Trusted Boot Policy Measurement (prot)
241
330
  description: A paired recoveryOS Trusted Boot Policy Measurement (TBPM) is a special
@@ -251,6 +340,8 @@ lpol_properties:
251
340
  - 1TR
252
341
  - recoveryOS
253
342
  - macOS
343
+ recm:
344
+ RNCH:
254
345
  rolp:
255
346
  description: recoveryOS local policy
256
347
  type: boolean
@@ -285,6 +376,9 @@ lpol_properties:
285
376
  - 1TR
286
377
  - recoveryOS
287
378
  - macOS
379
+ rsep:
380
+ SDOM:
381
+ sepi:
288
382
  sip0:
289
383
  title: System Integrity Protection (SIP) 0 Status - Overall
290
384
  description: The sip0 holds the existing System Integrity Protection (SIP) policy
@@ -324,10 +418,13 @@ lpol_properties:
324
418
  description: Secure Multi-Boot 3 - DEP-allowed MDM Control
325
419
  smb5:
326
420
  description: Unknown - but known to exist in Factory signing
421
+ snon:
327
422
  snuf:
328
423
  description: Software Nonce For Update Freshness
329
424
  spih:
330
425
  description: Cryptex1 Image4 Hash
426
+ tbmr:
427
+ tbms:
331
428
  vuid:
332
429
  title: APFS volume group UUID (vuid)
333
430
  description: The vuid indicates the volume group the kernel should use as root.
@@ -373,12 +470,14 @@ cryptex_properties:
373
470
  pave:
374
471
  description: Pre-authorization Version (XNU) The version of a pre-authorized Cryptex.
375
472
  type: string
473
+ name: Cryptex1,PreauthorizationVersion
376
474
  roots:
377
475
  - ExtraContent
378
476
  snuf:
379
477
  description: SoftwareNonceForUpdateFreshness
380
478
  styp:
381
479
  description: Crytpex Subtype
480
+ name: Cryptex1,SubType
382
481
  type: u32
383
482
  alias:
384
483
  - cryptex subtype
@@ -386,10 +485,12 @@ cryptex_properties:
386
485
  - ExtraContent
387
486
  type:
388
487
  description: Cryptex Type
488
+ name: Cryptex1,Type
389
489
  type: integer
390
490
  roots:
391
491
  - ExtraContent
392
492
  UDID:
493
+ name: Cryptex1,UDID
393
494
  description: universal device identifier
394
495
  vnum:
395
496
  description: Version Number - Update Maximum
@@ -539,8 +640,10 @@ manifest_properties:
539
640
  description: Internal Use Only Software
540
641
  iuou:
541
642
  description: Internal Use Only Unit
643
+ name: Ap,InternalUseOnlyUnit
542
644
  LNCH:
543
645
  description: Local Policy Next Cryptographic Hash
646
+ name: ApLocalNonceHash
544
647
  love:
545
648
  title: Long Operating System Version (love)
546
649
  description: The love indicates the OS version that the LocalPolicy is created
@@ -548,6 +651,7 @@ manifest_properties:
548
651
  creation and is used to enforce recoveryOS pairing restrictions.
549
652
  type: string
550
653
  example: 21.3.66.0.0,0
654
+ name: Ap,OSLongVersion
551
655
  access:
552
656
  write:
553
657
  - 1TR
@@ -557,6 +661,7 @@ manifest_properties:
557
661
  - ManifestKey-DataCenter
558
662
  lpol:
559
663
  description: Local Policy
664
+ manx:
560
665
  mmap:
561
666
  description: Memory Map
562
667
  Mod#:
@@ -567,6 +672,7 @@ manifest_properties:
567
672
  prtp:
568
673
  description: Product Type String
569
674
  type: string
675
+ name: Ap,ProductType
570
676
  example: iPhone16,2
571
677
  roots:
572
678
  - ManifestKey-DataCenter
@@ -589,9 +695,18 @@ manifest_properties:
589
695
  description: Research mode
590
696
  rsch:
591
697
  description: research mode
698
+ rso0:
699
+ name: Ap,RestoreSecurityOverrides0
700
+ rso1:
701
+ name: Ap,RestoreSecurityOverrides1
702
+ rso2:
703
+ name: Ap,RestoreSecurityOverrides2
704
+ rso3:
705
+ name: Ap,RestoreSecurityOverrides3
592
706
  sdkp:
593
707
  description: SDK Platform
594
708
  type: string
709
+ name: Ap,SDKPlatform
595
710
  roots:
596
711
  - ManifestKey-DataCenter
597
712
  values:
@@ -613,11 +728,12 @@ manifest_properties:
613
728
  seid:
614
729
  description: Secure Enclave ID - Root Domain
615
730
  sika:
616
- description: System Identity Key Access
731
+ description: System Identity Key Access/Attestation?
732
+ name: Ap,SikaFuse
617
733
  SNON:
618
734
  description: SEP Nonce
619
735
  snon:
620
- description: SEP Nonce
736
+ description: SEP Nonce (Yes it differs by case)
621
737
  SrNm:
622
738
  description: Unit Serial Number
623
739
  manifest: true
@@ -630,6 +746,7 @@ manifest_properties:
630
746
  description: Server nonce
631
747
  tatp:
632
748
  description: Target Type (board name)
749
+ name: Ap,TargetType
633
750
  roots:
634
751
  - ManifestKey-DataCenter
635
752
  TMac:
@@ -903,12 +1020,14 @@ img4_tags:
903
1020
  description:
904
1021
  aciw:
905
1022
  description:
1023
+ adba:
906
1024
  ADCL:
907
1025
  description: Apple Display Calibration
908
1026
  ader:
909
1027
  description:
910
1028
  agfi:
911
1029
  description:
1030
+ anid:
912
1031
  anrd:
913
1032
  description: Apple Notarized Ram Disk
914
1033
  aofi:
@@ -921,10 +1040,13 @@ img4_tags:
921
1040
  description:
922
1041
  auac:
923
1042
  description:
1043
+ batf:
1044
+ berb:
924
1045
  BLDS:
925
1046
  description: Boot LocalPolicy Digest String?
926
1047
  bles:
927
1048
  description:
1049
+ BNCN:
928
1050
  cfel:
929
1051
  description:
930
1052
  firmware_name: CFELoader
@@ -969,6 +1091,7 @@ img4_tags:
969
1091
  description: Emulated GID3 Nonce
970
1092
  eg3t:
971
1093
  description: Emulated GID3 Type
1094
+ eply:
972
1095
  esca:
973
1096
  description: Emulated System Certificate Authority
974
1097
  fdrs:
@@ -983,10 +1106,15 @@ img4_tags:
983
1106
  description:
984
1107
  ftot:
985
1108
  description: Factory Trust/FIPS Test? - Other / Original Trust
1109
+ fuos:
1110
+ gdmg:
1111
+ ginf:
986
1112
  ging:
987
1113
  description:
988
1114
  glyc:
989
1115
  description: Gyroscope Calibration
1116
+ gtcd:
1117
+ gtgv:
990
1118
  hash:
991
1119
  description:
992
1120
  hclo:
@@ -1016,6 +1144,7 @@ img4_tags:
1016
1144
  description: Locker - Used for Effaceable Storage end Obliteration
1017
1145
  lphp:
1018
1146
  description: Local Policy Hash Protection?
1147
+ lpol:
1019
1148
  ltrs:
1020
1149
  description: Local TrustStore Recovery System?
1021
1150
  manx:
@@ -1044,7 +1173,8 @@ img4_tags:
1044
1173
  ooth:
1045
1174
  description: Other OS Translator (Rosetta) Hash?
1046
1175
  osev:
1047
- description: Other System (Rosetta) Environment?
1176
+ description: Operating System Environment
1177
+ name: Ap,OSEnvironment
1048
1178
  osrd:
1049
1179
  description: Other System (Rosetta) Ramdisk?
1050
1180
  otes:
@@ -1069,26 +1199,22 @@ img4_tags:
1069
1199
  description:
1070
1200
  prid:
1071
1201
  description: Encrypted Private Key / Private Key Info / Private Recovery Identity?
1202
+ prot:
1072
1203
  ptrp:
1073
1204
  rbmt:
1074
1205
  description: Restore Boot Monitor?
1075
1206
  firmware_name: RBM
1076
1207
  rddg:
1077
1208
  description: Ramdisk for Debugging
1078
- rso0:
1079
- description:
1080
- rso1:
1081
- description:
1082
- rso2:
1083
- description:
1084
- rso3:
1085
- description:
1209
+ refk:
1086
1210
  rtpf:
1087
1211
  description:
1088
1212
  slvn:
1089
1213
  description:
1214
+ snid:
1090
1215
  SPTM:
1091
1216
  description: Secure Page Table Monitor
1217
+ srvn:
1092
1218
  ssca:
1093
1219
  description: SEP Subject Certificate Authority?
1094
1220
  ster:
@@ -1117,3 +1243,54 @@ img4_tags:
1117
1243
  description: VMWare?
1118
1244
  xugs:
1119
1245
  description: x64 User System Disk
1246
+ der:
1247
+ uikp:
1248
+ description: UIK Public
1249
+ kid:
1250
+ description: Key UUID
1251
+ aonm:
1252
+ description: AON Mask
1253
+ rkm:
1254
+ description: Ref Key Mask / Key Ref MAC (message authentication code)
1255
+ bid:
1256
+ description: Key BID
1257
+ cpo:
1258
+ description: Key ACL Constraint Policy
1259
+ ckon:
1260
+ description: Key ACL Constraint K of N (Shamir Key Split)
1261
+ cup:
1262
+ description: Key ACL Constraint User Passcode
1263
+ kv:
1264
+ description: Key Version
1265
+ kt:
1266
+ description: Key Type
1267
+ pub:
1268
+ description: Public Key
1269
+ id:
1270
+ description: Key ID
1271
+ ag:
1272
+ description: Access Groups
1273
+ p:
1274
+ description: Passcode
1275
+ iter:
1276
+ description: Iterations (Hash Rounds)
1277
+ acmh:
1278
+ description: ACM (Apple Credential Manager) Handle
1279
+ wk:
1280
+ description: Wrapped Key
1281
+ pad:
1282
+ description: Key Padding (Block alignment bytes)
1283
+ tag:
1284
+ description: Key Tag
1285
+ ed:
1286
+ description: External Data
1287
+ pd:
1288
+ description: Protected Data
1289
+ ad:
1290
+ description: Authentication Data
1291
+ d:
1292
+ description: Data
1293
+ bc:
1294
+ description: Keybag Class
1295
+ rk:
1296
+ description: Key Ref Key
@@ -0,0 +1,6 @@
1
+ ---
2
+ metadata:
3
+ description: The Apple Secure Multi-Boot Schema (Apple Silicon Only) and Local Policy
4
+ System
5
+ credits:
6
+ - rickmark
data/share/sip.yaml CHANGED
@@ -21,15 +21,16 @@ csr_flags:
21
21
  always_enforced: true
22
22
  CSR_ALLOW_APPLE_INTERNAL:
23
23
  value: 16
24
- description:
24
+ description: Allows for AppleInternal (non-production signed code)
25
25
  disable_default: true
26
26
  CSR_ALLOW_DEVICE_CONFIGURATION:
27
27
  value: 128
28
- description:
28
+ description: This indicates that the device is booted into a mode whereby `bputil`
29
+ will allow changes
29
30
  always_enforced: true
30
31
  CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE:
31
32
  value: 1024
32
- description: override spctl or executable policy
33
+ description: override trust-cache or executable policy
33
34
  CSR_ALLOW_KERNEL_DEBUGGER:
34
35
  value: 8
35
36
  description: allow using the kernel debugger (KDP) - requires configuring the
@@ -37,14 +38,14 @@ csr_flags:
37
38
  disable_default: true
38
39
  CSR_ALLOW_TASK_FOR_PID:
39
40
  value: 4
40
- description: allow getting the pid task, required for debugging
41
+ description: allow getting the pid task, required for privileged debugging
41
42
  disable_default: true
42
43
  CSR_ALLOW_UNAPPROVED_KEXTS:
43
44
  value: 512
44
45
  description: do not require kext approval (managed in the T2 when it exists)
45
46
  CSR_ALLOW_UNAUTHENTICATED_ROOT:
46
47
  value: 2048
47
- description:
48
+ description: Permits the root filesystem to lack SSV (signed system volume) protection
48
49
  CSR_ALLOW_UNRESTRICTED_DTRACE:
49
50
  aliases:
50
51
  - CSR_ALLOW_DESTRUCTIVE_DTRACE
@@ -64,3 +65,36 @@ csr_flags:
64
65
  value: 1
65
66
  description: allow loading kernel extensions that are not signed
66
67
  disable_default: true
68
+ csrutil:
69
+ flags:
70
+ "--no-internal":
71
+ "--with":
72
+ "--without":
73
+ options:
74
+ basesystem:
75
+ name: BaseSystem Verification
76
+ flag: CSR_ALLOW_ANY_RECOVERY_OS
77
+ nvram:
78
+ name: NVRAM Protections
79
+ flag: CSR_ALLOW_UNRESTRICTED_NVRAM
80
+ debug:
81
+ name:
82
+ flag: CSR_ALLOW_KERNEL_DEBUGGER
83
+ dtrace:
84
+ name: DTrace Restrictions
85
+ flag: CSR_ALLOW_UNRESTRICTED_DTRACE
86
+ fs:
87
+ name: Filesystem Protections
88
+ flag: CSR_ALLOW_UNRESTRICTED_FS
89
+ kext:
90
+ name: Kext Signing
91
+ flag: CSR_ALLOW_UNTRUSTED_KEXTS
92
+ commands:
93
+ status:
94
+ description: Shows
95
+ enable:
96
+ disable:
97
+ netboot:
98
+ report:
99
+ authenticated-root:
100
+ verify-factory-sip:
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: apple-data
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.627
4
+ version: 1.0.629
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rick Mark
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-03-09 00:00:00.000000000 Z
11
+ date: 2024-03-11 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: |2
14
14
  This package includes machine readable data about Apple platforms maintained by hack-different.
@@ -251,6 +251,7 @@ files:
251
251
  - share/keys.yaml
252
252
  - share/launchd/services_bridgeOS_6.1.yaml
253
253
  - share/lightning.yaml
254
+ - share/local_policy.yaml
254
255
  - share/lockdownd.yaml
255
256
  - share/mach_o.yaml
256
257
  - share/mobile_assets.yaml