RubyGems - apple-data - Versions diffs - 1.0.603 → 1.0.604 - Mend

apple-data 1.0.603 → 1.0.604

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6481d521a2e38a707f359222233661bd1732d032d4db3b04951e0b9c7ed80038
-  data.tar.gz: b03d824d4282dfbd6ea02badd95b7a65dc6c32efffa2a7e35a3d57f82cd86b54
+  metadata.gz: 505cf3230870a47f259145e62e3f09e63064d46e3f3b6c34532e41394fcff002
+  data.tar.gz: 3c57444d5e7147281f03a6aa8aad3ea8539e010643dde4b4706f6e223aa43033
 SHA512:
-  metadata.gz: 07ef65c955be0b50e3b7cb3c749107f3d2e7e438c27d88ab566431b155caa921089d32eb218634ddf6034ac1b38576c386f29b7ea256182fa93a9f07737c99a5
-  data.tar.gz: 468030029f6c6572d4f4a5567d817542e493385a8ffe0cce9872095e3cce0a346918cf28dd9185c193671ad67ca7cba060b7949fc5f1b271e4c64cce2a4cb905
+  metadata.gz: 8fcbbf092c4ca492488bd9a95b4812c32d4f8f9d51f86c253799dc3a729fc41da8f21f0407f3fa22b3ad9bc1bb36dd1c8914c60cd73bb8d97c1f9ae921cd8dec
+  data.tar.gz: 2d0d389c91f4ec3ad3b9848536ec093bf8dd2877bed17e2d74df1e9579b820ea61261567086fb4e300ec1a6cc2953070b87c80d064cc01db5d01eec03b17771e

data/lib/apple_data/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module AppleData
-  VERSION = '1.0.603'
+  VERSION = '1.0.604'
 end

data/share/img4.yaml CHANGED Viewed

@@ -2,6 +2,32 @@
 metadata:
   description:
   credits:
+types:
+  digest-object:
+    description: Digest Objects are Firmare or Other Hashable Datastreams.
+      They will exist in NOR, Disk, or be received over USB.  These objects
+      will contain a `DGST` value that is the cryptographic hash of the contents.
+      They can contain additional properties per object, some of which are standard
+      and others that are object specific.
+    common_properties:
+      ESEC:
+      EPRO:
+      EKEY:
+    subtypes:
+      local-boot-object:
+      trust-measurement:
+        description: A trust measurement is requested from the processor to ensure that
+          the boot flow has not changed since a prior time that measurement was taken.
+          To date the trust measurement is commonly found on SEP firmware images.
+      ssv-root-hash:
+        description: Root Hash values are used to validate the Signature of an APFS Signed
+          volume or snapshot.  They will be paired to a coresponding disk image.  Some also
+          are paired with `ssv-merkle-tree` which includes the metadata for the volume.
+      trust-cache:
+      img4-disk-image:
+        description: Disk images are often signed IMG4 payloads used for USB boot or as the
+          arm64BaseSystem.dmg.  IMG4 is used for smaller disk images that can be entirely
+          validated "single shot" unlike larger disks which use SSV and validate on read.
 img4_tags:
   acfw:
     description:
@@ -22,12 +48,18 @@ img4_tags:
     type: boolean
   anef:
     description: Apple Neural Engine Firmware
+    type: digest-object
+    roots:
+    - ManifestKey-DataCenter
   anrd:
     description:
   aofi:
     description:
   aopf:
     description: Always on processor firmware
+    type: digest-object
+    roots:
+    - ManifestKey-DataCenter
   apmv:
     description:
   ater:
@@ -37,9 +69,14 @@ img4_tags:
   auac:
     description:
   aubt:
-    description:
+    description: Auxiliary
   augs:
-    description: Included in APTicket CA extensions
+    description:
+      Auxiliary User System Image
+      Included in APTicket CA extensions, as well as factory manifests.
+    roots:
+      - ExtraContent
+      - ManifestKey
   aupr:
     description:
   auxi:
@@ -85,13 +122,16 @@ img4_tags:
       opt in to a more restrictive AuxKC inclusion. The auxp field is a prerequisite for setting the auxr
       field in the LocalPolicy. Users change the auxr value implicitly when they build a new AuxKC from
       the Security & Privacy pane in System Preferences.
-    type: binary
+    type: digest-object
     subtype: sha2-384
     access:
       write:
         - macOS
   avef:
     description: AV Encryption (DRM) Firmware
+    type: digest-object
+    roots:
+    - ManifestKey-DataCenter
   bat0:
     description: battery image 0
   bat1:
@@ -100,11 +140,14 @@ img4_tags:
     description: battery full image
   BLDS:
     description:
   prid:
     description: Encrypted Private Key / Private Key Info
   bles:
     description:
+  rtmu:
+    description: Restore TMU for AP
+    type: digest-object
+    recovery: true
   BNCH:
     description: Boot Nonce Hash - based on the values of com.apple.System.boot-nonces
   BORD:
@@ -118,28 +161,39 @@ img4_tags:
     alias:
       - board-id
   bstc:
-    description:
+    description: Base Sysetm Static Trust Cache
+    type: digest-object
+    subtype: trust-cache
   bsys:
-    description:
+    description: Base System Seal Root Hash
+    type: digest-object
+    subtype: ssv-root-hash
   CEPO:
     description: |-
       Certificate/Chip Epoch.  This is a unit of roll-forward time (monotonic) that allows for any security issues
       in the prior epoch to be fixed by a anti-rollback scheme.
+    nullable: true
+    type: boolean
     alias:
       - chip-epoch
   cfel:
     description:
   chg0:
     description: Charging Image 0
+    type: digest-object
+    subtype: graphic
   faic:
     description:
     type: integer
     default: 0
   chg1:
     description: Charging Image 1
+    type: digest-object
+    subtype: graphic
   CHIP:
     description: Unique identifier for a single Apple designed application processor
       sharing the same GID key
+    type: integer
     width: 2
   nsph:
     description: preboot splat manifest hash
@@ -151,14 +205,17 @@ img4_tags:
     description:
   cmsv:
     description:
+  rans:
+    description: Restore Apple NAND Storage Firmware
+    type: digest-object
   coih:
     title: CustomOS Image4 Manifest Hash (coih)
     description: >
       The `coih` is an SHA384 hash of CustomOS Image4 manifest. The payload for that manifest is used
       by iBoot (instead of the XNU kernel) to transfer control. Users change the `coih` value implicitly when
       they use the `kmutil` configure-boot command-line tool in 1TR.
-    type: binary
-    subtype: sha2-384
+    type: digest-object
+    subtype: IM4M
     access:
       write:
         - 1TR
@@ -166,31 +223,71 @@ img4_tags:
     description: Chip promotion fuse value (what is burned in)
     alias:
       - certificate-production-status
+    nullable: true
     type: boolean
   CSEC:
     description: Burned-in chip security mode
+    type: boolean
+    nullable: true
     alias:
       - certificate-security-mode
   csys:
-    description:
+    description: Install / Restore SSV Root Hash
+    type: digest-object
+    subtype: ssv-root-hash
   dali:
     description:
   data:
     description:
+  casy:
+    description: App Cryptex SSV Root Hash
+    type: digest-object
+    subtype: ssv-root-hash
+    roots:
+    - ExtraContent
+  cssy:
+    description: System Cryptex SSV Root Hash
+    type: digest-object
+    subtype: ssv-root-hash
+    roots:
+    - ExtraContent
   DGST:
     description: payload digest
   diag:
     description:
+  trca:
+    description:
+    type: digest-object
+    roots:
+    - ExtraContent
+  csos:
+    description:
+    type: digest-object
+    roots:
+    - ExtraContent
+  trcs:
+    description:
+    type: digest-object
+    roots:
+    - ExtraContent
   disk:
     description:
   DPRO:
-    description:
+    description: Demote from Production Request
+      Value is used by TSS sever to issue EPRO values, or effective AP prodctuion state.
   DSEC:
-    description:
+    description: Demote from Secure Request
+      Value is used by TSS server to issue ESEC values, or effective AP Security Mode should the
+      requester be authorized.  These requests are not available to consumers, only to Apple Internal.
   dtre:
     description: device tree
+    type: digest-object
+    subtype: device-tree
   dtrs:
     description: device tree for recovery
+    type: digest-object
+    subtype: device-tree
+    recovery: true
   ECID:
     description: Exclusive chip identifier.  This is burned into an eFuse at time
       of manufacture and unique across all devices sharing the same CHIP
@@ -211,10 +308,16 @@ img4_tags:
     description:
   EKEY:
     description: Effective chip promoted
+    nullable: false
+    type: boolean
   EPRO:
     description: Effective chip promotion / demotion state (if CPFM 03 this must be 0 to set ESEC)
     alias:
       - effective-production-status-ap
+    nullable: false
+    type: boolean
+  secb:
+    description: Sets a security value such as `trst` or the FDR signing trust object.  "security blob?"
   esca:
     description:
   hrlp:
@@ -231,6 +334,7 @@ img4_tags:
         - macOS
   esdm:
     description: Extended Security Domain fuses
+    type: integer
     alias:
       - esdm-fuses
   styp:
@@ -238,6 +342,37 @@ img4_tags:
     type: u32
     alias:
       - cryptex subtype
+    roots:
+    - ExtraContent
+  acid:
+  WSKU:
+    description: Wireless SKU
+  WMac:
+    description: Wireless MAC Address
+  TMac:
+    description: Thunderbolt MAC Address
+    manifest: true
+  BMac:
+    description: Bluetooth MAC Address
+    manifest: true
+  SrNm:
+    description: Unit Serial Number
+    manifest: true
+  ptrp:
+  snuf:
+    description: Staged next update firmware?
+  Regn:
+    description: Region Code
+    example: LL/A
+    type: string
+    manifest: true
+  Mod#:
+  CLHS:
+  HmCA:
+  FSCl:
+  ADCL:
+  clid:
+  hop0:
   oppd:
     description: Unknown, used by `stg1`/`sepi` - sha384 hash sized
   ESEC:
@@ -247,25 +382,49 @@ img4_tags:
   euou:
     description: engineering use-only unit
   clas:
-    description: product class (often used in FDR specificatons)
+    description: Class for Key / Object - Found in FDR objects
+    examples:
+    roots:
+    - ExtraContent
   psmh:
     description: previous stage manifest hash
   fchp:
-    description: Cryptex1,ChipID
+    description: Cryptex1,ChipID - Mask
+    roots:
+    - ExtraContent
   fdrs:
     description:
+  rvok:
+    description: Trust object revocation list
+  trpk:
+    description: Trust public keys
+  rssl:
+    description: The valid CA used for secure communications with the FDR server to obtain the FDR objects.  This
+      differs from the `trst` object as `rssl` is in transit and `trst` is at rest.
   fdrt:
     description:
   file:
     description:
   fpgt:
     description:
+  ftab:
+    description: >
+      Factory Trust - Auto Boot
+      FTAB images (used for devices such as AirPods, etc) are "hacktivated" or pre-APTicket'ed devices as they
+      lack either a restore connection, or persistet memory.  Common early usage of this was the Heywire dongles
+      used for video conversion on the Mac.  It was simplest for the device to lack NAND and simply receive the
+      firmware from a host on powerup.  FTAB files are fully ready to run blobs often including RTKit OS based
+      memory images.
   ftap:
-    description:
+    description: >
+      Factory Trust - Application Processor
+    type: hash
   ftot:
-    description:
+    description: Factory Trust - Other
   ftsp:
-    description:
+    description: Factory Trust - SEP
+    type: hash
   fuos:
     description: Fully Unsigned OS
   gfxf:
@@ -273,7 +432,7 @@ img4_tags:
   ging:
     description:
   glyc:
-    description:
+    description: Gyroscope Calibration
   glyp:
     description:
   hash:
@@ -286,14 +445,34 @@ img4_tags:
     description:
   homr:
     description:
-  hrlp:
-    description:
+  cnch:
+    roots:
+    - ExtraContent
+  ndom:
+    roots:
+    - ExtraContent
+  pave:
+    description: XNU version string?
+    type: string
+    roots:
+    - ExtraContent
   hypr:
     description: Hypervisor
   iBEC:
     description: iBoot Epoch Change
-  iBoot:
+  ibot:
     description: iBoot
+  ibdt:
+  ibd1:
+  glyP:
+  ibss:
+  dven:
+  dcp2:
+  ciof:
+  batF:
+  ansf:
+  rfcg:
+    type: boolean
   iBSS:
     description: iBoot Second Stage
   ienv:
@@ -315,19 +494,21 @@ img4_tags:
   ispf:
     description: Image Signal Processor Firmware
   isys:
-    description: iBridge System
+    description: Install System SSV Root Hash
   itst:
     description:
   iuob:
     description:
   iuos:
-    description:
+    description: Internal Use Only Software
   iuou:
-    description:
+    description: Internal Use Only Unit
   kdlv:
     description:
   krnl:
     description: Kernel
+  acdc:
+    description:
   kuid:
     title: Key encryption key (KEK) Group UUID (kuid)
     description: >
@@ -348,7 +529,8 @@ img4_tags:
   LNCH:
     description:
   lobo:
-    description: Local Boot
+    description: Local Boot Object.  Indicates that the object is to be used as the target of a local boot only
+      and not provided by the server for remote / DFU boots.
   logo:
     description: Apple logo image
   love:
@@ -363,16 +545,25 @@ img4_tags:
         - 1TR
         - recoveryOS
         - macOS
+    roots:
+    - ManifestKey-DataCenter
   prtp:
     description: Product ID String
     type: string
     example: iPhone16,2
+    roots:
+    - ManifestKey-DataCenter
   sdkp:
-    description: SEP Product Type
+    description: SDK for Product
     type: string
-    example: iphoneos
+    roots:
+    - ManifestKey-DataCenter
+    values:
+    - iphoneos
+    - macos
   lphp:
     description:
+  mspr:
   lpnh:
     title: LocalPolicy Nonce Hash (lpnh)
     description: >
@@ -401,7 +592,7 @@ img4_tags:
   magg:
     description:
   MANB:
-    description:
+    description: Manifest B
   MANP:
     description: Manifest Payload
   manx:
@@ -421,7 +612,7 @@ img4_tags:
   msec:
     description:
   msys:
-    description:
+    description: Merkle Tree Metadata for System Disk
   mtfw:
     description:
   name:
@@ -433,7 +624,8 @@ img4_tags:
   nsrv:
     description:
   OBJP:
-    description:
+    description: Object Properties - Values that may be assigned per "object" (firmawres) that contain a `DGST`
+    type: sequence
   omer:
     description:
   ooth:
@@ -462,6 +654,8 @@ img4_tags:
     description:
   pmpf:
     description: Power Management Processor Firmware
+    type: digest-object
+    subtype:
   pndp:
     description:
   prot:
@@ -472,8 +666,8 @@ img4_tags:
       over time (because nonces like lpnh are frequently updated). The prot field, which is found only in each
       macOS LocalPolicy, provides a pairing to indicate the recoveryOS LocalPolicy that corresponds to the
       macOS LocalPolicy.
-    type: binary
-    subtype: sha2-384
+    type: digest-object
+    subtype: trust-measurement
     access:
       write:
         - 1TR
@@ -481,18 +675,25 @@ img4_tags:
         - macOS
   rbmt:
     description:
+  mtpf:
   rddg:
     description:
   rdsk:
-    description: Restore Disk Image
+    description: Restore Disk Image / ramdisk
   rdtr:
     description:
   recm:
     description:
+  rcfg:
+    description: >
+      Appears in certificates issues by factory such as `T6031-SDOM1-TssLive-ManifestKey-RevA-Factory`.
+      Potentially indicates that the policy is for a recovery boot only.
+    type: boolean
   rfta:
     description:
   rfts:
     description:
+  rdcp:
   rkrn:
     description: restore kernel
   rlgo:
@@ -501,6 +702,7 @@ img4_tags:
     description:
   rolp:
     description: recoveryOS local policy
+    type: boolean
   ronh:
     title: recoveryOS Nonce Hash (ronh)
     description: >
@@ -533,6 +735,8 @@ img4_tags:
       change the nsih value implicitly when they perform a software update.
     type: binary
     subtype: sha2-384
+    context:
+      lpol:
     access:
       write:
         - 1TR
@@ -541,9 +745,10 @@ img4_tags:
   spih:
     description: Cryptex1 Image4 Hash
   stng:
-    description: Cryptex1 Generation
+    description: Cryptex1 Generation / Cryptex type?
   auxh:
     description: User Authorized Kext List Hash
+    context:
   rpnh:
     title: Remote Policy Nonce Hash (rpnh)
     description: >
@@ -559,15 +764,19 @@ img4_tags:
         - macOS
   RSCH:
     description: Research mode
+  rcio:
+    description: Restore CIO
   fgpt:
-    description: factory pre-release global trust
+    description: factory glob al pre-release trust
   UDID:
     description: universal device identifier
   rsch:
     description: research mode
   vnum:
-    description: maximum restore version
+    description: Version Number - Update Maximum
     type: string
+    roots:
+    - ExtraContent
   rsep:
     description: Restore SEP Image, paired with oppd/tbms
     type: string
@@ -622,21 +831,21 @@ img4_tags:
   slvn:
     description:
   smb0:
-    description: Secure Multi-Boot 0 - Security Mode - Full Security, Reduced, Disabled
+    description: Secure Multi-Boot 0 - Security Mode - Full Security, Reduced, Disabled - Setting to 1 sets to reduced
   smb1:
-    description: Secure Multi-Boot 1
+    description: Secure Multi-Boot 1 - Setting to 1 allows Permissive
   smb2:
     description: Secure Multi-Boot 2 - 3rd Party Kexts Status
   smb3:
     description: Secure Multi-Boot 3 - User-allowed MDM Control
   smb4:
     description: Secure Multi-Boot 3 - DEP-allowed MDM Control
+  smb5:
+    description: Unknown - but known to exist in Factory signing
   SNON:
     description: SEP Nonce
   snon:
     description: SEP Nonce
-  snuf:
-    description:
   srnm:
     description:
   ster:
@@ -644,12 +853,14 @@ img4_tags:
   svrn:
     description: Server nonce
   tbmr:
-    description: Trusted Boot Measurement (Root?)
+    description: Trusted Boot Measurement (Recovery/Root?)
   tbms:
     description: Trusted Boot Measurement (Signature?)
     notes: Likely encrypted by the SEP and opaque to the AP
   tatp:
-    description: Board Name (such as d84)
+    description: Board Name (such as d84) - Target AP Test
+    roots:
+    - ManifestKey-DataCenter
   tery:
     description:
   test:
@@ -657,11 +868,19 @@ img4_tags:
   tics:
     description:
   trst:
-    description: Trust Cache
+    description: Trust Object
   tsys:
     description:
   type:
     description: Cryptex Type
+    type: integer
+    roots:
+    - ExtraContent
+  caos:
+    description:
+    type: digest-object
+    root:
+    - ExtraContent
   ucer:
     description: User Cert
   ucon:
@@ -671,6 +890,8 @@ img4_tags:
   uidm:
     description:
     type: boolean
+    roots:
+    - ManifestKey-DataCenter
   vice:
     description:
   vkdl:
@@ -689,6 +910,9 @@ img4_tags:
       - macOS
   ware:
     description:
+  sski:
+    description: SHA2 os some kind
+    type: binary
   inst:
     descryption: The key or file to install
   wchf:

data/share/pki.yaml CHANGED Viewed

@@ -5,10 +5,10 @@ metadata:
 certificate_names:
   dcrt: device certificate
   dcrt-oid: device owner certificate
-  lcrt: local certificate?
+  lcrt: Lynx / Secure Storage for SEP Certificate
   pcrt: product/production certificate?
   rcrt: remote/recovery certificate?
-  scrt: server certificate?
+  scrt: SEP Certificate
   tcrt: test certificate?
   ucrt: user certificate (mapps to a single iCloud account)
   vcrt: virtual certificate?
@@ -47,17 +47,23 @@ oids:
     example:
       PUT/FSCl:sik-FXFYFXFFYFFEX-QQRRRDEETFEFYCEIESLIREILCILESCLSELRESERSER
   - oid: 1.2.840.113635.100.6.1.15
+    name: TSS Signing Delegation Constraints
     description:
-      To be signed certificate...
-      Contains the boot policy of the machine during certificate issuance
-      based on boot policy.  includes BORD, ronh, lobo, SDOM, lpnh, rpnh
-      BNCH, CSEC, CHIP, ECID, CPEO, OBJP, EPRO, DPRO, ESEC, DSEC and DGST
+      Constriction on values that can be specified or signed by this certificate.  Conatins two sub-sequesnces, the MANP (Manifest Properties)
+      and the OBJP (Object Properties).  Manifest properties are at the issued IM4M, and object properties are per signed object (firmware).
+      Values of NULL mean tha tthis certificate can sign any value for that property, values that are set are values that must be signed
+      with that value by this certificate.  This is how for example `T6031-SDOM1` is enforced.  The certificate for that set of servers
+      have a null value for ECID (meaning it can be used for any ECID) and have fixed values for CHIP / Security Domain SDOM.
+      This is how Live TSS for customers differs from factory signing in what properties it can include.  Factory only manifest properties
+      include `augs`, `uidm`
     found_in:
       - ucrt
       - dcrt-oid
     issuers:
       - Basic Attestation User Sub CA2
       - FDRDC-UCRT-SUBCA
+      - T6031-SDOM1-TssLive-ManifestKey-RevA-Factory
     ous:
       - BAA Certification
       - ucrt Leaf Certificate
@@ -80,7 +86,7 @@ oids:
   - oid: 1.2.840.113635.100.7.1.1
     apple_description: 'Apple FairPlay certificate extended Application Authentication & Authorization: Policy'
   - oid: 1.2.840.113635.100.8.4
-    description: contains 3 integer values in ASN1, the second of which seems to be a 64bit mask of 0xFE000000
+    description: Contains a sequence of integer values.  Some are 0, some are 1, others appear to be int32 bitmasks.
     is_asn_body: true
     is_extension: true
     found_in:
@@ -91,6 +97,7 @@ oids:
     ous:
       - BAA Certification
   - oid: 1.2.840.113635.100.8.5
+    description: Similar in nature to `1.2.840.113635.100.8.4`. Non-integer values observed of `ssca`.
     is_asn_body: true
     is_extension: true
     found_in:
@@ -190,3 +197,28 @@ known_symbols:
     - _oidAppleTVOSApplicationSigningProdQA
 roots:
   FDR-CA1-ROOT-CM:
+  FDR-DC-SSL-ROOT:
+  FDR Sealing Server CA 1:
+    subordinate_cas:
+      FDR-SS-CM-E1:
+  Basic Attestation User Root CA:
+    subordinate_cas:
+      Basic Attestation User Sub CA2:
+        description:
+          Issues `ucrt` subordinate CA's that are used for user level signing.  Under this `BAA Certification`
+          certs are issued.
+  Apple Secure Boot Root CA - G6:
+    subordinate_cas:
+      T6031-SDOM1-RecoveryBoot-RevA-Factory:
+        description:
+      T6031-SDOM1-TssLive-ManifestKey-RevA-Factory:
+  Apple X86 Secure Boot Root CA - G1:
+    subject_key_id: 301680147D73CE0A3B41A1A352D2B1141EF6F5B4DD76E6E8
+    subordinate_cas:
+      T6031-SDOM1-TssLive-ManifestKey-Global-RevA-DataCenter:
+        subject_key_id: 0414D8B9E3E9C4A1C542ECB72FC2CF0C2F861E1B3EEF
+  Apple Extra Content Global Root CA - G1:
+    subject_key_id: 30168014AA63251D082C72A381536C94D2864995881CB0D0
+    subordinate_cas:
+      ZFF10-SDOM1-TssLive-ManifestKey-ExtraContent-Global-RevA-DataCenter:
+        subject_key_id: 041442FEAB470561CE2A7471B55AC0D81AB7536F4B36

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: apple-data
 version: !ruby/object:Gem::Version
-  version: 1.0.603
+  version: 1.0.604
 platform: ruby
 authors:
 - Rick Mark
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-15 00:00:00.000000000 Z
+date: 2024-02-18 00:00:00.000000000 Z
 dependencies: []
 description: |2
       This package includes machine readable data about Apple platforms maintained by hack-different.