1 /* 2 * Copyright (c) 2019 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29 /*! 30 * @header 31 * Interfaces to register the AppleImage4 interface with xnu-proper to avoid a 32 * build-time layering inversion. 33 */ 34 #ifndef __IMG4_INTERFACE_H 35 #define __IMG4_INTERFACE_H 36 37 #include <os/base.h> 38 #include <sys/cdefs.h> 39 40 /* 41 * We rely on firmware.h's logic for either including sys/types.h or declaring 42 * errno_t ourselves. So when building the kernel, include firmware.h from our 43 * external headers. Avoid this inclusion if we're building AppleImage4, which 44 * will have included its own internal version of the header. 45 */ 46 #if MACH_KERNEL_PRIVATE || !_DARWIN_BUILDING_PROJECT_APPLEIMAGE4 47 #include <img4/firmware.h> 48 #include <img4/nonce.h> 49 #endif 50 51 /*! 52 * @const IMG4_INTERFACE_VERSION 53 * The version of the interface supported by the implementation. As new 54 * functions are added to the interface, this value will be incremented so that 55 * it can be tested at build-time and not require rev-locked submissions of xnu 56 * and AppleImage4. 57 */ 58 #define IMG4_INTERFACE_VERSION (20u) 59 60 /*! 61 * @typegroup 62 * Type definitions for all exported functions and constants in the AppleImage4 63 * kext. 64 */ 65 typedef const void *img4_retired_t; 66 67 typedef errno_t (*const img4_nonce_domain_copy_nonce_t)( 68 const img4_nonce_domain_t *nd, 69 img4_nonce_t *n 70 ); 71 72 typedef errno_t (*const img4_nonce_domain_roll_nonce_t)( 73 const img4_nonce_domain_t *nd 74 ); 75 76 typedef img4_chip_t *(*img4_chip_init_from_buff_t)( 77 void *buff, 78 size_t len 79 ); 80 81 typedef const img4_chip_t *(*img4_chip_select_personalized_ap_t)( 82 void 83 ); 84 85 typedef const img4_chip_t *(*img4_chip_select_effective_ap_t)( 86 void 87 ); 88 89 typedef errno_t (*img4_chip_instantiate_t)( 90 const img4_chip_t *chip, 91 img4_chip_instance_t *chip_instance 92 ); 93 94 typedef const img4_chip_t *(*img4_chip_custom_t)( 95 const img4_chip_instance_t *chip_instance, 96 img4_chip_t *chip 97 ); 98 99 typedef img4_firmware_t (*img4_firmware_new_t)( 100 const img4_runtime_t *rt, 101 const img4_firmware_execution_context_t *exec, 102 img4_4cc_t _4cc, 103 img4_buff_t *buff, 104 img4_firmware_flags_t flags 105 ); 106 107 typedef img4_firmware_t (*img4_firmware_new_from_vnode_4xnu_t)( 108 const img4_runtime_t *rt, 109 const img4_firmware_execution_context_t *exec, 110 img4_4cc_t _4cc, 111 vnode_t vn, 112 img4_firmware_flags_t flags 113 ); 114 115 typedef img4_firmware_t (*img4_firmware_init_from_buff_t)( 116 void *buff, 117 size_t len 118 ); 119 120 typedef void (*img4_firmware_init_t)( 121 img4_firmware_t fw, 122 const img4_runtime_t *rt, 123 const img4_firmware_execution_context_t *exec, 124 img4_4cc_t _4cc, 125 img4_buff_t *buff, 126 img4_firmware_flags_t flags 127 ); 128 129 typedef void (*img4_firmware_attach_manifest_t)( 130 img4_firmware_t fw, 131 img4_buff_t *buff 132 ); 133 134 typedef void (*img4_firmware_execute_t)( 135 img4_firmware_t fw, 136 const img4_chip_t *chip, 137 const img4_nonce_t *nonce 138 ); 139 140 typedef void (*img4_firmware_destroy_t)( 141 img4_firmware_t *fw 142 ); 143 144 typedef const img4_buff_t *(*img4_image_get_bytes_t)( 145 img4_image_t image 146 ); 147 148 typedef const bool *(*img4_image_get_property_bool_t)( 149 img4_image_t image, 150 img4_4cc_t _4cc, 151 bool *storage 152 ); 153 154 typedef const uint32_t *(*img4_image_get_property_uint32_t)( 155 img4_image_t image, 156 img4_4cc_t _4cc, 157 uint32_t *storage 158 ); 159 160 typedef const uint64_t *(*img4_image_get_property_uint64_t)( 161 img4_image_t image, 162 img4_4cc_t _4cc, 163 uint64_t *storage 164 ); 165 166 typedef const img4_buff_t *(*img4_image_get_property_data_t)( 167 img4_image_t image, 168 img4_4cc_t _4cc, 169 img4_buff_t *storage 170 ); 171 172 typedef void (*img4_buff_dealloc_t)( 173 img4_buff_t *buff 174 ); 175 176 typedef errno_t (*img4_firmware_evaluate_t)( 177 img4_firmware_t fw, 178 const img4_chip_t *chip, 179 const img4_nonce_t *nonce 180 ); 181 182 typedef const img4_chip_t *(*img4_firmware_select_chip_t)( 183 const img4_firmware_t fw, 184 const img4_chip_select_array_t acceptable_chips, 185 size_t acceptable_chips_cnt 186 ); 187 188 typedef const img4_runtime_object_spec_t *(*img4_runtime_find_object_spec_t)( 189 img4_4cc_t _4cc 190 ); 191 192 typedef errno_t (*img4_nonce_domain_preroll_nonce_t)( 193 const img4_nonce_domain_t *nd, 194 img4_nonce_t *n 195 ); 196 197 typedef const img4_buff_t *(*img4_get_manifest_t)( 198 const void *buff, 199 size_t len, 200 img4_buff_t *buff_storage 201 ); 202 203 typedef const img4_buff_t *(*img4_get_payload_t)( 204 const void *buff, 205 size_t len, 206 img4_buff_t *buff_storage 207 ); 208 209 typedef const img4_chip_t *(*img4_chip_get_cryptex1_boot_t)( 210 const img4_chip_t *chip 211 ); 212 213 typedef const img4_nonce_domain_t *(*img4_nonce_domain_get_from_handle_t)( 214 uint32_t handle 215 ); 216 217 typedef errno_t (*const img4_nonce_domain_peek_nonce_t)( 218 const img4_nonce_domain_t *nd, 219 img4_nonce_t *n 220 ); 221 222 typedef struct _img4_interface { 223 const uint32_t i4if_version; 224 img4_retired_t i4if_init; 225 img4_retired_t i4if_set_nonce; 226 img4_retired_t i4if_get_trusted_payload; 227 img4_retired_t i4if_get_trusted_external_payload; 228 img4_retired_t i4if_destroy; 229 img4_retired_t i4if_payload_init; 230 img4_retired_t i4if_payload_destroy; 231 img4_retired_t i4if_environment_platform; 232 img4_retired_t i4if_environment_reserved; 233 img4_retired_t i4if_environment_trust_cache; 234 struct { 235 img4_retired_t set_nonce_domain; 236 img4_nonce_domain_copy_nonce_t nonce_domain_copy_nonce; 237 img4_nonce_domain_roll_nonce_t nonce_domain_roll_nonce; 238 const img4_nonce_domain_t *nonce_domain_trust_cache; 239 } i4if_v1; 240 struct { 241 img4_retired_t payload_init_with_vnode_4xnu; 242 } i4if_v2; 243 struct { 244 const img4_nonce_domain_t *nonce_domain_pdi; 245 const img4_nonce_domain_t *nonce_domain_cryptex; 246 } i4if_v3; 247 struct { 248 img4_retired_t environment_init_identity; 249 } i4if_v4; 250 struct { 251 img4_retired_t environment_t2; 252 img4_retired_t environment_init_from_identity; 253 img4_retired_t identity_init_from_environment; 254 } i4if_v5; 255 struct { 256 img4_retired_t environment_x86; 257 } i4if_v6; 258 struct { 259 const img4_chip_t *chip_ap_sha1; 260 const img4_chip_t *chip_ap_sha2_384; 261 const img4_chip_t *chip_ap_hybrid; 262 const img4_chip_t *chip_ap_reduced; 263 const img4_chip_t *chip_ap_software_ff00; 264 const img4_chip_t *chip_ap_software_ff01; 265 const img4_chip_t *chip_x86; 266 const img4_chip_t *chip_x86_software_8012; 267 img4_chip_init_from_buff_t chip_init_from_buff; 268 img4_chip_select_personalized_ap_t chip_select_personalized_ap; 269 img4_chip_select_effective_ap_t chip_select_effective_ap; 270 img4_chip_instantiate_t chip_instantiate; 271 img4_chip_custom_t chip_custom; 272 img4_firmware_new_t firmware_new; 273 img4_firmware_new_from_vnode_4xnu_t firmware_new_from_vnode_4xnu; 274 img4_firmware_init_from_buff_t firmware_init_from_buff; 275 img4_firmware_init_t firmware_init; 276 img4_firmware_attach_manifest_t firmware_attach_manifest; 277 img4_firmware_execute_t firmware_execute; 278 img4_firmware_destroy_t firmware_destroy; 279 img4_image_get_bytes_t image_get_bytes; 280 img4_image_get_property_bool_t image_get_property_bool; 281 img4_image_get_property_uint32_t image_get_property_uint32; 282 img4_image_get_property_uint64_t image_get_property_uint64; 283 img4_image_get_property_data_t image_get_property_data; 284 const img4_object_spec_t *firmware_spec; 285 const img4_object_spec_t *chip_spec; 286 const img4_runtime_t *runtime_default; 287 const img4_runtime_t *runtime_pmap_cs; 288 img4_buff_dealloc_t buff_dealloc; 289 } i4if_v7; 290 struct { 291 const img4_chip_t *chip_ap_permissive; 292 const img4_chip_t *chip_ap_hybrid_medium; 293 const img4_chip_t *chip_ap_hybrid_relaxed; 294 } i4if_v8; 295 struct { 296 img4_firmware_evaluate_t firmware_evaluate; 297 } i4if_v9; 298 struct { 299 img4_firmware_select_chip_t firmware_select_chip; 300 } i4if_v10; 301 struct { 302 // The following fields are ultimately going to be NULL and unused due 303 // to development churn 304 // 305 // chip_ap_datacenter_development 306 // chip_ap_category 307 // chip_ap_ddi 308 // chip_ap_developer_disk_image 309 const img4_chip_t *chip_ap_datacenter_development; 310 const img4_chip_t *chip_ap_intransigent; 311 const img4_chip_t *chip_ap_category; 312 const img4_chip_t *chip_ap_ddi; 313 const img4_chip_t *chip_ap_developer_disk_image; 314 const img4_chip_t *chip_ap_software_ff06; 315 const img4_chip_t *chip_ap_supplemental; 316 const img4_runtime_object_spec_t *runtime_object_spec_supplemental_root; 317 img4_runtime_find_object_spec_t runtime_find_object_spec; 318 img4_runtime_execute_object_t runtime_execute_object; 319 img4_runtime_copy_object_t runtime_copy_object; 320 } i4if_v11; 321 struct { 322 const img4_nonce_domain_t *nonce_domain_ddi; 323 const img4_nonce_domain_t *nonce_domain_ephemeral_cryptex; 324 const img4_chip_t *chip_ap_category_ff02; 325 const img4_chip_t *chip_ap_category_ff03; 326 const img4_chip_t *chip_ap_category_ff04_f0; 327 const img4_chip_t *chip_ap_category_ff04_f1; 328 const img4_chip_t *chip_ap_category_ff04_f2; 329 const img4_chip_t *chip_ap_category_ff04_f3; 330 img4_chip_select_personalized_ap_t chip_select_categorized_ap; 331 } i4if_v12; 332 struct { 333 const img4_chip_t *chip_ap_vma2; 334 const img4_chip_t *chip_ap_vma2_clone; 335 const img4_object_spec_t *pmap_data_spec; 336 } i4if_v13; 337 struct { 338 img4_nonce_domain_preroll_nonce_t nonce_domain_preroll_nonce; 339 } i4if_v14; 340 struct { 341 img4_get_manifest_t get_manifest; 342 img4_get_payload_t get_payload; 343 } i4if_v15; 344 struct { 345 img4_chip_select_personalized_ap_t chip_select_personalized_sep; 346 const img4_nonce_domain_t *nonce_domain_cryptex1_boot; 347 const img4_nonce_domain_t *nonce_domain_cryptex1_asset; 348 } i4if_v16; 349 struct { 350 img4_chip_select_personalized_ap_t chip_select_cryptex1_boot; 351 img4_chip_select_personalized_ap_t chip_select_cryptex1_preboot; 352 const img4_chip_t *chip_cryptex1_boot; 353 const img4_chip_t *chip_cryptex1_boot_reduced; 354 const img4_chip_t *chip_cryptex1_boot_x86; 355 const img4_chip_t *chip_cryptex1_boot_vma2; 356 const img4_chip_t *chip_cryptex1_preboot; 357 const img4_chip_t *chip_cryptex1_preboot_reduced; 358 const img4_chip_t *chip_cryptex1_preboot_x86; 359 const img4_chip_t *chip_cryptex1_preboot_vma2; 360 const img4_chip_t *chip_cryptex1_asset; 361 } i4if_v17; 362 struct { 363 const img4_nonce_domain_t *nonce_domain_cryptex1_snuf_stub; 364 const img4_chip_t *chip_cryptex1_asset_x86; 365 const img4_chip_t *chip_cryptex1_boot_proposal; 366 const img4_chip_t *chip_cryptex1_boot_reduced_proposal; 367 const img4_chip_t *chip_cryptex1_boot_vma2_proposal; 368 const img4_chip_t *chip_cryptex1_boot_vma2_clone_proposal; 369 img4_chip_get_cryptex1_boot_t chip_get_cryptex1_boot; 370 img4_chip_get_cryptex1_boot_t chip_get_cryptex1_boot_proposal; 371 img4_image_get_property_bool_t image_get_entitlement_bool; 372 img4_image_get_property_uint32_t image_get_entitlement_uint32; 373 img4_image_get_property_uint64_t image_get_entitlement_uint64; 374 img4_image_get_property_data_t image_get_entitlement_data; 375 const img4_runtime_object_spec_t *runtime_object_spec_local_policy; 376 const img4_chip_t *chip_ap_local_blessed; 377 } i4if_v18; 378 struct { 379 img4_nonce_domain_peek_nonce_t nonce_domain_peek_nonce; 380 const img4_chip_t *chip_cryptex1_boot_relaxed_x86; 381 const img4_chip_t *chip_cryptex1_preboot_relaxed_x86; 382 const img4_chip_t *chip_cryptex1_boot_static_x86; 383 const img4_chip_t *chip_cryptex1_preboot_static_x86; 384 } i4if_v19; 385 struct { 386 img4_nonce_domain_get_from_handle_t nonce_domain_get_from_handle; 387 const img4_chip_t *chip_cryptex1_generic; 388 const img4_chip_t *chip_cryptex1_generic_supplemental; 389 const img4_chip_t *chip_cryptex1_generic_x86; 390 } i4if_v20; 391 } img4_interface_t; 392 393 __BEGIN_DECLS 394 395 /*! 396 * @const img4if 397 * The AppleImage4 interface that was registered. 398 */ 399 extern const img4_interface_t * img4if; 400 401 /*! 402 * @function img4_interface_register 403 * Registers the AppleImage4 kext interface for use within the kernel proper. 404 * 405 * @param i4 406 * The interface to register. 407 * 408 * @discussion 409 * This routine may only be called once and must be called before late-const has 410 * been applied to kernel memory. 411 */ 412 OS_EXPORT OS_NONNULL1 413 void 414 img4_interface_register(const img4_interface_t *i4); 415 416 __END_DECLS 417 418 #endif // __IMG4_INTERFACE_H 419