xref: /xnu-10063.121.3/bsd/sys/code_signing_internal.h (revision 2c2f96dc2b9a4408a43d3150ae9c105355ca3daa) 
1 /*
2  * Copyright (c) 2022 Apple Computer, Inc. All rights reserved.
3  *
4  * @APPLE_LICENSE_HEADER_START@
5  *
6  * The contents of this file constitute Original Code as defined in and
7  * are subject to the Apple Public Source License Version 1.1 (the
8  * "License").  You may not use this file except in compliance with the
9  * License.  Please obtain a copy of the License at
10  * http://www.apple.com/publicsource and read it before using this file.
11  *
12  * This Original Code and all software distributed under the License are
13  * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
17  * License for the specific language governing rights and limitations
18  * under the License.
19  *
20  * @APPLE_LICENSE_HEADER_END@
21  */
22 
23 #ifndef _SYS_CODE_SIGNING_INTERNAL_H_
24 #define _SYS_CODE_SIGNING_INTERNAL_H_
25 
26 #include <sys/cdefs.h>
27 __BEGIN_DECLS
28 
29 #pragma GCC diagnostic push
30 #pragma GCC diagnostic ignored "-Wnullability-completeness"
31 #pragma GCC diagnostic ignored "-Wnullability-completeness-on-arrays"
32 
33 #ifdef XNU_KERNEL_PRIVATE
34 
35 #include <mach/boolean.h>
36 #include <mach/kern_return.h>
37 #include <kern/cs_blobs.h>
38 #include <vm/pmap.h>
39 #include <vm/pmap_cs.h>
40 #include <img4/firmware.h>
41 #include <libkern/image4/dlxk.h>
42 
43 #if CONFIG_SPTM
44 /* TrustedExecutionMonitor */
45 #define CODE_SIGNING_MONITOR 1
46 #define CODE_SIGNING_MONITOR_PREFIX txm
47 
48 #elif PMAP_CS_PPL_MONITOR
49 /* Page Protection Layer -- PMAP_CS */
50 #define CODE_SIGNING_MONITOR 1
51 #define CODE_SIGNING_MONITOR_PREFIX ppl
52 
53 #else
54 /* No monitor -- XNU */
55 #define CODE_SIGNING_MONITOR 0
56 #define CODE_SIGNING_MONITOR_PREFIX xnu
57 
58 #endif /* CONFIG_SPTM */
59 
60 /**
61  * This macro can be used by code which is abstracting out the concept of the code
62  * signing monitor in order to redirect calls to the correct monitor environment.
63  */
64 #define __CSM_PREFIX(prefix, name) prefix##_##name
65 #define _CSM_PREFIX(prefix, name)  __CSM_PREFIX(prefix, name)
66 #define CSM_PREFIX(name)           _CSM_PREFIX(CODE_SIGNING_MONITOR_PREFIX, name)
67 
68 void CSM_PREFIX(toggle_developer_mode)(
69 	bool state);
70 
71 void CSM_PREFIX(set_compilation_service_cdhash)(
72 	const uint8_t cdhash[CS_CDHASH_LEN]);
73 
74 bool CSM_PREFIX(match_compilation_service_cdhash)(
75 	const uint8_t cdhash[CS_CDHASH_LEN]);
76 
77 void CSM_PREFIX(set_local_signing_public_key)(
78 	const uint8_t * public_key);
79 
80 uint8_t* CSM_PREFIX(get_local_signing_public_key)(void);
81 
82 void* CSM_PREFIX(image4_storage_data)(
83 	size_t * allocated_size);
84 
85 void CSM_PREFIX(image4_set_nonce)(
86 	const img4_nonce_domain_index_t ndi,
87 	const img4_nonce_t *nonce);
88 
89 void CSM_PREFIX(image4_roll_nonce)(
90 	const img4_nonce_domain_index_t ndi);
91 
92 errno_t CSM_PREFIX(image4_copy_nonce)(
93 	const img4_nonce_domain_index_t ndi,
94 	img4_nonce_t *nonce_out);
95 
96 errno_t CSM_PREFIX(image4_execute_object)(
97 	img4_runtime_object_spec_index_t obj_spec_index,
98 	const img4_buff_t *payload,
99 	const img4_buff_t *manifest);
100 
101 errno_t CSM_PREFIX(image4_copy_object)(
102 	img4_runtime_object_spec_index_t obj_spec_index,
103 	vm_address_t object_out,
104 	size_t *object_length);
105 
106 const void* CSM_PREFIX(image4_get_monitor_exports)(void);
107 
108 errno_t CSM_PREFIX(image4_set_release_type)(
109 	const char *release_type);
110 
111 errno_t CSM_PREFIX(image4_set_bnch_shadow)(
112 	const img4_nonce_domain_index_t ndi);
113 
114 kern_return_t CSM_PREFIX(image4_transfer_region)(
115 	image4_cs_trap_t selector,
116 	vm_address_t region_addr,
117 	vm_size_t region_size);
118 
119 kern_return_t CSM_PREFIX(image4_reclaim_region)(
120 	image4_cs_trap_t selector,
121 	vm_address_t region_addr,
122 	vm_size_t region_size);
123 
124 errno_t CSM_PREFIX(image4_monitor_trap)(
125 	image4_cs_trap_t selector,
126 	const void *input_data,
127 	size_t input_size);
128 
129 #if CODE_SIGNING_MONITOR
130 /* Function prototypes needed only when we have a monitor environment */
131 
132 bool CSM_PREFIX(code_signing_enabled)(void);
133 
134 void CSM_PREFIX(enter_lockdown_mode)(void);
135 
136 vm_size_t CSM_PREFIX(managed_code_signature_size)(void);
137 
138 void CSM_PREFIX(unrestrict_local_signing_cdhash)(
139 	const uint8_t cdhash[CS_CDHASH_LEN]);
140 
141 kern_return_t CSM_PREFIX(register_provisioning_profile)(
142 	const void *profile_blob,
143 	const size_t profile_blob_size,
144 	void **profile_obj);
145 
146 kern_return_t CSM_PREFIX(unregister_provisioning_profile)(
147 	void *profile_obj);
148 
149 kern_return_t CSM_PREFIX(associate_provisioning_profile)(
150 	void *sig_obj,
151 	void *profile_obj);
152 
153 kern_return_t CSM_PREFIX(disassociate_provisioning_profile)(
154 	void *sig_obj);
155 
156 kern_return_t CSM_PREFIX(register_code_signature)(
157 	const vm_address_t signature_addr,
158 	const vm_size_t signature_size,
159 	const vm_offset_t code_directory_offset,
160 	const char *signature_path,
161 	void **sig_obj,
162 	vm_address_t *txm_signature_addr);
163 
164 kern_return_t CSM_PREFIX(unregister_code_signature)(
165 	void *sig_obj);
166 
167 kern_return_t CSM_PREFIX(verify_code_signature)(
168 	void *sig_obj);
169 
170 kern_return_t CSM_PREFIX(reconstitute_code_signature)(
171 	void *sig,
172 	vm_address_t *unneeded_addr,
173 	vm_size_t *unneeded_size);
174 
175 kern_return_t CSM_PREFIX(associate_code_signature)(
176 	pmap_t pmap,
177 	void *sig_obj,
178 	const vm_address_t region_addr,
179 	const vm_size_t region_size,
180 	const vm_offset_t region_offset);
181 
182 kern_return_t CSM_PREFIX(allow_jit_region)(
183 	pmap_t pmap);
184 
185 kern_return_t CSM_PREFIX(associate_jit_region)(
186 	pmap_t pmap,
187 	const vm_address_t region_addr,
188 	const vm_size_t region_size);
189 
190 kern_return_t CSM_PREFIX(associate_debug_region)(
191 	pmap_t pmap,
192 	const vm_address_t region_addr,
193 	const vm_size_t region_size);
194 
195 kern_return_t CSM_PREFIX(address_space_debugged)(
196 	pmap_t pmap);
197 
198 kern_return_t CSM_PREFIX(allow_invalid_code)(
199 	pmap_t pmap);
200 
201 kern_return_t CSM_PREFIX(get_trust_level_kdp)(
202 	pmap_t pmap,
203 	uint32_t *trust_level);
204 
205 kern_return_t CSM_PREFIX(address_space_exempt)(
206 	const pmap_t pmap);
207 
208 kern_return_t CSM_PREFIX(fork_prepare)(
209 	pmap_t old_pmap,
210 	pmap_t new_pmap);
211 
212 kern_return_t CSM_PREFIX(acquire_signing_identifier)(
213 	const void *sig_obj,
214 	const char **signing_id);
215 
216 kern_return_t CSM_PREFIX(associate_kernel_entitlements)(
217 	void *sig_obj,
218 	const void *kernel_entitlements);
219 
220 kern_return_t CSM_PREFIX(resolve_kernel_entitlements)(
221 	pmap_t pmap,
222 	const void **kernel_entitlements);
223 
224 kern_return_t CSM_PREFIX(accelerate_entitlements)(
225 	void *sig_obj,
226 	CEQueryContext_t *ce_ctx);
227 
228 #endif /* CODE_SIGNING_MONITOR */
229 
230 #endif /* XNU_KERNEL_PRIVATE */
231 
232 #pragma GCC diagnostic pop
233 
234 __END_DECLS
235 #endif /* _SYS_CODE_SIGNING_INTERNAL_H_ */
236