/*! * @header * Cryptex1 chip environments. */ #ifndef __IMG4_CHIP_CRYPTEX1_H #define __IMG4_CHIP_CRYPTEX1_H #ifndef __IMG4_INDIRECT #error "Please #include instead of this file directly" #endif // __IMG4_INDIRECT __BEGIN_DECLS OS_ASSUME_NONNULL_BEGIN OS_ASSUME_PTR_ABI_SINGLE_BEGIN /*! * @const IMG4_CHIP_CRYPTEX1_BOOT * A virtual coprocessor environment hosted on the AP which derives its unique * identity from the hosting AP. This chip assists in booting the AP's * userspace. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20211126 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_boot; #define IMG4_CHIP_CRYPTEX1_BOOT (&_img4_chip_cryptex1_boot) #else #define IMG4_CHIP_CRYPTEX1_BOOT (img4if->i4if_v17.chip_cryptex1_boot) #endif /*! * @const IMG4_CHIP_CRYPTEX1_BOOT_REDUCED * A virtual coprocessor environment hosted on the reduced-security AP which * derives its unique identity from the hosting AP. This chip assists in booting * the AP's userspace. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20211126 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_boot_reduced; #define IMG4_CHIP_CRYPTEX1_BOOT_REDUCED \ (&_img4_chip_cryptex1_boot_reduced) #else #define IMG4_CHIP_CRYPTEX1_BOOT_REDUCED \ (img4if->i4if_v17.chip_cryptex1_boot_reduced) #endif /*! * @const IMG4_CHIP_CRYPTEX1_BOOT_PROPOSAL * Equivalent to {@link IMG4_CHIP_CRYPTEX1_BOOT} with internal use constraints * relaxed to permit verification in scenarios where the currently-booted AP may * not represent the ultimate execution environment. * * @discussion * This environment should not be used for payload execution on the AP and is * intended to facilitate local policy signing in the SEP. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20220401 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_boot_proposal; #define IMG4_CHIP_CRYPTEX1_BOOT_PROPOSAL (&_img4_chip_cryptex1_boot_proposal) #else #define IMG4_CHIP_CRYPTEX1_BOOT_PROPOSAL \ (img4if->i4if_v18.chip_cryptex1_boot_proposal) #endif /*! * @const IMG4_CHIP_CRYPTEX1_BOOT_REDUCED_PROPOSAL * Equivalent to {@link IMG4_CHIP_CRYPTEX1_BOOT_REDUCED} with internal use * constraints relaxed to permit verification in scenarios where the currently- * booted AP may not represent the ultimate execution environment. * * @discussion * This environment should not be used for payload execution on the AP and is * intended to facilitate local policy signing in the SEP. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20220401 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_boot_reduced_proposal; #define IMG4_CHIP_CRYPTEX1_BOOT_REDUCED_PROPOSAL \ (&_img4_chip_cryptex1_boot_reduced_proposal) #else #define IMG4_CHIP_CRYPTEX1_BOOT_REDUCED_PROPOSAL \ (img4if->i4if_v18.chip_cryptex1_boot_reduced_proposal) #endif /*! * @const IMG4_CHIP_CRYPTEX1_BOOT_X86 * A virtual coprocessor environment hosted on an x86 chip which has no unique * identity. This chip assists in booting the x86 processor's userspace. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20211126 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_boot_x86; #define IMG4_CHIP_CRYPTEX1_BOOT_X86 (&_img4_chip_cryptex1_boot_x86) #else #define IMG4_CHIP_CRYPTEX1_BOOT_X86 (img4if->i4if_v17.chip_cryptex1_boot_x86) #endif /*! * @const IMG4_CHIP_CRYPTEX1_BOOT_STATIC_X86 * A virtual coprocessor environment hosted on an x86 chip which has no unique * identity. This chip assists in booting the x86 processor's userspace. This * chip has no ability to enforce expiration on its manifests. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20220912 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_boot_static_x86; #define IMG4_CHIP_CRYPTEX1_BOOT_STATIC_X86 \ (&_img4_chip_cryptex1_boot_static_x86) #else #define IMG4_CHIP_CRYPTEX1_BOOT_STATIC_X86 \ (img4if->i4if_v19.chip_cryptex1_boot_static_x86) #endif /*! * @const IMG4_CHIP_CRYPTEX1_BOOT_RELAXED_X86 * A virtual coprocessor environment hosted on an x86 chip which has no unique * identity and has secure boot disabled. This chip assists in booting the x86 * processor's userspace. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20220711 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_boot_relaxed_x86; #define IMG4_CHIP_CRYPTEX1_BOOT_RELAXED_X86 \ (&_img4_chip_cryptex1_boot_relaxed_x86) #else #define IMG4_CHIP_CRYPTEX1_BOOT_RELAXED_X86 \ (img4if->i4if_v19.chip_cryptex1_boot_relaxed_x86) #endif /*! * @const IMG4_CHIP_CRYPTEX1_BOOT_VMA2 * A virtual coprocessor environment hosted on a virtualized ARM AP which * derives its unique identity from the hosting AP. This chip assists in booting * the AP's userspace. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20220128 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_boot_vma2; #define IMG4_CHIP_CRYPTEX1_BOOT_VMA2 (&_img4_chip_cryptex1_boot_vma2) #else #define IMG4_CHIP_CRYPTEX1_BOOT_VMA2 (img4if->i4if_v17.chip_cryptex1_boot_vma2) #endif /*! * @const IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE * A virtual coprocessor environment hosted on a virtualized ARM AP which * derives its unique identity from the hosting AP. This chip assists in booting * the AP's userspace. This is the clone version which doesn't enforce ECID * and UDID. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20220322 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_boot_vma2_clone; #define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE \ (&_img4_chip_cryptex1_boot_vma2_clone) #else #define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE \ (img4if->i4if_v18.chip_cryptex1_boot_vma2_clone) #endif /*! * @const IMG4_CHIP_CRYPTEX1_BOOT_VMA2_PROPOSAL * Equivalent to {@link IMG4_CHIP_CRYPTEX1_BOOT_VMA2} with internal use * constraints relaxed to permit verification in scenarios where the currently- * booted AP may not represent the ultimate execution environment. * * @discussion * This environment should not be used for payload execution on the AP and is * intended to facilitate local policy signing in the BootPolicy kext. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20220401 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_boot_vma2_proposal; #define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_PROPOSAL \ (&_img4_chip_cryptex1_boot_vma2_proposal) #else #define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_PROPOSAL \ (img4if->i4if_v18.chip_cryptex1_boot_vma2_proposal) #endif /*! * @const IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE_PROPOSAL * Equivalent to {@link IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE} with internal use * constraints relaxed to permit verification in scenarios where the currently- * booted AP may not represent the ultimate execution environment. * * @discussion * This environment should not be used for payload execution on the AP and is * intended to facilitate local policy signing in the BootPolicy kext. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20220401 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_boot_vma2_clone_proposal; #define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE_PROPOSAL \ (&_img4_chip_cryptex1_boot_vma2_clone_proposal) #else #define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE_PROPOSAL \ (img4if->i4if_v18.chip_cryptex1_boot_vma2_clone_proposal) #endif /*! * @const IMG4_CHIP_CRYPTEX1_PREBOOT * A virtual coprocessor environment hosted on the AP which derives its unique * identity from the hosting AP. This chip permits executing payloads intended * for the next boot prior to that boot. It does not assist in booting the AP. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20211126 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_preboot; #define IMG4_CHIP_CRYPTEX1_PREBOOT (&_img4_chip_cryptex1_preboot) #else #define IMG4_CHIP_CRYPTEX1_PREBOOT (img4if->i4if_v17.chip_cryptex1_preboot) #endif /*! * @const IMG4_CHIP_CRYPTEX1_PREBOOT_REDUCED * A virtual coprocessor environment hosted on the reduced-security AP which * derives its unique identity from the hosting AP. This chip permits executing * payloads intended for the next boot prior to that boot. It does not assist in * booting the AP. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20211126 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_preboot_reduced; #define IMG4_CHIP_CRYPTEX1_PREBOOT_REDUCED \ (&_img4_chip_cryptex1_preboot_reduced) #else #define IMG4_CHIP_CRYPTEX1_PREBOOT_REDUCED \ (img4if->i4if_v17.chip_cryptex1_preboot_reduced) #endif /*! * @const IMG4_CHIP_CRYPTEX1_PREBOOT_X86 * A virtual coprocessor environment hosted on an x86 chip which has no unique * identity. This chip permits executing payloads intended for the next boot * prior to that boot. It does not assist in booting the x86 chip. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20211126 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_preboot_x86; #define IMG4_CHIP_CRYPTEX1_PREBOOT_X86 \ (&_img4_chip_cryptex1_preboot_x86) #else #define IMG4_CHIP_CRYPTEX1_PREBOOT_X86 \ (img4if->i4if_v17.chip_cryptex1_preboot_x86) #endif /*! * @const IMG4_CHIP_CRYPTEX1_PREBOOT_STATIC_X86 * A virtual coprocessor environment hosted on an x86 chip which has no unique * identity. This chip permits executing payloads intended for the next boot * prior to that boot. It does not assist in booting the x86 chip. This chip has * no ability to enforce expiration on its manifests. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20211126 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_preboot_static_x86; #define IMG4_CHIP_CRYPTEX1_PREBOOT_STATIC_X86 \ (&_img4_chip_cryptex1_preboot_static_x86) #else #define IMG4_CHIP_CRYPTEX1_PREBOOT_STATIC_X86 \ (img4if->i4if_v19.chip_cryptex1_preboot_static_x86) #endif /*! * @const IMG4_CHIP_CRYPTEX1_PREBOOT_RELAXED_X86 * A virtual coprocessor environment hosted on an x86 chip which has no unique * identity and has secure boot disabled. This chip permits executing payloads * intended for the next boot prior to that boot. It does not assist in booting * the x86 chip. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20220711 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_preboot_relaxed_x86; #define IMG4_CHIP_CRYPTEX1_PREBOOT_RELAXED_X86 \ (&_img4_chip_cryptex1_preboot_relaxed_x86) #else #define IMG4_CHIP_CRYPTEX1_PREBOOT_RELAXED_X86 \ (img4if->i4if_v17.chip_cryptex1_preboot_relaxed_x86) #endif /*! * @const IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2 * A virtual coprocessor environment hosted on a virtualized ARM AP which * derives its unique identity from the hosting AP. This chip permits executing * payloads intended for the next boot prior to that boot. It does not assist in * booting the AP. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20220128 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_preboot_vma2; #define IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2 \ (&_img4_chip_cryptex1_preboot_vma2) #else #define IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2 \ (img4if->i4if_v17.chip_cryptex1_preboot_vma2) #endif /*! * @const IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2_CLONE * A virtual coprocessor environment hosted on a virtualized ARM AP which * derives its unique identity from the hosting AP. This chip permits executing * payloads intended for the next boot prior to that boot. It does not assist in * booting the AP. This is the clone version which doesn't enforce ECID * and UDID. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20220322 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_preboot_vma2_clone; #define IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2_CLONE \ (&_img4_chip_cryptex1_preboot_vma2_clone) #else #define IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2_CLONE \ (img4if->i4if_v18.chip_cryptex1_preboot_vma2_clone) #endif /*! * @const IMG4_CHIP_CRYPTEX1_ASSET * A virtual coprocessor environment hosted on the AP which derives its unique * identity from the hosting AP. This chip assists in executing MobileAsset * brain payloads during runtime, after the host AP has booted its userspace. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20211126 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_asset; #define IMG4_CHIP_CRYPTEX1_ASSET (&_img4_chip_cryptex1_asset) #else #define IMG4_CHIP_CRYPTEX1_ASSET (img4if->i4if_v17.chip_cryptex1_asset) #endif /*! * @const IMG4_CHIP_CRYPTEX1_ASSET_X86 * A virtual coprocessor environment hosted on the AP which derives its unique * identity from the hosting AP. This chip assists in executing MobileAsset * brain payloads during runtime, after the host AP has booted its userspace. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20220401 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_asset_x86; #define IMG4_CHIP_CRYPTEX1_ASSET_X86 (&_img4_chip_cryptex1_asset_x86) #else #define IMG4_CHIP_CRYPTEX1_ASSET_X86 (img4if->i4if_v18.chip_cryptex1_asset_x86) #endif /*! * @const IMG4_CHIP_CRYPTEX1_GENERIC * A virtual coprocessor environment hosted on the AP which derives its unique * identity from the hosting AP. This chip assists in executing generic cryptex * payloads during runtime, after the host AP has booted its userspace. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20221202 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_generic; #define IMG4_CHIP_CRYPTEX1_GENERIC \ (&_img4_chip_cryptex1_generic) #else #define IMG4_CHIP_CRYPTEX1_GENERIC \ (img4if->i4if_v20.chip_cryptex1_generic) #endif /*! * @const IMG4_CHIP_CRYPTEX1_GENERIC_SUPPLEMENTAL * A virtual coprocessor environment hosted on the AP which derives its unique * identity from the hosting AP. This chip assists in executing generic cryptex * payloads during runtime, after the host AP has booted its userspace. Its * trust is rooted in a supplemental root of trust authorized by the Secure Boot * CA. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20221202 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_generic_supplemental; #define IMG4_CHIP_CRYPTEX1_GENERIC_SUPPLEMENTAL \ (&_img4_chip_cryptex1_generic_supplemental) #else #define IMG4_CHIP_CRYPTEX1_GENERIC_SUPPLEMENTAL \ (img4if->i4if_v20.chip_cryptex1_generic_supplemental) #endif /*! * @const IMG4_CHIP_CRYPTEX1_GENERIC_X86 * A virtual coprocessor environment hosted on an x86 chip. This chip assists in * executing generic cryptex payloads during runtime after the x86 chip has * booted. */ #if !XNU_KERNEL_PRIVATE IMG4_API_AVAILABLE_20221202 OS_EXPORT const img4_chip_t _img4_chip_cryptex1_generic_x86; #define IMG4_CHIP_CRYPTEX1_GENERIC_X86 \ (&_img4_chip_cryptex1_generic_x86) #else #define IMG4_CHIP_CRYPTEX1_GENERIC_X86 \ (img4if->i4if_v20.chip_cryptex1_generic_x86) #endif OS_ASSUME_PTR_ABI_SINGLE_END OS_ASSUME_NONNULL_END __END_DECLS #endif // __IMG4_CHIP_CRYPTEX1_H