1*33de042dSApple OSS Distributions /* 2*33de042dSApple OSS Distributions * Copyright (c) 2017 Apple Computer, Inc. All rights reserved. 3*33de042dSApple OSS Distributions * 4*33de042dSApple OSS Distributions * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5*33de042dSApple OSS Distributions * 6*33de042dSApple OSS Distributions * This file contains Original Code and/or Modifications of Original Code 7*33de042dSApple OSS Distributions * as defined in and that are subject to the Apple Public Source License 8*33de042dSApple OSS Distributions * Version 2.0 (the 'License'). You may not use this file except in 9*33de042dSApple OSS Distributions * compliance with the License. The rights granted to you under the License 10*33de042dSApple OSS Distributions * may not be used to create, or enable the creation or redistribution of, 11*33de042dSApple OSS Distributions * unlawful or unlicensed copies of an Apple operating system, or to 12*33de042dSApple OSS Distributions * circumvent, violate, or enable the circumvention or violation of, any 13*33de042dSApple OSS Distributions * terms of an Apple operating system software license agreement. 14*33de042dSApple OSS Distributions * 15*33de042dSApple OSS Distributions * Please obtain a copy of the License at 16*33de042dSApple OSS Distributions * http://www.opensource.apple.com/apsl/ and read it before using this file. 17*33de042dSApple OSS Distributions * 18*33de042dSApple OSS Distributions * The Original Code and all software distributed under the License are 19*33de042dSApple OSS Distributions * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20*33de042dSApple OSS Distributions * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21*33de042dSApple OSS Distributions * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22*33de042dSApple OSS Distributions * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23*33de042dSApple OSS Distributions * Please see the License for the specific language governing rights and 24*33de042dSApple OSS Distributions * limitations under the License. 25*33de042dSApple OSS Distributions * 26*33de042dSApple OSS Distributions * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27*33de042dSApple OSS Distributions */ 28*33de042dSApple OSS Distributions 29*33de042dSApple OSS Distributions #ifndef _KERN_CODESIGN_H_ 30*33de042dSApple OSS Distributions #define _KERN_CODESIGN_H_ 31*33de042dSApple OSS Distributions 32*33de042dSApple OSS Distributions #include <stdint.h> 33*33de042dSApple OSS Distributions #include <string.h> 34*33de042dSApple OSS Distributions 35*33de042dSApple OSS Distributions /* code signing attributes of a process */ 36*33de042dSApple OSS Distributions #define CS_VALID 0x00000001 /* dynamically valid */ 37*33de042dSApple OSS Distributions #define CS_ADHOC 0x00000002 /* ad hoc signed */ 38*33de042dSApple OSS Distributions #define CS_GET_TASK_ALLOW 0x00000004 /* has get-task-allow entitlement */ 39*33de042dSApple OSS Distributions #define CS_INSTALLER 0x00000008 /* has installer entitlement */ 40*33de042dSApple OSS Distributions 41*33de042dSApple OSS Distributions #define CS_FORCED_LV 0x00000010 /* Library Validation required by Hardened System Policy */ 42*33de042dSApple OSS Distributions #define CS_INVALID_ALLOWED 0x00000020 /* (macOS Only) Page invalidation allowed by task port policy */ 43*33de042dSApple OSS Distributions 44*33de042dSApple OSS Distributions #define CS_HARD 0x00000100 /* don't load invalid pages */ 45*33de042dSApple OSS Distributions #define CS_KILL 0x00000200 /* kill process if it becomes invalid */ 46*33de042dSApple OSS Distributions #define CS_CHECK_EXPIRATION 0x00000400 /* force expiration checking */ 47*33de042dSApple OSS Distributions #define CS_RESTRICT 0x00000800 /* tell dyld to treat restricted */ 48*33de042dSApple OSS Distributions 49*33de042dSApple OSS Distributions #define CS_ENFORCEMENT 0x00001000 /* require enforcement */ 50*33de042dSApple OSS Distributions #define CS_REQUIRE_LV 0x00002000 /* require library validation */ 51*33de042dSApple OSS Distributions #define CS_ENTITLEMENTS_VALIDATED 0x00004000 /* code signature permits restricted entitlements */ 52*33de042dSApple OSS Distributions #define CS_NVRAM_UNRESTRICTED 0x00008000 /* has com.apple.rootless.restricted-nvram-variables.heritable entitlement */ 53*33de042dSApple OSS Distributions 54*33de042dSApple OSS Distributions #define CS_RUNTIME 0x00010000 /* Apply hardened runtime policies */ 55*33de042dSApple OSS Distributions #define CS_LINKER_SIGNED 0x00020000 /* Automatically signed by the linker */ 56*33de042dSApple OSS Distributions 57*33de042dSApple OSS Distributions #define CS_ALLOWED_MACHO (CS_ADHOC | CS_HARD | CS_KILL | CS_CHECK_EXPIRATION | \ 58*33de042dSApple OSS Distributions CS_RESTRICT | CS_ENFORCEMENT | CS_REQUIRE_LV | CS_RUNTIME | CS_LINKER_SIGNED) 59*33de042dSApple OSS Distributions 60*33de042dSApple OSS Distributions #define CS_EXEC_SET_HARD 0x00100000 /* set CS_HARD on any exec'ed process */ 61*33de042dSApple OSS Distributions #define CS_EXEC_SET_KILL 0x00200000 /* set CS_KILL on any exec'ed process */ 62*33de042dSApple OSS Distributions #define CS_EXEC_SET_ENFORCEMENT 0x00400000 /* set CS_ENFORCEMENT on any exec'ed process */ 63*33de042dSApple OSS Distributions #define CS_EXEC_INHERIT_SIP 0x00800000 /* set CS_INSTALLER on any exec'ed process */ 64*33de042dSApple OSS Distributions 65*33de042dSApple OSS Distributions #define CS_KILLED 0x01000000 /* was killed by kernel for invalidity */ 66*33de042dSApple OSS Distributions #define CS_NO_UNTRUSTED_HELPERS 0x02000000 /* kernel did not load a non-platform-binary dyld or Rosetta runtime */ 67*33de042dSApple OSS Distributions #define CS_DYLD_PLATFORM CS_NO_UNTRUSTED_HELPERS /* old name */ 68*33de042dSApple OSS Distributions #define CS_PLATFORM_BINARY 0x04000000 /* this is a platform binary */ 69*33de042dSApple OSS Distributions #define CS_PLATFORM_PATH 0x08000000 /* platform binary by the fact of path (osx only) */ 70*33de042dSApple OSS Distributions 71*33de042dSApple OSS Distributions #define CS_DEBUGGED 0x10000000 /* process is currently or has previously been debugged and allowed to run with invalid pages */ 72*33de042dSApple OSS Distributions #define CS_SIGNED 0x20000000 /* process has a signature (may have gone invalid) */ 73*33de042dSApple OSS Distributions #define CS_DEV_CODE 0x40000000 /* code is dev signed, cannot be loaded into prod signed code (will go away with rdar://problem/28322552) */ 74*33de042dSApple OSS Distributions #define CS_DATAVAULT_CONTROLLER 0x80000000 /* has Data Vault controller entitlement */ 75*33de042dSApple OSS Distributions 76*33de042dSApple OSS Distributions #define CS_ENTITLEMENT_FLAGS (CS_GET_TASK_ALLOW | CS_INSTALLER | CS_DATAVAULT_CONTROLLER | CS_NVRAM_UNRESTRICTED) 77*33de042dSApple OSS Distributions 78*33de042dSApple OSS Distributions /* executable segment flags */ 79*33de042dSApple OSS Distributions 80*33de042dSApple OSS Distributions #define CS_EXECSEG_MAIN_BINARY 0x1 /* executable segment denotes main binary */ 81*33de042dSApple OSS Distributions #define CS_EXECSEG_ALLOW_UNSIGNED 0x10 /* allow unsigned pages (for debugging) */ 82*33de042dSApple OSS Distributions #define CS_EXECSEG_DEBUGGER 0x20 /* main binary is debugger */ 83*33de042dSApple OSS Distributions #define CS_EXECSEG_JIT 0x40 /* JIT enabled */ 84*33de042dSApple OSS Distributions #define CS_EXECSEG_SKIP_LV 0x80 /* OBSOLETE: skip library validation */ 85*33de042dSApple OSS Distributions #define CS_EXECSEG_CAN_LOAD_CDHASH 0x100 /* can bless cdhash for execution */ 86*33de042dSApple OSS Distributions #define CS_EXECSEG_CAN_EXEC_CDHASH 0x200 /* can execute blessed cdhash */ 87*33de042dSApple OSS Distributions 88*33de042dSApple OSS Distributions /* 89*33de042dSApple OSS Distributions * Magic numbers used by Code Signing 90*33de042dSApple OSS Distributions */ 91*33de042dSApple OSS Distributions enum { 92*33de042dSApple OSS Distributions CSMAGIC_REQUIREMENT = 0xfade0c00, /* single Requirement blob */ 93*33de042dSApple OSS Distributions CSMAGIC_REQUIREMENTS = 0xfade0c01, /* Requirements vector (internal requirements) */ 94*33de042dSApple OSS Distributions CSMAGIC_CODEDIRECTORY = 0xfade0c02, /* CodeDirectory blob */ 95*33de042dSApple OSS Distributions CSMAGIC_EMBEDDED_SIGNATURE = 0xfade0cc0, /* embedded form of signature data */ 96*33de042dSApple OSS Distributions CSMAGIC_EMBEDDED_SIGNATURE_OLD = 0xfade0b02, /* XXX */ 97*33de042dSApple OSS Distributions CSMAGIC_EMBEDDED_ENTITLEMENTS = 0xfade7171, /* embedded entitlements */ 98*33de042dSApple OSS Distributions CSMAGIC_EMBEDDED_DER_ENTITLEMENTS = 0xfade7172, /* embedded DER encoded entitlements */ 99*33de042dSApple OSS Distributions CSMAGIC_DETACHED_SIGNATURE = 0xfade0cc1, /* multi-arch collection of embedded signatures */ 100*33de042dSApple OSS Distributions CSMAGIC_BLOBWRAPPER = 0xfade0b01, /* CMS Signature, among other things */ 101*33de042dSApple OSS Distributions CSMAGIC_EMBEDDED_LAUNCH_CONSTRAINT = 0xfade8181, /* Light weight code requirement */ 102*33de042dSApple OSS Distributions 103*33de042dSApple OSS Distributions CS_SUPPORTSSCATTER = 0x20100, 104*33de042dSApple OSS Distributions CS_SUPPORTSTEAMID = 0x20200, 105*33de042dSApple OSS Distributions CS_SUPPORTSCODELIMIT64 = 0x20300, 106*33de042dSApple OSS Distributions CS_SUPPORTSEXECSEG = 0x20400, 107*33de042dSApple OSS Distributions CS_SUPPORTSRUNTIME = 0x20500, 108*33de042dSApple OSS Distributions CS_SUPPORTSLINKAGE = 0x20600, 109*33de042dSApple OSS Distributions 110*33de042dSApple OSS Distributions CSSLOT_CODEDIRECTORY = 0, /* slot index for CodeDirectory */ 111*33de042dSApple OSS Distributions CSSLOT_INFOSLOT = 1, 112*33de042dSApple OSS Distributions CSSLOT_REQUIREMENTS = 2, 113*33de042dSApple OSS Distributions CSSLOT_RESOURCEDIR = 3, 114*33de042dSApple OSS Distributions CSSLOT_APPLICATION = 4, 115*33de042dSApple OSS Distributions CSSLOT_ENTITLEMENTS = 5, 116*33de042dSApple OSS Distributions CSSLOT_DER_ENTITLEMENTS = 7, 117*33de042dSApple OSS Distributions CSSLOT_LAUNCH_CONSTRAINT_SELF = 8, 118*33de042dSApple OSS Distributions CSSLOT_LAUNCH_CONSTRAINT_PARENT = 9, 119*33de042dSApple OSS Distributions CSSLOT_LAUNCH_CONSTRAINT_RESPONSIBLE = 10, 120*33de042dSApple OSS Distributions CSSLOT_LIBRARY_CONSTRAINT = 11, 121*33de042dSApple OSS Distributions 122*33de042dSApple OSS Distributions CSSLOT_ALTERNATE_CODEDIRECTORIES = 0x1000, /* first alternate CodeDirectory, if any */ 123*33de042dSApple OSS Distributions CSSLOT_ALTERNATE_CODEDIRECTORY_MAX = 5, /* max number of alternate CD slots */ 124*33de042dSApple OSS Distributions CSSLOT_ALTERNATE_CODEDIRECTORY_LIMIT = CSSLOT_ALTERNATE_CODEDIRECTORIES + CSSLOT_ALTERNATE_CODEDIRECTORY_MAX, /* one past the last */ 125*33de042dSApple OSS Distributions 126*33de042dSApple OSS Distributions CSSLOT_SIGNATURESLOT = 0x10000, /* CMS Signature */ 127*33de042dSApple OSS Distributions CSSLOT_IDENTIFICATIONSLOT = 0x10001, 128*33de042dSApple OSS Distributions CSSLOT_TICKETSLOT = 0x10002, 129*33de042dSApple OSS Distributions 130*33de042dSApple OSS Distributions CSTYPE_INDEX_REQUIREMENTS = 0x00000002, /* compat with amfi */ 131*33de042dSApple OSS Distributions CSTYPE_INDEX_ENTITLEMENTS = 0x00000005, /* compat with amfi */ 132*33de042dSApple OSS Distributions 133*33de042dSApple OSS Distributions CS_HASHTYPE_SHA1 = 1, 134*33de042dSApple OSS Distributions CS_HASHTYPE_SHA256 = 2, 135*33de042dSApple OSS Distributions CS_HASHTYPE_SHA256_TRUNCATED = 3, 136*33de042dSApple OSS Distributions CS_HASHTYPE_SHA384 = 4, 137*33de042dSApple OSS Distributions 138*33de042dSApple OSS Distributions CS_SHA1_LEN = 20, 139*33de042dSApple OSS Distributions CS_SHA256_LEN = 32, 140*33de042dSApple OSS Distributions CS_SHA256_TRUNCATED_LEN = 20, 141*33de042dSApple OSS Distributions 142*33de042dSApple OSS Distributions CS_CDHASH_LEN = 20, /* always - larger hashes are truncated */ 143*33de042dSApple OSS Distributions CS_HASH_MAX_SIZE = 48, /* max size of the hash we'll support */ 144*33de042dSApple OSS Distributions 145*33de042dSApple OSS Distributions /* 146*33de042dSApple OSS Distributions * Currently only to support Legacy VPN plugins, and Mac App Store 147*33de042dSApple OSS Distributions * but intended to replace all the various platform code, dev code etc. bits. 148*33de042dSApple OSS Distributions */ 149*33de042dSApple OSS Distributions CS_SIGNER_TYPE_UNKNOWN = 0, 150*33de042dSApple OSS Distributions CS_SIGNER_TYPE_LEGACYVPN = 5, 151*33de042dSApple OSS Distributions CS_SIGNER_TYPE_MAC_APP_STORE = 6, 152*33de042dSApple OSS Distributions 153*33de042dSApple OSS Distributions CS_SUPPL_SIGNER_TYPE_UNKNOWN = 0, 154*33de042dSApple OSS Distributions CS_SUPPL_SIGNER_TYPE_TRUSTCACHE = 7, 155*33de042dSApple OSS Distributions CS_SUPPL_SIGNER_TYPE_LOCAL = 8, 156*33de042dSApple OSS Distributions 157*33de042dSApple OSS Distributions CS_SIGNER_TYPE_OOPJIT = 9, 158*33de042dSApple OSS Distributions 159*33de042dSApple OSS Distributions /* Validation categories used for trusted launch environment */ 160*33de042dSApple OSS Distributions CS_VALIDATION_CATEGORY_INVALID = 0, 161*33de042dSApple OSS Distributions CS_VALIDATION_CATEGORY_PLATFORM = 1, 162*33de042dSApple OSS Distributions CS_VALIDATION_CATEGORY_TESTFLIGHT = 2, 163*33de042dSApple OSS Distributions CS_VALIDATION_CATEGORY_DEVELOPMENT = 3, 164*33de042dSApple OSS Distributions CS_VALIDATION_CATEGORY_APP_STORE = 4, 165*33de042dSApple OSS Distributions CS_VALIDATION_CATEGORY_ENTERPRISE = 5, 166*33de042dSApple OSS Distributions CS_VALIDATION_CATEGORY_DEVELOPER_ID = 6, 167*33de042dSApple OSS Distributions CS_VALIDATION_CATEGORY_LOCAL_SIGNING = 7, 168*33de042dSApple OSS Distributions CS_VALIDATION_CATEGORY_ROSETTA = 8, 169*33de042dSApple OSS Distributions CS_VALIDATION_CATEGORY_OOPJIT = 9, 170*33de042dSApple OSS Distributions CS_VALIDATION_CATEGORY_NONE = 10, 171*33de042dSApple OSS Distributions }; 172*33de042dSApple OSS Distributions 173*33de042dSApple OSS Distributions /* The set of application types we support for linkage signatures */ 174*33de042dSApple OSS Distributions enum { 175*33de042dSApple OSS Distributions CS_LINKAGE_APPLICATION_INVALID = 0, 176*33de042dSApple OSS Distributions CS_LINKAGE_APPLICATION_ROSETTA = 1, 177*33de042dSApple OSS Distributions 178*33de042dSApple OSS Distributions /* XOJIT has been renamed to OOP-JIT */ 179*33de042dSApple OSS Distributions CS_LINKAGE_APPLICATION_XOJIT = 2, 180*33de042dSApple OSS Distributions CS_LINKAGE_APPLICATION_OOPJIT = 2, 181*33de042dSApple OSS Distributions }; 182*33de042dSApple OSS Distributions 183*33de042dSApple OSS Distributions /* The set of application sub-types we support for linkage signatures */ 184*33de042dSApple OSS Distributions enum { 185*33de042dSApple OSS Distributions /* 186*33de042dSApple OSS Distributions * For backwards compatibility with older signatures, the AOT sub-type is kept 187*33de042dSApple OSS Distributions * as 0. 188*33de042dSApple OSS Distributions */ 189*33de042dSApple OSS Distributions CS_LINKAGE_APPLICATION_ROSETTA_AOT = 0, 190*33de042dSApple OSS Distributions 191*33de042dSApple OSS Distributions /* OOP-JIT sub-types -- XOJIT type kept for external dependencies */ 192*33de042dSApple OSS Distributions CS_LINKAGE_APPLICATION_XOJIT_PREVIEWS = 1, 193*33de042dSApple OSS Distributions CS_LINKAGE_APPLICATION_OOPJIT_INVALID = 0, 194*33de042dSApple OSS Distributions CS_LINKAGE_APPLICATION_OOPJIT_PREVIEWS = 1, 195*33de042dSApple OSS Distributions CS_LINKAGE_APPLICATION_OOPJIT_MLCOMPILER = 2, 196*33de042dSApple OSS Distributions CS_LINKAGE_APPLICATION_OOPJIT_TOTAL, 197*33de042dSApple OSS Distributions }; 198*33de042dSApple OSS Distributions 199*33de042dSApple OSS Distributions /* Integer to string conversion of OOP-JIT types */ 200*33de042dSApple OSS Distributions static const char *oop_jit_conversion[CS_LINKAGE_APPLICATION_OOPJIT_TOTAL] = { 201*33de042dSApple OSS Distributions [CS_LINKAGE_APPLICATION_OOPJIT_INVALID] = NULL, 202*33de042dSApple OSS Distributions [CS_LINKAGE_APPLICATION_OOPJIT_PREVIEWS] = "previews", 203*33de042dSApple OSS Distributions [CS_LINKAGE_APPLICATION_OOPJIT_MLCOMPILER] = "ml-compiler", 204*33de042dSApple OSS Distributions }; 205*33de042dSApple OSS Distributions 206*33de042dSApple OSS Distributions #define KERNEL_HAVE_CS_CODEDIRECTORY 1 207*33de042dSApple OSS Distributions #define KERNEL_CS_CODEDIRECTORY_HAVE_PLATFORM 1 208*33de042dSApple OSS Distributions 209*33de042dSApple OSS Distributions /* 210*33de042dSApple OSS Distributions * C form of a CodeDirectory. 211*33de042dSApple OSS Distributions */ 212*33de042dSApple OSS Distributions typedef struct __CodeDirectory { 213*33de042dSApple OSS Distributions uint32_t magic; /* magic number (CSMAGIC_CODEDIRECTORY) */ 214*33de042dSApple OSS Distributions uint32_t length; /* total length of CodeDirectory blob */ 215*33de042dSApple OSS Distributions uint32_t version; /* compatibility version */ 216*33de042dSApple OSS Distributions uint32_t flags; /* setup and mode flags */ 217*33de042dSApple OSS Distributions uint32_t hashOffset; /* offset of hash slot element at index zero */ 218*33de042dSApple OSS Distributions uint32_t identOffset; /* offset of identifier string */ 219*33de042dSApple OSS Distributions uint32_t nSpecialSlots; /* number of special hash slots */ 220*33de042dSApple OSS Distributions uint32_t nCodeSlots; /* number of ordinary (code) hash slots */ 221*33de042dSApple OSS Distributions uint32_t codeLimit; /* limit to main image signature range */ 222*33de042dSApple OSS Distributions uint8_t hashSize; /* size of each hash in bytes */ 223*33de042dSApple OSS Distributions uint8_t hashType; /* type of hash (cdHashType* constants) */ 224*33de042dSApple OSS Distributions uint8_t platform; /* platform identifier; zero if not platform binary */ 225*33de042dSApple OSS Distributions uint8_t pageSize; /* log2(page size in bytes); 0 => infinite */ 226*33de042dSApple OSS Distributions uint32_t spare2; /* unused (must be zero) */ 227*33de042dSApple OSS Distributions 228*33de042dSApple OSS Distributions char end_earliest[0]; 229*33de042dSApple OSS Distributions 230*33de042dSApple OSS Distributions /* Version 0x20100 */ 231*33de042dSApple OSS Distributions uint32_t scatterOffset; /* offset of optional scatter vector */ 232*33de042dSApple OSS Distributions char end_withScatter[0]; 233*33de042dSApple OSS Distributions 234*33de042dSApple OSS Distributions /* Version 0x20200 */ 235*33de042dSApple OSS Distributions uint32_t teamOffset; /* offset of optional team identifier */ 236*33de042dSApple OSS Distributions char end_withTeam[0]; 237*33de042dSApple OSS Distributions 238*33de042dSApple OSS Distributions /* Version 0x20300 */ 239*33de042dSApple OSS Distributions uint32_t spare3; /* unused (must be zero) */ 240*33de042dSApple OSS Distributions uint64_t codeLimit64; /* limit to main image signature range, 64 bits */ 241*33de042dSApple OSS Distributions char end_withCodeLimit64[0]; 242*33de042dSApple OSS Distributions 243*33de042dSApple OSS Distributions /* Version 0x20400 */ 244*33de042dSApple OSS Distributions uint64_t execSegBase; /* offset of executable segment */ 245*33de042dSApple OSS Distributions uint64_t execSegLimit; /* limit of executable segment */ 246*33de042dSApple OSS Distributions uint64_t execSegFlags; /* executable segment flags */ 247*33de042dSApple OSS Distributions char end_withExecSeg[0]; 248*33de042dSApple OSS Distributions 249*33de042dSApple OSS Distributions /* Version 0x20500 */ 250*33de042dSApple OSS Distributions uint32_t runtime; 251*33de042dSApple OSS Distributions uint32_t preEncryptOffset; 252*33de042dSApple OSS Distributions char end_withPreEncryptOffset[0]; 253*33de042dSApple OSS Distributions 254*33de042dSApple OSS Distributions /* Version 0x20600 */ 255*33de042dSApple OSS Distributions uint8_t linkageHashType; 256*33de042dSApple OSS Distributions uint8_t linkageApplicationType; 257*33de042dSApple OSS Distributions uint16_t linkageApplicationSubType; 258*33de042dSApple OSS Distributions uint32_t linkageOffset; 259*33de042dSApple OSS Distributions uint32_t linkageSize; 260*33de042dSApple OSS Distributions char end_withLinkage[0]; 261*33de042dSApple OSS Distributions 262*33de042dSApple OSS Distributions /* followed by dynamic content as located by offset fields above */ 263*33de042dSApple OSS Distributions } CS_CodeDirectory 264*33de042dSApple OSS Distributions __attribute__ ((aligned(1))); 265*33de042dSApple OSS Distributions 266*33de042dSApple OSS Distributions /* 267*33de042dSApple OSS Distributions * Structure of an embedded-signature SuperBlob 268*33de042dSApple OSS Distributions */ 269*33de042dSApple OSS Distributions 270*33de042dSApple OSS Distributions typedef struct __BlobIndex { 271*33de042dSApple OSS Distributions uint32_t type; /* type of entry */ 272*33de042dSApple OSS Distributions uint32_t offset; /* offset of entry */ 273*33de042dSApple OSS Distributions } CS_BlobIndex 274*33de042dSApple OSS Distributions __attribute__ ((aligned(1))); 275*33de042dSApple OSS Distributions 276*33de042dSApple OSS Distributions typedef struct __SC_SuperBlob { 277*33de042dSApple OSS Distributions uint32_t magic; /* magic number */ 278*33de042dSApple OSS Distributions uint32_t length; /* total length of SuperBlob */ 279*33de042dSApple OSS Distributions uint32_t count; /* number of index entries following */ 280*33de042dSApple OSS Distributions CS_BlobIndex index[]; /* (count) entries */ 281*33de042dSApple OSS Distributions /* followed by Blobs in no particular order as indicated by offsets in index */ 282*33de042dSApple OSS Distributions } CS_SuperBlob 283*33de042dSApple OSS Distributions __attribute__ ((aligned(1))); 284*33de042dSApple OSS Distributions 285*33de042dSApple OSS Distributions #define KERNEL_HAVE_CS_GENERICBLOB 1 286*33de042dSApple OSS Distributions typedef struct __SC_GenericBlob { 287*33de042dSApple OSS Distributions uint32_t magic; /* magic number */ 288*33de042dSApple OSS Distributions uint32_t length; /* total length of blob */ 289*33de042dSApple OSS Distributions char data[]; 290*33de042dSApple OSS Distributions } CS_GenericBlob 291*33de042dSApple OSS Distributions __attribute__ ((aligned(1))); 292*33de042dSApple OSS Distributions 293*33de042dSApple OSS Distributions typedef struct __SC_Scatter { 294*33de042dSApple OSS Distributions uint32_t count; // number of pages; zero for sentinel (only) 295*33de042dSApple OSS Distributions uint32_t base; // first page number 296*33de042dSApple OSS Distributions uint64_t targetOffset; // offset in target 297*33de042dSApple OSS Distributions uint64_t spare; // reserved 298*33de042dSApple OSS Distributions } SC_Scatter 299*33de042dSApple OSS Distributions __attribute__ ((aligned(1))); 300*33de042dSApple OSS Distributions 301*33de042dSApple OSS Distributions 302*33de042dSApple OSS Distributions /* 303*33de042dSApple OSS Distributions * Defined launch types 304*33de042dSApple OSS Distributions */ 305*33de042dSApple OSS Distributions __enum_decl(cs_launch_type_t, uint8_t, { 306*33de042dSApple OSS Distributions CS_LAUNCH_TYPE_NONE = 0, 307*33de042dSApple OSS Distributions CS_LAUNCH_TYPE_SYSTEM_SERVICE = 1, 308*33de042dSApple OSS Distributions CS_LAUNCH_TYPE_SYSDIAGNOSE = 2, 309*33de042dSApple OSS Distributions CS_LAUNCH_TYPE_APPLICATION = 3, 310*33de042dSApple OSS Distributions }); 311*33de042dSApple OSS Distributions 312*33de042dSApple OSS Distributions struct launch_constraint_data { 313*33de042dSApple OSS Distributions cs_launch_type_t launch_type; 314*33de042dSApple OSS Distributions }; 315*33de042dSApple OSS Distributions typedef struct launch_constraint_data* launch_constraint_data_t; 316*33de042dSApple OSS Distributions 317*33de042dSApple OSS Distributions #endif /* _KERN_CODESIGN_H */ 318