1 /* 2 * Copyright (c) 2021-22 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 #ifndef _GRAFTDMG_UN_ 29 #define _GRAFTDMG_UN_ 30 31 #include <sys/_types/_u_int8_t.h> 32 #include <sys/_types/_u_int64_t.h> 33 #include <sys/_types/_u_int32_t.h> 34 35 #define GRAFTDMG_SECURE_BOOT_CRYPTEX_ARGS_VERSION 1 36 #define MAX_GRAFT_ARGS_SIZE 512 37 38 /* Flag values for secure_boot_cryptex_args.sbc_flags */ 39 #define SBC_PRESERVE_MOUNT 0x0001 /* Preserve underlying mount until shutdown */ 40 #define SBC_ALTERNATE_SHARED_REGION 0x0002 /* Binaries within should use alternate shared region */ 41 #define SBC_SYSTEM_CONTENT 0x0004 /* Cryptex contains system content */ 42 #define SBC_PANIC_ON_AUTHFAIL 0x0008 /* On failure to authenticate, panic */ 43 #define SBC_STRICT_AUTH 0x0010 /* Strict authentication mode */ 44 #define SBC_PRESERVE_GRAFT 0x0020 /* Preserve graft itself until unmount */ 45 46 typedef struct secure_boot_cryptex_args { 47 u_int32_t sbc_version; 48 u_int32_t sbc_4cc; 49 int sbc_authentic_manifest_fd; 50 int sbc_user_manifest_fd; 51 int sbc_payload_fd; 52 u_int64_t sbc_flags; 53 } __attribute__((aligned(4), packed)) secure_boot_cryptex_args_t; 54 55 typedef union graft_args { 56 u_int8_t max_size[MAX_GRAFT_ARGS_SIZE]; 57 secure_boot_cryptex_args_t sbc_args; 58 } graftdmg_args_un; 59 60 #endif /* _GRAFTDMG_UN_ */ 61