1*e3723e1fSApple OSS Distributions /*
2*e3723e1fSApple OSS Distributions * Copyright (c) 2022 Apple Computer, Inc. All rights reserved.
3*e3723e1fSApple OSS Distributions *
4*e3723e1fSApple OSS Distributions * @APPLE_LICENSE_HEADER_START@
5*e3723e1fSApple OSS Distributions *
6*e3723e1fSApple OSS Distributions * The contents of this file constitute Original Code as defined in and
7*e3723e1fSApple OSS Distributions * are subject to the Apple Public Source License Version 1.1 (the
8*e3723e1fSApple OSS Distributions * "License"). You may not use this file except in compliance with the
9*e3723e1fSApple OSS Distributions * License. Please obtain a copy of the License at
10*e3723e1fSApple OSS Distributions * http://www.apple.com/publicsource and read it before using this file.
11*e3723e1fSApple OSS Distributions *
12*e3723e1fSApple OSS Distributions * This Original Code and all software distributed under the License are
13*e3723e1fSApple OSS Distributions * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14*e3723e1fSApple OSS Distributions * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15*e3723e1fSApple OSS Distributions * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16*e3723e1fSApple OSS Distributions * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17*e3723e1fSApple OSS Distributions * License for the specific language governing rights and limitations
18*e3723e1fSApple OSS Distributions * under the License.
19*e3723e1fSApple OSS Distributions *
20*e3723e1fSApple OSS Distributions * @APPLE_LICENSE_HEADER_END@
21*e3723e1fSApple OSS Distributions */
22*e3723e1fSApple OSS Distributions
23*e3723e1fSApple OSS Distributions #include <stdarg.h>
24*e3723e1fSApple OSS Distributions #include <stdatomic.h>
25*e3723e1fSApple OSS Distributions #include <os/overflow.h>
26*e3723e1fSApple OSS Distributions #include <os/atomic_private.h>
27*e3723e1fSApple OSS Distributions #include <machine/atomic.h>
28*e3723e1fSApple OSS Distributions #include <mach/vm_param.h>
29*e3723e1fSApple OSS Distributions #include <mach/vm_map.h>
30*e3723e1fSApple OSS Distributions #include <mach/shared_region.h>
31*e3723e1fSApple OSS Distributions #include <vm/vm_kern_xnu.h>
32*e3723e1fSApple OSS Distributions #include <kern/zalloc.h>
33*e3723e1fSApple OSS Distributions #include <kern/kalloc.h>
34*e3723e1fSApple OSS Distributions #include <kern/assert.h>
35*e3723e1fSApple OSS Distributions #include <kern/locks.h>
36*e3723e1fSApple OSS Distributions #include <kern/recount.h>
37*e3723e1fSApple OSS Distributions #include <kern/sched_prim.h>
38*e3723e1fSApple OSS Distributions #include <kern/lock_rw.h>
39*e3723e1fSApple OSS Distributions #include <libkern/libkern.h>
40*e3723e1fSApple OSS Distributions #include <libkern/section_keywords.h>
41*e3723e1fSApple OSS Distributions #include <libkern/coretrust/coretrust.h>
42*e3723e1fSApple OSS Distributions #include <libkern/amfi/amfi.h>
43*e3723e1fSApple OSS Distributions #include <pexpert/pexpert.h>
44*e3723e1fSApple OSS Distributions #include <sys/vm.h>
45*e3723e1fSApple OSS Distributions #include <sys/proc.h>
46*e3723e1fSApple OSS Distributions #include <sys/codesign.h>
47*e3723e1fSApple OSS Distributions #include <sys/code_signing.h>
48*e3723e1fSApple OSS Distributions #include <sys/trust_caches.h>
49*e3723e1fSApple OSS Distributions #include <sys/sysctl.h>
50*e3723e1fSApple OSS Distributions #include <sys/reboot.h>
51*e3723e1fSApple OSS Distributions #include <uuid/uuid.h>
52*e3723e1fSApple OSS Distributions #include <IOKit/IOLib.h>
53*e3723e1fSApple OSS Distributions #include <IOKit/IOBSD.h>
54*e3723e1fSApple OSS Distributions
55*e3723e1fSApple OSS Distributions #if CONFIG_SPTM
56*e3723e1fSApple OSS Distributions /*
57*e3723e1fSApple OSS Distributions * The TrustedExecutionMonitor environment works in tandem with the SPTM to provide code
58*e3723e1fSApple OSS Distributions * signing and memory isolation enforcement for data structures critical to ensuring that
59*e3723e1fSApple OSS Distributions * all code executed on the system is authorized to do so.
60*e3723e1fSApple OSS Distributions *
61*e3723e1fSApple OSS Distributions * Unless the data is managed by TXM itself, XNU needs to page-align everything, make the
62*e3723e1fSApple OSS Distributions * relevant type transfer, and then reference the memory as read-only.
63*e3723e1fSApple OSS Distributions *
64*e3723e1fSApple OSS Distributions * TXM enforces concurrency on its side, but through the use of try-locks. Upon a failure
65*e3723e1fSApple OSS Distributions * in acquiring the lock, TXM will panic. As a result, in order to ensure single-threaded
66*e3723e1fSApple OSS Distributions * behavior, the kernel also has to take some locks on its side befor calling into TXM.
67*e3723e1fSApple OSS Distributions */
68*e3723e1fSApple OSS Distributions #include <sys/trusted_execution_monitor.h>
69*e3723e1fSApple OSS Distributions #include <pexpert/arm64/board_config.h>
70*e3723e1fSApple OSS Distributions
71*e3723e1fSApple OSS Distributions /* Lock group used for all locks within the kernel for TXM */
72*e3723e1fSApple OSS Distributions LCK_GRP_DECLARE(txm_lck_grp, "txm_code_signing_lck_grp");
73*e3723e1fSApple OSS Distributions
74*e3723e1fSApple OSS Distributions #pragma mark Utilities
75*e3723e1fSApple OSS Distributions
76*e3723e1fSApple OSS Distributions /* Number of thread stacks is known at build-time */
77*e3723e1fSApple OSS Distributions #define NUM_TXM_THREAD_STACKS (MAX_CPUS)
78*e3723e1fSApple OSS Distributions txm_thread_stack_t thread_stacks[NUM_TXM_THREAD_STACKS] = {0};
79*e3723e1fSApple OSS Distributions
80*e3723e1fSApple OSS Distributions /* Singly-linked-list head for thread stacks */
81*e3723e1fSApple OSS Distributions SLIST_HEAD(thread_stack_head, _txm_thread_stack) thread_stacks_head =
82*e3723e1fSApple OSS Distributions SLIST_HEAD_INITIALIZER(thread_stacks_head);
83*e3723e1fSApple OSS Distributions
84*e3723e1fSApple OSS Distributions static decl_lck_mtx_data(, thread_stacks_lock);
85*e3723e1fSApple OSS Distributions static void *thread_stack_event = NULL;
86*e3723e1fSApple OSS Distributions
87*e3723e1fSApple OSS Distributions static void
setup_thread_stacks(void)88*e3723e1fSApple OSS Distributions setup_thread_stacks(void)
89*e3723e1fSApple OSS Distributions {
90*e3723e1fSApple OSS Distributions extern const sptm_bootstrap_args_xnu_t *SPTMArgs;
91*e3723e1fSApple OSS Distributions txm_thread_stack_t *thread_stack = NULL;
92*e3723e1fSApple OSS Distributions
93*e3723e1fSApple OSS Distributions /* Initialize each thread stack and add it to the list */
94*e3723e1fSApple OSS Distributions for (uint32_t i = 0; i < NUM_TXM_THREAD_STACKS; i++) {
95*e3723e1fSApple OSS Distributions thread_stack = &thread_stacks[i];
96*e3723e1fSApple OSS Distributions
97*e3723e1fSApple OSS Distributions /* Acquire the thread stack virtual mapping */
98*e3723e1fSApple OSS Distributions thread_stack->thread_stack_papt = SPTMArgs->txm_thread_stacks[i];
99*e3723e1fSApple OSS Distributions
100*e3723e1fSApple OSS Distributions /* Acquire the thread stack physical page */
101*e3723e1fSApple OSS Distributions thread_stack->thread_stack_phys = (uintptr_t)kvtophys_nofail(
102*e3723e1fSApple OSS Distributions thread_stack->thread_stack_papt);
103*e3723e1fSApple OSS Distributions
104*e3723e1fSApple OSS Distributions /* Resolve the pointer to the thread stack data */
105*e3723e1fSApple OSS Distributions thread_stack->thread_stack_data =
106*e3723e1fSApple OSS Distributions (TXMThreadStack_t*)(thread_stack->thread_stack_papt + (PAGE_SIZE - 1024));
107*e3723e1fSApple OSS Distributions
108*e3723e1fSApple OSS Distributions /* Add thread stack to the list head */
109*e3723e1fSApple OSS Distributions SLIST_INSERT_HEAD(&thread_stacks_head, thread_stack, link);
110*e3723e1fSApple OSS Distributions }
111*e3723e1fSApple OSS Distributions
112*e3723e1fSApple OSS Distributions /* Initialize the thread stacks lock */
113*e3723e1fSApple OSS Distributions lck_mtx_init(&thread_stacks_lock, &txm_lck_grp, 0);
114*e3723e1fSApple OSS Distributions }
115*e3723e1fSApple OSS Distributions
116*e3723e1fSApple OSS Distributions static txm_thread_stack_t*
acquire_thread_stack(void)117*e3723e1fSApple OSS Distributions acquire_thread_stack(void)
118*e3723e1fSApple OSS Distributions {
119*e3723e1fSApple OSS Distributions txm_thread_stack_t *thread_stack = NULL;
120*e3723e1fSApple OSS Distributions
121*e3723e1fSApple OSS Distributions /* Lock the thread stack list */
122*e3723e1fSApple OSS Distributions lck_mtx_lock(&thread_stacks_lock);
123*e3723e1fSApple OSS Distributions
124*e3723e1fSApple OSS Distributions while (SLIST_EMPTY(&thread_stacks_head) == true) {
125*e3723e1fSApple OSS Distributions lck_mtx_sleep(
126*e3723e1fSApple OSS Distributions &thread_stacks_lock,
127*e3723e1fSApple OSS Distributions LCK_SLEEP_DEFAULT,
128*e3723e1fSApple OSS Distributions &thread_stack_event,
129*e3723e1fSApple OSS Distributions THREAD_UNINT);
130*e3723e1fSApple OSS Distributions }
131*e3723e1fSApple OSS Distributions
132*e3723e1fSApple OSS Distributions if (SLIST_EMPTY(&thread_stacks_head) == true) {
133*e3723e1fSApple OSS Distributions panic("unable to acquire a thread stack for TXM");
134*e3723e1fSApple OSS Distributions }
135*e3723e1fSApple OSS Distributions
136*e3723e1fSApple OSS Distributions /* Use the first available thread stack */
137*e3723e1fSApple OSS Distributions thread_stack = SLIST_FIRST(&thread_stacks_head);
138*e3723e1fSApple OSS Distributions
139*e3723e1fSApple OSS Distributions /* Remove the thread stack from the list */
140*e3723e1fSApple OSS Distributions SLIST_REMOVE_HEAD(&thread_stacks_head, link);
141*e3723e1fSApple OSS Distributions
142*e3723e1fSApple OSS Distributions /* Unlock the thread stack list */
143*e3723e1fSApple OSS Distributions lck_mtx_unlock(&thread_stacks_lock);
144*e3723e1fSApple OSS Distributions
145*e3723e1fSApple OSS Distributions /* Associate the thread stack with the current thread */
146*e3723e1fSApple OSS Distributions thread_associate_txm_thread_stack(thread_stack->thread_stack_phys);
147*e3723e1fSApple OSS Distributions
148*e3723e1fSApple OSS Distributions return thread_stack;
149*e3723e1fSApple OSS Distributions }
150*e3723e1fSApple OSS Distributions
151*e3723e1fSApple OSS Distributions static void
release_thread_stack(txm_thread_stack_t * thread_stack)152*e3723e1fSApple OSS Distributions release_thread_stack(
153*e3723e1fSApple OSS Distributions txm_thread_stack_t* thread_stack)
154*e3723e1fSApple OSS Distributions {
155*e3723e1fSApple OSS Distributions /* Remove the TXM thread stack association with the current thread */
156*e3723e1fSApple OSS Distributions thread_disassociate_txm_thread_stack(thread_stack->thread_stack_phys);
157*e3723e1fSApple OSS Distributions
158*e3723e1fSApple OSS Distributions /* Lock the thread stack list */
159*e3723e1fSApple OSS Distributions lck_mtx_lock(&thread_stacks_lock);
160*e3723e1fSApple OSS Distributions
161*e3723e1fSApple OSS Distributions /* Add the thread stack at the list head */
162*e3723e1fSApple OSS Distributions SLIST_INSERT_HEAD(&thread_stacks_head, thread_stack, link);
163*e3723e1fSApple OSS Distributions
164*e3723e1fSApple OSS Distributions /* Unlock the thread stack list */
165*e3723e1fSApple OSS Distributions lck_mtx_unlock(&thread_stacks_lock);
166*e3723e1fSApple OSS Distributions
167*e3723e1fSApple OSS Distributions /* Wake up any threads waiting to acquire a thread stack */
168*e3723e1fSApple OSS Distributions thread_wakeup(&thread_stack_event);
169*e3723e1fSApple OSS Distributions }
170*e3723e1fSApple OSS Distributions
171*e3723e1fSApple OSS Distributions static kern_return_t
txm_parse_return(TXMReturn_t txm_ret)172*e3723e1fSApple OSS Distributions txm_parse_return(
173*e3723e1fSApple OSS Distributions TXMReturn_t txm_ret)
174*e3723e1fSApple OSS Distributions {
175*e3723e1fSApple OSS Distributions switch (txm_ret.returnCode) {
176*e3723e1fSApple OSS Distributions case kTXMSuccess:
177*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
178*e3723e1fSApple OSS Distributions
179*e3723e1fSApple OSS Distributions case kTXMReturnOutOfMemory:
180*e3723e1fSApple OSS Distributions return KERN_RESOURCE_SHORTAGE;
181*e3723e1fSApple OSS Distributions
182*e3723e1fSApple OSS Distributions case kTXMReturnNotFound:
183*e3723e1fSApple OSS Distributions return KERN_NOT_FOUND;
184*e3723e1fSApple OSS Distributions
185*e3723e1fSApple OSS Distributions case kTXMReturnNotSupported:
186*e3723e1fSApple OSS Distributions return KERN_NOT_SUPPORTED;
187*e3723e1fSApple OSS Distributions
188*e3723e1fSApple OSS Distributions #if kTXMKernelAPIVersion >= 6
189*e3723e1fSApple OSS Distributions case kTXMReturnTryAgain:
190*e3723e1fSApple OSS Distributions return KERN_OPERATION_TIMED_OUT;
191*e3723e1fSApple OSS Distributions #endif
192*e3723e1fSApple OSS Distributions
193*e3723e1fSApple OSS Distributions default:
194*e3723e1fSApple OSS Distributions return KERN_FAILURE;
195*e3723e1fSApple OSS Distributions }
196*e3723e1fSApple OSS Distributions }
197*e3723e1fSApple OSS Distributions
198*e3723e1fSApple OSS Distributions static void
txm_print_return(TXMKernelSelector_t selector,TXMReturn_t txm_ret)199*e3723e1fSApple OSS Distributions txm_print_return(
200*e3723e1fSApple OSS Distributions TXMKernelSelector_t selector,
201*e3723e1fSApple OSS Distributions TXMReturn_t txm_ret)
202*e3723e1fSApple OSS Distributions {
203*e3723e1fSApple OSS Distributions /*
204*e3723e1fSApple OSS Distributions * We specifically use IOLog instead of printf since printf is compiled out on
205*e3723e1fSApple OSS Distributions * RELEASE kernels. We want to ensure that errors from TXM are captured within
206*e3723e1fSApple OSS Distributions * sysdiagnoses from the field.
207*e3723e1fSApple OSS Distributions */
208*e3723e1fSApple OSS Distributions
209*e3723e1fSApple OSS Distributions if (txm_ret.returnCode == kTXMSuccess) {
210*e3723e1fSApple OSS Distributions return;
211*e3723e1fSApple OSS Distributions } else if (txm_ret.returnCode == kTXMReturnTrustCache) {
212*e3723e1fSApple OSS Distributions IOLog("TXM [Error]: TrustCache: selector: %u | 0x%02X | 0x%02X | %u\n",
213*e3723e1fSApple OSS Distributions selector, txm_ret.tcRet.component, txm_ret.tcRet.error, txm_ret.tcRet.uniqueError);
214*e3723e1fSApple OSS Distributions } else if (txm_ret.returnCode == kTXMReturnCodeSignature) {
215*e3723e1fSApple OSS Distributions IOLog("TXM [Error]: CodeSignature: selector: %u | 0x%02X | 0x%02X | %u\n",
216*e3723e1fSApple OSS Distributions selector, txm_ret.csRet.component, txm_ret.csRet.error, txm_ret.csRet.uniqueError);
217*e3723e1fSApple OSS Distributions } else if (txm_ret.returnCode == kTXMReturnCodeErrno) {
218*e3723e1fSApple OSS Distributions IOLog("TXM [Error]: Errno: selector: %u | %d\n",
219*e3723e1fSApple OSS Distributions selector, txm_ret.errnoRet);
220*e3723e1fSApple OSS Distributions } else {
221*e3723e1fSApple OSS Distributions IOLog("TXM [Error]: selector: %u | %u\n",
222*e3723e1fSApple OSS Distributions selector, txm_ret.returnCode);
223*e3723e1fSApple OSS Distributions }
224*e3723e1fSApple OSS Distributions }
225*e3723e1fSApple OSS Distributions
226*e3723e1fSApple OSS Distributions #pragma mark Page Allocation
227*e3723e1fSApple OSS Distributions
228*e3723e1fSApple OSS Distributions static void
txm_add_page(void)229*e3723e1fSApple OSS Distributions txm_add_page(void)
230*e3723e1fSApple OSS Distributions {
231*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
232*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorAddFreeListPage,
233*e3723e1fSApple OSS Distributions .failure_fatal = true,
234*e3723e1fSApple OSS Distributions .num_input_args = 1
235*e3723e1fSApple OSS Distributions };
236*e3723e1fSApple OSS Distributions
237*e3723e1fSApple OSS Distributions /* Allocate a page from the VM -- transfers page to TXM internally */
238*e3723e1fSApple OSS Distributions vm_map_address_t phys_addr = pmap_txm_allocate_page();
239*e3723e1fSApple OSS Distributions
240*e3723e1fSApple OSS Distributions /* Add this page to the TXM free list */
241*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, phys_addr);
242*e3723e1fSApple OSS Distributions }
243*e3723e1fSApple OSS Distributions
244*e3723e1fSApple OSS Distributions #pragma mark Calls
245*e3723e1fSApple OSS Distributions
246*e3723e1fSApple OSS Distributions static void
txm_kernel_call_registers_setup(txm_call_t * parameters,sptm_call_regs_t * registers,va_list args)247*e3723e1fSApple OSS Distributions txm_kernel_call_registers_setup(
248*e3723e1fSApple OSS Distributions txm_call_t *parameters,
249*e3723e1fSApple OSS Distributions sptm_call_regs_t *registers,
250*e3723e1fSApple OSS Distributions va_list args)
251*e3723e1fSApple OSS Distributions {
252*e3723e1fSApple OSS Distributions /*
253*e3723e1fSApple OSS Distributions * We are only ever allowed a maximum of 7 arguments for calling into TXM.
254*e3723e1fSApple OSS Distributions * This is because the SPTM dispatch only sets up registers x0-x7 for the
255*e3723e1fSApple OSS Distributions * call, and x0 is always reserved for passing in a thread stack for TXM
256*e3723e1fSApple OSS Distributions * to operate on.
257*e3723e1fSApple OSS Distributions */
258*e3723e1fSApple OSS Distributions
259*e3723e1fSApple OSS Distributions switch (parameters->num_input_args) {
260*e3723e1fSApple OSS Distributions case 7:
261*e3723e1fSApple OSS Distributions registers->x1 = va_arg(args, uintptr_t);
262*e3723e1fSApple OSS Distributions registers->x2 = va_arg(args, uintptr_t);
263*e3723e1fSApple OSS Distributions registers->x3 = va_arg(args, uintptr_t);
264*e3723e1fSApple OSS Distributions registers->x4 = va_arg(args, uintptr_t);
265*e3723e1fSApple OSS Distributions registers->x5 = va_arg(args, uintptr_t);
266*e3723e1fSApple OSS Distributions registers->x6 = va_arg(args, uintptr_t);
267*e3723e1fSApple OSS Distributions registers->x7 = va_arg(args, uintptr_t);
268*e3723e1fSApple OSS Distributions break;
269*e3723e1fSApple OSS Distributions
270*e3723e1fSApple OSS Distributions case 6:
271*e3723e1fSApple OSS Distributions registers->x1 = va_arg(args, uintptr_t);
272*e3723e1fSApple OSS Distributions registers->x2 = va_arg(args, uintptr_t);
273*e3723e1fSApple OSS Distributions registers->x3 = va_arg(args, uintptr_t);
274*e3723e1fSApple OSS Distributions registers->x4 = va_arg(args, uintptr_t);
275*e3723e1fSApple OSS Distributions registers->x5 = va_arg(args, uintptr_t);
276*e3723e1fSApple OSS Distributions registers->x6 = va_arg(args, uintptr_t);
277*e3723e1fSApple OSS Distributions break;
278*e3723e1fSApple OSS Distributions
279*e3723e1fSApple OSS Distributions case 5:
280*e3723e1fSApple OSS Distributions registers->x1 = va_arg(args, uintptr_t);
281*e3723e1fSApple OSS Distributions registers->x2 = va_arg(args, uintptr_t);
282*e3723e1fSApple OSS Distributions registers->x3 = va_arg(args, uintptr_t);
283*e3723e1fSApple OSS Distributions registers->x4 = va_arg(args, uintptr_t);
284*e3723e1fSApple OSS Distributions registers->x5 = va_arg(args, uintptr_t);
285*e3723e1fSApple OSS Distributions break;
286*e3723e1fSApple OSS Distributions
287*e3723e1fSApple OSS Distributions case 4:
288*e3723e1fSApple OSS Distributions registers->x1 = va_arg(args, uintptr_t);
289*e3723e1fSApple OSS Distributions registers->x2 = va_arg(args, uintptr_t);
290*e3723e1fSApple OSS Distributions registers->x3 = va_arg(args, uintptr_t);
291*e3723e1fSApple OSS Distributions registers->x4 = va_arg(args, uintptr_t);
292*e3723e1fSApple OSS Distributions break;
293*e3723e1fSApple OSS Distributions
294*e3723e1fSApple OSS Distributions case 3:
295*e3723e1fSApple OSS Distributions registers->x1 = va_arg(args, uintptr_t);
296*e3723e1fSApple OSS Distributions registers->x2 = va_arg(args, uintptr_t);
297*e3723e1fSApple OSS Distributions registers->x3 = va_arg(args, uintptr_t);
298*e3723e1fSApple OSS Distributions break;
299*e3723e1fSApple OSS Distributions
300*e3723e1fSApple OSS Distributions case 2:
301*e3723e1fSApple OSS Distributions registers->x1 = va_arg(args, uintptr_t);
302*e3723e1fSApple OSS Distributions registers->x2 = va_arg(args, uintptr_t);
303*e3723e1fSApple OSS Distributions break;
304*e3723e1fSApple OSS Distributions
305*e3723e1fSApple OSS Distributions case 1:
306*e3723e1fSApple OSS Distributions registers->x1 = va_arg(args, uintptr_t);
307*e3723e1fSApple OSS Distributions break;
308*e3723e1fSApple OSS Distributions
309*e3723e1fSApple OSS Distributions case 0:
310*e3723e1fSApple OSS Distributions break;
311*e3723e1fSApple OSS Distributions
312*e3723e1fSApple OSS Distributions default:
313*e3723e1fSApple OSS Distributions panic("invalid number of arguments to TXM: selector: %u | %u",
314*e3723e1fSApple OSS Distributions parameters->selector, parameters->num_input_args);
315*e3723e1fSApple OSS Distributions }
316*e3723e1fSApple OSS Distributions }
317*e3723e1fSApple OSS Distributions
318*e3723e1fSApple OSS Distributions static TXMReturn_t
txm_kernel_call_internal(txm_call_t * parameters,va_list args)319*e3723e1fSApple OSS Distributions txm_kernel_call_internal(
320*e3723e1fSApple OSS Distributions txm_call_t *parameters,
321*e3723e1fSApple OSS Distributions va_list args)
322*e3723e1fSApple OSS Distributions {
323*e3723e1fSApple OSS Distributions TXMReturn_t txm_ret = (TXMReturn_t){.returnCode = kTXMReturnGeneric};
324*e3723e1fSApple OSS Distributions sptm_call_regs_t txm_registers = {0};
325*e3723e1fSApple OSS Distributions txm_thread_stack_t *thread_stack = NULL;
326*e3723e1fSApple OSS Distributions const TXMThreadStack_t *thread_stack_data = NULL;
327*e3723e1fSApple OSS Distributions const TXMSharedContextData_t *shared_context_data = NULL;
328*e3723e1fSApple OSS Distributions
329*e3723e1fSApple OSS Distributions /* Obtain a stack for this call */
330*e3723e1fSApple OSS Distributions thread_stack = acquire_thread_stack();
331*e3723e1fSApple OSS Distributions thread_stack_data = thread_stack->thread_stack_data;
332*e3723e1fSApple OSS Distributions shared_context_data = &thread_stack_data->sharedData;
333*e3723e1fSApple OSS Distributions
334*e3723e1fSApple OSS Distributions /* Setup argument registers */
335*e3723e1fSApple OSS Distributions txm_registers.x0 = thread_stack->thread_stack_phys;
336*e3723e1fSApple OSS Distributions txm_kernel_call_registers_setup(parameters, &txm_registers, args);
337*e3723e1fSApple OSS Distributions
338*e3723e1fSApple OSS Distributions /* Track resource usage */
339*e3723e1fSApple OSS Distributions recount_enter_secure();
340*e3723e1fSApple OSS Distributions
341*e3723e1fSApple OSS Distributions /* Call into TXM */
342*e3723e1fSApple OSS Distributions txm_enter(parameters->selector, &txm_registers);
343*e3723e1fSApple OSS Distributions
344*e3723e1fSApple OSS Distributions recount_leave_secure();
345*e3723e1fSApple OSS Distributions
346*e3723e1fSApple OSS Distributions txm_ret = (TXMReturn_t){.rawValue = shared_context_data->txmReturnCode};
347*e3723e1fSApple OSS Distributions parameters->txm_ret = txm_ret;
348*e3723e1fSApple OSS Distributions
349*e3723e1fSApple OSS Distributions if (parameters->txm_ret.returnCode == kTXMSuccess) {
350*e3723e1fSApple OSS Distributions parameters->num_return_words = shared_context_data->txmNumReturnWords;
351*e3723e1fSApple OSS Distributions if (parameters->num_return_words > kTXMStackReturnWords) {
352*e3723e1fSApple OSS Distributions panic("received excessive return words from TXM: selector: %u | %llu",
353*e3723e1fSApple OSS Distributions parameters->selector, parameters->num_return_words);
354*e3723e1fSApple OSS Distributions }
355*e3723e1fSApple OSS Distributions
356*e3723e1fSApple OSS Distributions for (uint64_t i = 0; i < parameters->num_return_words; i++) {
357*e3723e1fSApple OSS Distributions parameters->return_words[i] = shared_context_data->txmReturnWords[i];
358*e3723e1fSApple OSS Distributions }
359*e3723e1fSApple OSS Distributions }
360*e3723e1fSApple OSS Distributions
361*e3723e1fSApple OSS Distributions /* Release the thread stack as it is no longer needed */
362*e3723e1fSApple OSS Distributions release_thread_stack(thread_stack);
363*e3723e1fSApple OSS Distributions thread_stack_data = NULL;
364*e3723e1fSApple OSS Distributions shared_context_data = NULL;
365*e3723e1fSApple OSS Distributions
366*e3723e1fSApple OSS Distributions return txm_ret;
367*e3723e1fSApple OSS Distributions }
368*e3723e1fSApple OSS Distributions
369*e3723e1fSApple OSS Distributions kern_return_t
txm_kernel_call(txm_call_t * parameters,...)370*e3723e1fSApple OSS Distributions txm_kernel_call(
371*e3723e1fSApple OSS Distributions txm_call_t *parameters, ...)
372*e3723e1fSApple OSS Distributions {
373*e3723e1fSApple OSS Distributions TXMReturn_t txm_ret = (TXMReturn_t){.returnCode = kTXMReturnGeneric};
374*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
375*e3723e1fSApple OSS Distributions va_list args;
376*e3723e1fSApple OSS Distributions
377*e3723e1fSApple OSS Distributions /* Start the variadic arguments list */
378*e3723e1fSApple OSS Distributions va_start(args, parameters);
379*e3723e1fSApple OSS Distributions
380*e3723e1fSApple OSS Distributions do {
381*e3723e1fSApple OSS Distributions txm_ret = txm_kernel_call_internal(parameters, args);
382*e3723e1fSApple OSS Distributions if (txm_ret.returnCode == kTXMReturnOutOfMemory) {
383*e3723e1fSApple OSS Distributions if (parameters->selector == kTXMKernelSelectorAddFreeListPage) {
384*e3723e1fSApple OSS Distributions panic("received out-of-memory error when adding a free page to TXM");
385*e3723e1fSApple OSS Distributions }
386*e3723e1fSApple OSS Distributions txm_add_page();
387*e3723e1fSApple OSS Distributions }
388*e3723e1fSApple OSS Distributions } while (txm_ret.returnCode == kTXMReturnOutOfMemory);
389*e3723e1fSApple OSS Distributions
390*e3723e1fSApple OSS Distributions /* Clean up the variadic arguments list */
391*e3723e1fSApple OSS Distributions va_end(args);
392*e3723e1fSApple OSS Distributions
393*e3723e1fSApple OSS Distributions /* Print all TXM logs from the log buffer */
394*e3723e1fSApple OSS Distributions if (parameters->skip_logs == false) {
395*e3723e1fSApple OSS Distributions txm_print_logs();
396*e3723e1fSApple OSS Distributions }
397*e3723e1fSApple OSS Distributions
398*e3723e1fSApple OSS Distributions /* Print the return code from TXM -- only prints for an error */
399*e3723e1fSApple OSS Distributions if (parameters->failure_silent != true) {
400*e3723e1fSApple OSS Distributions if (parameters->failure_code_silent != txm_ret.returnCode) {
401*e3723e1fSApple OSS Distributions txm_print_return(parameters->selector, txm_ret);
402*e3723e1fSApple OSS Distributions }
403*e3723e1fSApple OSS Distributions }
404*e3723e1fSApple OSS Distributions
405*e3723e1fSApple OSS Distributions /*
406*e3723e1fSApple OSS Distributions * To ease the process of calling into TXM, and to also reduce the number of
407*e3723e1fSApple OSS Distributions * lines of code for each call site, the txm_call_t offers some properties
408*e3723e1fSApple OSS Distributions * we can enforce over here. Go through these, and panic in case they aren't
409*e3723e1fSApple OSS Distributions * honored.
410*e3723e1fSApple OSS Distributions *
411*e3723e1fSApple OSS Distributions * NOTE: We check for "<" instead of "!=" for the number of return words we
412*e3723e1fSApple OSS Distributions * get back from TXM since this helps in forward development. If the kernel
413*e3723e1fSApple OSS Distributions * and TXM are proceeding at different project cadences, we do not want to
414*e3723e1fSApple OSS Distributions * gate adding more return words from TXM on the kernel first adopting the
415*e3723e1fSApple OSS Distributions * new number of return words.
416*e3723e1fSApple OSS Distributions */
417*e3723e1fSApple OSS Distributions ret = txm_parse_return(txm_ret);
418*e3723e1fSApple OSS Distributions
419*e3723e1fSApple OSS Distributions if (parameters->failure_fatal && (ret != KERN_SUCCESS)) {
420*e3723e1fSApple OSS Distributions panic("received fatal error for a selector from TXM: selector: %u | 0x%0llX",
421*e3723e1fSApple OSS Distributions parameters->selector, txm_ret.rawValue);
422*e3723e1fSApple OSS Distributions } else if (parameters->num_return_words < parameters->num_output_args) {
423*e3723e1fSApple OSS Distributions /* Only panic if return was a success */
424*e3723e1fSApple OSS Distributions if (ret == KERN_SUCCESS) {
425*e3723e1fSApple OSS Distributions panic("received fewer than expected return words from TXM: selector: %u | %llu",
426*e3723e1fSApple OSS Distributions parameters->selector, parameters->num_return_words);
427*e3723e1fSApple OSS Distributions }
428*e3723e1fSApple OSS Distributions }
429*e3723e1fSApple OSS Distributions
430*e3723e1fSApple OSS Distributions return ret;
431*e3723e1fSApple OSS Distributions }
432*e3723e1fSApple OSS Distributions
433*e3723e1fSApple OSS Distributions void
txm_transfer_region(vm_address_t addr,vm_size_t size)434*e3723e1fSApple OSS Distributions txm_transfer_region(
435*e3723e1fSApple OSS Distributions vm_address_t addr,
436*e3723e1fSApple OSS Distributions vm_size_t size)
437*e3723e1fSApple OSS Distributions {
438*e3723e1fSApple OSS Distributions vm_address_t addr_end = 0;
439*e3723e1fSApple OSS Distributions vm_size_t size_aligned = round_page(size);
440*e3723e1fSApple OSS Distributions
441*e3723e1fSApple OSS Distributions if ((addr & PAGE_MASK) != 0) {
442*e3723e1fSApple OSS Distributions panic("attempted to transfer non-page-aligned memory to TXM: %p", (void*)addr);
443*e3723e1fSApple OSS Distributions } else if (os_add_overflow(addr, size_aligned, &addr_end)) {
444*e3723e1fSApple OSS Distributions panic("overflow on range to be transferred to TXM: %p | %lu",
445*e3723e1fSApple OSS Distributions (void*)addr, size);
446*e3723e1fSApple OSS Distributions }
447*e3723e1fSApple OSS Distributions
448*e3723e1fSApple OSS Distributions /* Make the memory read-only first (transfer will panic otherwise) */
449*e3723e1fSApple OSS Distributions vm_protect(kernel_map, addr, size_aligned, false, VM_PROT_READ);
450*e3723e1fSApple OSS Distributions
451*e3723e1fSApple OSS Distributions /* Transfer each physical page to be TXM_DEFAULT */
452*e3723e1fSApple OSS Distributions for (vm_address_t page = addr; page < addr_end; page += PAGE_SIZE) {
453*e3723e1fSApple OSS Distributions pmap_txm_transfer_page(page);
454*e3723e1fSApple OSS Distributions }
455*e3723e1fSApple OSS Distributions }
456*e3723e1fSApple OSS Distributions
457*e3723e1fSApple OSS Distributions void
txm_reclaim_region(vm_address_t addr,vm_size_t size)458*e3723e1fSApple OSS Distributions txm_reclaim_region(
459*e3723e1fSApple OSS Distributions vm_address_t addr,
460*e3723e1fSApple OSS Distributions vm_size_t size)
461*e3723e1fSApple OSS Distributions {
462*e3723e1fSApple OSS Distributions vm_address_t addr_end = 0;
463*e3723e1fSApple OSS Distributions vm_size_t size_aligned = round_page(size);
464*e3723e1fSApple OSS Distributions
465*e3723e1fSApple OSS Distributions if ((addr & PAGE_MASK) != 0) {
466*e3723e1fSApple OSS Distributions panic("attempted to reclaim non-page-aligned memory from TXM: %p", (void*)addr);
467*e3723e1fSApple OSS Distributions } else if (os_add_overflow(addr, size_aligned, &addr_end)) {
468*e3723e1fSApple OSS Distributions panic("overflow on range to be reclaimed from TXM: %p | %lu",
469*e3723e1fSApple OSS Distributions (void*)addr, size);
470*e3723e1fSApple OSS Distributions }
471*e3723e1fSApple OSS Distributions
472*e3723e1fSApple OSS Distributions /*
473*e3723e1fSApple OSS Distributions * We can only reclaim once TXM has transferred the memory range back to the
474*e3723e1fSApple OSS Distributions * kernel. Hence, we simply try and switch permissions to read-write. If TXM
475*e3723e1fSApple OSS Distributions * hasn't transferred pages, this then should panic.
476*e3723e1fSApple OSS Distributions */
477*e3723e1fSApple OSS Distributions vm_protect(kernel_map, addr, size_aligned, false, VM_PROT_READ | VM_PROT_WRITE);
478*e3723e1fSApple OSS Distributions }
479*e3723e1fSApple OSS Distributions
480*e3723e1fSApple OSS Distributions static SECURITY_READ_ONLY_LATE(const char*) txm_log_page = NULL;
481*e3723e1fSApple OSS Distributions static SECURITY_READ_ONLY_LATE(const uint32_t*) txm_log_head = NULL;
482*e3723e1fSApple OSS Distributions static SECURITY_READ_ONLY_LATE(const uint32_t*) txm_log_sync = NULL;
483*e3723e1fSApple OSS Distributions
484*e3723e1fSApple OSS Distributions static decl_lck_mtx_data(, log_lock);
485*e3723e1fSApple OSS Distributions static uint32_t log_head = 0;
486*e3723e1fSApple OSS Distributions
487*e3723e1fSApple OSS Distributions void
txm_print_logs(void)488*e3723e1fSApple OSS Distributions txm_print_logs(void)
489*e3723e1fSApple OSS Distributions {
490*e3723e1fSApple OSS Distributions uint32_t start_index = 0;
491*e3723e1fSApple OSS Distributions uint32_t end_index = 0;
492*e3723e1fSApple OSS Distributions
493*e3723e1fSApple OSS Distributions /*
494*e3723e1fSApple OSS Distributions * The design here is very simple. TXM keeps adding slots to its circular buffer
495*e3723e1fSApple OSS Distributions * and the kernel attempts to read each one and print it, maintaining its own head
496*e3723e1fSApple OSS Distributions * for the log.
497*e3723e1fSApple OSS Distributions *
498*e3723e1fSApple OSS Distributions * This design is by nature lazy. TXM doesn't know or care if the kernel has gone
499*e3723e1fSApple OSS Distributions * through and printed any of the logs, so it'll just keep writing into its buffer
500*e3723e1fSApple OSS Distributions * and then circle around when it becomes full.
501*e3723e1fSApple OSS Distributions *
502*e3723e1fSApple OSS Distributions * This is fine most of the time since there are a decent amount of slots in the
503*e3723e1fSApple OSS Distributions * log buffer. We mostly have an issue when TXM is adding so many logs so quickly
504*e3723e1fSApple OSS Distributions * such that it wraps around and starts overwriting logs which haven't been seen
505*e3723e1fSApple OSS Distributions * by the kernel. If this were to happen, TXM's log head may circle around the
506*e3723e1fSApple OSS Distributions * head maintained by the kernel, causing a lot of logs to be missed, since the
507*e3723e1fSApple OSS Distributions * kernel only attempts the number of logs in-between the two heads.
508*e3723e1fSApple OSS Distributions *
509*e3723e1fSApple OSS Distributions * The fix for that is complicated, and until we see an actual impact, we're going
510*e3723e1fSApple OSS Distributions * to keep the simpler design in place.
511*e3723e1fSApple OSS Distributions */
512*e3723e1fSApple OSS Distributions
513*e3723e1fSApple OSS Distributions /* Return if the logging hasn't been setup yet */
514*e3723e1fSApple OSS Distributions if (txm_log_sync == NULL) {
515*e3723e1fSApple OSS Distributions return;
516*e3723e1fSApple OSS Distributions }
517*e3723e1fSApple OSS Distributions
518*e3723e1fSApple OSS Distributions /*
519*e3723e1fSApple OSS Distributions * Holding the log lock and printing can cause lots of issues since printing can
520*e3723e1fSApple OSS Distributions * be rather slow. While we make it a point to keep the logging buffer quiet, some
521*e3723e1fSApple OSS Distributions * actions (such as loading trust caches) are still very chatty.
522*e3723e1fSApple OSS Distributions *
523*e3723e1fSApple OSS Distributions * As a result, we optimize this routine to ensure that the lock itself isn't held
524*e3723e1fSApple OSS Distributions * for very long. All we need to do within the critical section is calculate the
525*e3723e1fSApple OSS Distributions * starting and ending index of the log buffer. The actual printing doesn't need
526*e3723e1fSApple OSS Distributions * to be done with the lock held.
527*e3723e1fSApple OSS Distributions */
528*e3723e1fSApple OSS Distributions lck_mtx_lock(&log_lock);
529*e3723e1fSApple OSS Distributions
530*e3723e1fSApple OSS Distributions start_index = log_head;
531*e3723e1fSApple OSS Distributions end_index = os_atomic_load(txm_log_head, relaxed) % kTXMLogSlots;
532*e3723e1fSApple OSS Distributions
533*e3723e1fSApple OSS Distributions /* Update the log head with the new index */
534*e3723e1fSApple OSS Distributions log_head = end_index;
535*e3723e1fSApple OSS Distributions
536*e3723e1fSApple OSS Distributions /* Release the log lock */
537*e3723e1fSApple OSS Distributions lck_mtx_unlock(&log_lock);
538*e3723e1fSApple OSS Distributions
539*e3723e1fSApple OSS Distributions if (start_index != end_index) {
540*e3723e1fSApple OSS Distributions /* Use load acquire here to sync up with all writes to the buffer */
541*e3723e1fSApple OSS Distributions os_atomic_load(txm_log_sync, acquire);
542*e3723e1fSApple OSS Distributions
543*e3723e1fSApple OSS Distributions while (start_index != end_index) {
544*e3723e1fSApple OSS Distributions const char *slot = txm_log_page + (start_index * kTXMLogSlotSize);
545*e3723e1fSApple OSS Distributions
546*e3723e1fSApple OSS Distributions /* We add newlines after each log statement since TXM does not */
547*e3723e1fSApple OSS Distributions printf("%s\n", slot);
548*e3723e1fSApple OSS Distributions
549*e3723e1fSApple OSS Distributions start_index = (start_index + 1) % kTXMLogSlots;
550*e3723e1fSApple OSS Distributions }
551*e3723e1fSApple OSS Distributions }
552*e3723e1fSApple OSS Distributions }
553*e3723e1fSApple OSS Distributions
554*e3723e1fSApple OSS Distributions #pragma mark Initialization
555*e3723e1fSApple OSS Distributions
556*e3723e1fSApple OSS Distributions SECURITY_READ_ONLY_LATE(const TXMReadWriteData_t*) txm_rw_data = NULL;
557*e3723e1fSApple OSS Distributions SECURITY_READ_ONLY_LATE(const TXMReadOnlyData_t*) txm_ro_data = NULL;
558*e3723e1fSApple OSS Distributions SECURITY_READ_ONLY_LATE(const CSConfig_t*) txm_cs_config = NULL;
559*e3723e1fSApple OSS Distributions SECURITY_READ_ONLY_LATE(CSRestrictedModeState_t*) txm_restricted_mode_state = NULL;
560*e3723e1fSApple OSS Distributions SECURITY_READ_ONLY_LATE(const TXMMetrics_t*) txm_metrics = NULL;
561*e3723e1fSApple OSS Distributions
562*e3723e1fSApple OSS Distributions SECURITY_READ_ONLY_LATE(bool*) developer_mode_enabled = NULL;
563*e3723e1fSApple OSS Distributions static SECURITY_READ_ONLY_LATE(bool) code_signing_enabled = true;
564*e3723e1fSApple OSS Distributions static SECURITY_READ_ONLY_LATE(uint32_t) managed_signature_size = 0;
565*e3723e1fSApple OSS Distributions
566*e3723e1fSApple OSS Distributions static decl_lck_mtx_data(, compilation_service_lock);
567*e3723e1fSApple OSS Distributions static decl_lck_mtx_data(, unregister_sync_lock);
568*e3723e1fSApple OSS Distributions
569*e3723e1fSApple OSS Distributions static void
get_logging_info(void)570*e3723e1fSApple OSS Distributions get_logging_info(void)
571*e3723e1fSApple OSS Distributions {
572*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
573*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorGetLogInfo,
574*e3723e1fSApple OSS Distributions .failure_fatal = true,
575*e3723e1fSApple OSS Distributions .num_output_args = 3
576*e3723e1fSApple OSS Distributions };
577*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call);
578*e3723e1fSApple OSS Distributions
579*e3723e1fSApple OSS Distributions txm_log_page = (const char*)txm_call.return_words[0];
580*e3723e1fSApple OSS Distributions txm_log_head = (const uint32_t*)txm_call.return_words[1];
581*e3723e1fSApple OSS Distributions txm_log_sync = (const uint32_t*)txm_call.return_words[2];
582*e3723e1fSApple OSS Distributions }
583*e3723e1fSApple OSS Distributions
584*e3723e1fSApple OSS Distributions static void
get_code_signing_info(void)585*e3723e1fSApple OSS Distributions get_code_signing_info(void)
586*e3723e1fSApple OSS Distributions {
587*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
588*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorGetCodeSigningInfo,
589*e3723e1fSApple OSS Distributions .failure_fatal = true,
590*e3723e1fSApple OSS Distributions .num_output_args = 6
591*e3723e1fSApple OSS Distributions };
592*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call);
593*e3723e1fSApple OSS Distributions
594*e3723e1fSApple OSS Distributions /*
595*e3723e1fSApple OSS Distributions * Not using txm_call.return_words[0] for now. This was previously the
596*e3723e1fSApple OSS Distributions * code_signing_enabled field, but we've since switched to acquiring that
597*e3723e1fSApple OSS Distributions * value from TXM's read-only data.
598*e3723e1fSApple OSS Distributions *
599*e3723e1fSApple OSS Distributions * Not using txm_call.return_words[2] for now. This was previously the
600*e3723e1fSApple OSS Distributions * metrics field, but we've since switched to acquiring that value from
601*e3723e1fSApple OSS Distributions * TXM's read-write data.
602*e3723e1fSApple OSS Distributions *
603*e3723e1fSApple OSS Distributions * Not using txm_call.return_words[4] for now. This was previously the
604*e3723e1fSApple OSS Distributions * txm_cs_config field, but we've since switched to acquiring that value
605*e3723e1fSApple OSS Distributions * from TXM's read-only data.
606*e3723e1fSApple OSS Distributions */
607*e3723e1fSApple OSS Distributions txm_rw_data = (TXMReadWriteData_t*)txm_call.return_words[0];
608*e3723e1fSApple OSS Distributions developer_mode_enabled = (bool*)txm_call.return_words[1];
609*e3723e1fSApple OSS Distributions managed_signature_size = (uint32_t)txm_call.return_words[3];
610*e3723e1fSApple OSS Distributions txm_ro_data = (TXMReadOnlyData_t*)txm_call.return_words[5];
611*e3723e1fSApple OSS Distributions txm_metrics = &txm_rw_data->metrics;
612*e3723e1fSApple OSS Distributions
613*e3723e1fSApple OSS Distributions /* Set code_signing_disabled based on read-only data */
614*e3723e1fSApple OSS Distributions code_signing_enabled = txm_ro_data->codeSigningDisabled == false;
615*e3723e1fSApple OSS Distributions
616*e3723e1fSApple OSS Distributions /* Set txm_cs_config based on read-only data */
617*e3723e1fSApple OSS Distributions txm_cs_config = &txm_ro_data->CSConfiguration;
618*e3723e1fSApple OSS Distributions
619*e3723e1fSApple OSS Distributions /* Only setup when REM is supported on the platform */
620*e3723e1fSApple OSS Distributions if (txm_cs_config->systemPolicy->featureSet.restrictedExecutionMode == true) {
621*e3723e1fSApple OSS Distributions txm_restricted_mode_state = txm_ro_data->restrictedModeState;
622*e3723e1fSApple OSS Distributions }
623*e3723e1fSApple OSS Distributions
624*e3723e1fSApple OSS Distributions /* Setup the number of boot trust caches */
625*e3723e1fSApple OSS Distributions num_static_trust_caches = os_atomic_load(&txm_metrics->trustCaches.numStatic, relaxed);
626*e3723e1fSApple OSS Distributions num_engineering_trust_caches = os_atomic_load(&txm_metrics->trustCaches.numEngineering, relaxed);
627*e3723e1fSApple OSS Distributions }
628*e3723e1fSApple OSS Distributions
629*e3723e1fSApple OSS Distributions static void
set_shared_region_base_address(void)630*e3723e1fSApple OSS Distributions set_shared_region_base_address(void)
631*e3723e1fSApple OSS Distributions {
632*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
633*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorSetSharedRegionBaseAddress,
634*e3723e1fSApple OSS Distributions .failure_fatal = true,
635*e3723e1fSApple OSS Distributions .num_input_args = 2,
636*e3723e1fSApple OSS Distributions };
637*e3723e1fSApple OSS Distributions
638*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call,
639*e3723e1fSApple OSS Distributions SHARED_REGION_BASE,
640*e3723e1fSApple OSS Distributions SHARED_REGION_SIZE);
641*e3723e1fSApple OSS Distributions }
642*e3723e1fSApple OSS Distributions
643*e3723e1fSApple OSS Distributions void
code_signing_init(void)644*e3723e1fSApple OSS Distributions code_signing_init(void)
645*e3723e1fSApple OSS Distributions {
646*e3723e1fSApple OSS Distributions printf("libTXM_KernelVersion: %u\n", libTrustedExecutionMonitor_KernelVersion);
647*e3723e1fSApple OSS Distributions printf("libTXM_Image4Version: %u\n", libTrustedExecutionMonitor_Image4Version);
648*e3723e1fSApple OSS Distributions
649*e3723e1fSApple OSS Distributions /* Setup the thread stacks used by TXM */
650*e3723e1fSApple OSS Distributions setup_thread_stacks();
651*e3723e1fSApple OSS Distributions
652*e3723e1fSApple OSS Distributions /* Setup the logging lock */
653*e3723e1fSApple OSS Distributions lck_mtx_init(&log_lock, &txm_lck_grp, 0);
654*e3723e1fSApple OSS Distributions
655*e3723e1fSApple OSS Distributions /* Setup TXM logging information */
656*e3723e1fSApple OSS Distributions get_logging_info();
657*e3723e1fSApple OSS Distributions
658*e3723e1fSApple OSS Distributions /* Setup code signing configuration */
659*e3723e1fSApple OSS Distributions get_code_signing_info();
660*e3723e1fSApple OSS Distributions
661*e3723e1fSApple OSS Distributions /* Setup all the other locks we need */
662*e3723e1fSApple OSS Distributions lck_mtx_init(&compilation_service_lock, &txm_lck_grp, 0);
663*e3723e1fSApple OSS Distributions lck_mtx_init(&unregister_sync_lock, &txm_lck_grp, 0);
664*e3723e1fSApple OSS Distributions
665*e3723e1fSApple OSS Distributions /*
666*e3723e1fSApple OSS Distributions * We need to let TXM know what the shared region base address is going
667*e3723e1fSApple OSS Distributions * to be for this boot.
668*e3723e1fSApple OSS Distributions */
669*e3723e1fSApple OSS Distributions set_shared_region_base_address();
670*e3723e1fSApple OSS Distributions
671*e3723e1fSApple OSS Distributions /* Require signed code when monitor is enabled */
672*e3723e1fSApple OSS Distributions if (code_signing_enabled == true) {
673*e3723e1fSApple OSS Distributions cs_debug_fail_on_unsigned_code = 1;
674*e3723e1fSApple OSS Distributions }
675*e3723e1fSApple OSS Distributions }
676*e3723e1fSApple OSS Distributions
677*e3723e1fSApple OSS Distributions void
txm_enter_lockdown_mode(void)678*e3723e1fSApple OSS Distributions txm_enter_lockdown_mode(void)
679*e3723e1fSApple OSS Distributions {
680*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
681*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorEnterLockdownMode,
682*e3723e1fSApple OSS Distributions .failure_fatal = true,
683*e3723e1fSApple OSS Distributions };
684*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call);
685*e3723e1fSApple OSS Distributions }
686*e3723e1fSApple OSS Distributions
687*e3723e1fSApple OSS Distributions kern_return_t
txm_secure_channel_shared_page(uint64_t * secure_channel_phys,size_t * secure_channel_size)688*e3723e1fSApple OSS Distributions txm_secure_channel_shared_page(
689*e3723e1fSApple OSS Distributions uint64_t *secure_channel_phys,
690*e3723e1fSApple OSS Distributions size_t *secure_channel_size)
691*e3723e1fSApple OSS Distributions {
692*e3723e1fSApple OSS Distributions #if kTXMKernelAPIVersion >= 5
693*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
694*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorGetSecureChannelAddr,
695*e3723e1fSApple OSS Distributions .num_output_args = 2
696*e3723e1fSApple OSS Distributions };
697*e3723e1fSApple OSS Distributions
698*e3723e1fSApple OSS Distributions kern_return_t ret = txm_kernel_call(&txm_call);
699*e3723e1fSApple OSS Distributions if (ret == KERN_NOT_SUPPORTED) {
700*e3723e1fSApple OSS Distributions return ret;
701*e3723e1fSApple OSS Distributions } else if (ret != KERN_SUCCESS) {
702*e3723e1fSApple OSS Distributions panic("unexpected failure for TXM secure channel: %d", ret);
703*e3723e1fSApple OSS Distributions }
704*e3723e1fSApple OSS Distributions
705*e3723e1fSApple OSS Distributions /* Return the physical address */
706*e3723e1fSApple OSS Distributions if (secure_channel_phys != NULL) {
707*e3723e1fSApple OSS Distributions *secure_channel_phys = txm_call.return_words[0];
708*e3723e1fSApple OSS Distributions }
709*e3723e1fSApple OSS Distributions
710*e3723e1fSApple OSS Distributions /* Return the size */
711*e3723e1fSApple OSS Distributions if (secure_channel_size != NULL) {
712*e3723e1fSApple OSS Distributions *secure_channel_size = txm_call.return_words[1];
713*e3723e1fSApple OSS Distributions }
714*e3723e1fSApple OSS Distributions
715*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
716*e3723e1fSApple OSS Distributions #else
717*e3723e1fSApple OSS Distributions (void)secure_channel_phys;
718*e3723e1fSApple OSS Distributions (void)secure_channel_size;
719*e3723e1fSApple OSS Distributions return KERN_NOT_SUPPORTED;
720*e3723e1fSApple OSS Distributions #endif
721*e3723e1fSApple OSS Distributions }
722*e3723e1fSApple OSS Distributions
723*e3723e1fSApple OSS Distributions #pragma mark Developer Mode
724*e3723e1fSApple OSS Distributions
725*e3723e1fSApple OSS Distributions void
txm_toggle_developer_mode(bool state)726*e3723e1fSApple OSS Distributions txm_toggle_developer_mode(bool state)
727*e3723e1fSApple OSS Distributions {
728*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
729*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorDeveloperModeToggle,
730*e3723e1fSApple OSS Distributions .failure_fatal = true,
731*e3723e1fSApple OSS Distributions .num_input_args = 1
732*e3723e1fSApple OSS Distributions };
733*e3723e1fSApple OSS Distributions
734*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, state);
735*e3723e1fSApple OSS Distributions }
736*e3723e1fSApple OSS Distributions
737*e3723e1fSApple OSS Distributions #pragma mark Restricted Execution Mode
738*e3723e1fSApple OSS Distributions
739*e3723e1fSApple OSS Distributions kern_return_t
txm_rem_enable(void)740*e3723e1fSApple OSS Distributions txm_rem_enable(void)
741*e3723e1fSApple OSS Distributions {
742*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
743*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorEnableRestrictedMode
744*e3723e1fSApple OSS Distributions };
745*e3723e1fSApple OSS Distributions return txm_kernel_call(&txm_call);
746*e3723e1fSApple OSS Distributions }
747*e3723e1fSApple OSS Distributions
748*e3723e1fSApple OSS Distributions kern_return_t
txm_rem_state(void)749*e3723e1fSApple OSS Distributions txm_rem_state(void)
750*e3723e1fSApple OSS Distributions {
751*e3723e1fSApple OSS Distributions if (txm_restricted_mode_state == NULL) {
752*e3723e1fSApple OSS Distributions return KERN_NOT_SUPPORTED;
753*e3723e1fSApple OSS Distributions }
754*e3723e1fSApple OSS Distributions
755*e3723e1fSApple OSS Distributions CSReturn_t cs_ret = restrictedModeStatus(txm_restricted_mode_state);
756*e3723e1fSApple OSS Distributions if (cs_ret.error == kCSReturnSuccess) {
757*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
758*e3723e1fSApple OSS Distributions }
759*e3723e1fSApple OSS Distributions return KERN_DENIED;
760*e3723e1fSApple OSS Distributions }
761*e3723e1fSApple OSS Distributions
762*e3723e1fSApple OSS Distributions #pragma mark Device State
763*e3723e1fSApple OSS Distributions
764*e3723e1fSApple OSS Distributions void
txm_update_device_state(void)765*e3723e1fSApple OSS Distributions txm_update_device_state(void)
766*e3723e1fSApple OSS Distributions {
767*e3723e1fSApple OSS Distributions #if kTXMKernelAPIVersion >= 6
768*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
769*e3723e1fSApple OSS Distributions .selector = kTXMSelectorUpdateDeviceState,
770*e3723e1fSApple OSS Distributions .failure_fatal = true
771*e3723e1fSApple OSS Distributions };
772*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call);
773*e3723e1fSApple OSS Distributions #endif
774*e3723e1fSApple OSS Distributions }
775*e3723e1fSApple OSS Distributions
776*e3723e1fSApple OSS Distributions void
txm_complete_security_boot_mode(__unused uint32_t security_boot_mode)777*e3723e1fSApple OSS Distributions txm_complete_security_boot_mode(
778*e3723e1fSApple OSS Distributions __unused uint32_t security_boot_mode)
779*e3723e1fSApple OSS Distributions {
780*e3723e1fSApple OSS Distributions #if kTXMKernelAPIVersion >= 6
781*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
782*e3723e1fSApple OSS Distributions .selector = kTXMSelectorCompleteSecurityBootMode,
783*e3723e1fSApple OSS Distributions .num_input_args = 1,
784*e3723e1fSApple OSS Distributions .failure_fatal = true
785*e3723e1fSApple OSS Distributions };
786*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, security_boot_mode);
787*e3723e1fSApple OSS Distributions #endif
788*e3723e1fSApple OSS Distributions }
789*e3723e1fSApple OSS Distributions
790*e3723e1fSApple OSS Distributions #pragma mark Code Signing and Provisioning Profiles
791*e3723e1fSApple OSS Distributions
792*e3723e1fSApple OSS Distributions bool
txm_code_signing_enabled(void)793*e3723e1fSApple OSS Distributions txm_code_signing_enabled(void)
794*e3723e1fSApple OSS Distributions {
795*e3723e1fSApple OSS Distributions return code_signing_enabled;
796*e3723e1fSApple OSS Distributions }
797*e3723e1fSApple OSS Distributions
798*e3723e1fSApple OSS Distributions vm_size_t
txm_managed_code_signature_size(void)799*e3723e1fSApple OSS Distributions txm_managed_code_signature_size(void)
800*e3723e1fSApple OSS Distributions {
801*e3723e1fSApple OSS Distributions return managed_signature_size;
802*e3723e1fSApple OSS Distributions }
803*e3723e1fSApple OSS Distributions
804*e3723e1fSApple OSS Distributions kern_return_t
txm_register_provisioning_profile(const void * profile_blob,const size_t profile_blob_size,void ** profile_obj)805*e3723e1fSApple OSS Distributions txm_register_provisioning_profile(
806*e3723e1fSApple OSS Distributions const void *profile_blob,
807*e3723e1fSApple OSS Distributions const size_t profile_blob_size,
808*e3723e1fSApple OSS Distributions void **profile_obj)
809*e3723e1fSApple OSS Distributions {
810*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
811*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorRegisterProvisioningProfile,
812*e3723e1fSApple OSS Distributions .num_input_args = 2,
813*e3723e1fSApple OSS Distributions .num_output_args = 1
814*e3723e1fSApple OSS Distributions };
815*e3723e1fSApple OSS Distributions vm_address_t payload_addr = 0;
816*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
817*e3723e1fSApple OSS Distributions
818*e3723e1fSApple OSS Distributions /* We need to allocate page-wise in order to transfer the range to TXM */
819*e3723e1fSApple OSS Distributions ret = kmem_alloc(kernel_map, &payload_addr, profile_blob_size,
820*e3723e1fSApple OSS Distributions KMA_KOBJECT | KMA_DATA, VM_KERN_MEMORY_SECURITY);
821*e3723e1fSApple OSS Distributions if (ret != KERN_SUCCESS) {
822*e3723e1fSApple OSS Distributions printf("unable to allocate memory for profile payload: %d\n", ret);
823*e3723e1fSApple OSS Distributions goto exit;
824*e3723e1fSApple OSS Distributions }
825*e3723e1fSApple OSS Distributions
826*e3723e1fSApple OSS Distributions /* Copy the contents into the allocation */
827*e3723e1fSApple OSS Distributions memcpy((void*)payload_addr, profile_blob, profile_blob_size);
828*e3723e1fSApple OSS Distributions
829*e3723e1fSApple OSS Distributions /* Transfer the memory range to TXM */
830*e3723e1fSApple OSS Distributions txm_transfer_region(payload_addr, profile_blob_size);
831*e3723e1fSApple OSS Distributions
832*e3723e1fSApple OSS Distributions ret = txm_kernel_call(&txm_call, payload_addr, profile_blob_size);
833*e3723e1fSApple OSS Distributions if (ret == KERN_SUCCESS) {
834*e3723e1fSApple OSS Distributions *profile_obj = (void*)txm_call.return_words[0];
835*e3723e1fSApple OSS Distributions }
836*e3723e1fSApple OSS Distributions
837*e3723e1fSApple OSS Distributions exit:
838*e3723e1fSApple OSS Distributions if ((ret != KERN_SUCCESS) && (payload_addr != 0)) {
839*e3723e1fSApple OSS Distributions /* Reclaim this memory range */
840*e3723e1fSApple OSS Distributions txm_reclaim_region(payload_addr, profile_blob_size);
841*e3723e1fSApple OSS Distributions
842*e3723e1fSApple OSS Distributions /* Free the memory range */
843*e3723e1fSApple OSS Distributions kmem_free(kernel_map, payload_addr, profile_blob_size);
844*e3723e1fSApple OSS Distributions payload_addr = 0;
845*e3723e1fSApple OSS Distributions }
846*e3723e1fSApple OSS Distributions
847*e3723e1fSApple OSS Distributions return ret;
848*e3723e1fSApple OSS Distributions }
849*e3723e1fSApple OSS Distributions
850*e3723e1fSApple OSS Distributions kern_return_t
txm_trust_provisioning_profile(__unused void * profile_obj,__unused const void * sig_data,__unused size_t sig_size)851*e3723e1fSApple OSS Distributions txm_trust_provisioning_profile(
852*e3723e1fSApple OSS Distributions __unused void *profile_obj,
853*e3723e1fSApple OSS Distributions __unused const void *sig_data,
854*e3723e1fSApple OSS Distributions __unused size_t sig_size)
855*e3723e1fSApple OSS Distributions {
856*e3723e1fSApple OSS Distributions #if kTXMKernelAPIVersion >= 7
857*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
858*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorTrustProvisioningProfile,
859*e3723e1fSApple OSS Distributions .num_input_args = 3
860*e3723e1fSApple OSS Distributions };
861*e3723e1fSApple OSS Distributions
862*e3723e1fSApple OSS Distributions return txm_kernel_call(&txm_call, profile_obj, sig_data, sig_size);
863*e3723e1fSApple OSS Distributions #else
864*e3723e1fSApple OSS Distributions /* The TXM selector hasn't yet landed */
865*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
866*e3723e1fSApple OSS Distributions #endif
867*e3723e1fSApple OSS Distributions }
868*e3723e1fSApple OSS Distributions
869*e3723e1fSApple OSS Distributions kern_return_t
txm_unregister_provisioning_profile(void * profile_obj)870*e3723e1fSApple OSS Distributions txm_unregister_provisioning_profile(
871*e3723e1fSApple OSS Distributions void *profile_obj)
872*e3723e1fSApple OSS Distributions {
873*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
874*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorUnregisterProvisioningProfile,
875*e3723e1fSApple OSS Distributions .num_input_args = 1,
876*e3723e1fSApple OSS Distributions .num_output_args = 2
877*e3723e1fSApple OSS Distributions };
878*e3723e1fSApple OSS Distributions vm_address_t profile_addr = 0;
879*e3723e1fSApple OSS Distributions vm_size_t profile_size = 0;
880*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
881*e3723e1fSApple OSS Distributions
882*e3723e1fSApple OSS Distributions ret = txm_kernel_call(&txm_call, profile_obj);
883*e3723e1fSApple OSS Distributions if (ret != KERN_SUCCESS) {
884*e3723e1fSApple OSS Distributions return ret;
885*e3723e1fSApple OSS Distributions }
886*e3723e1fSApple OSS Distributions
887*e3723e1fSApple OSS Distributions profile_addr = txm_call.return_words[0];
888*e3723e1fSApple OSS Distributions profile_size = txm_call.return_words[1];
889*e3723e1fSApple OSS Distributions
890*e3723e1fSApple OSS Distributions /* Reclaim this memory range */
891*e3723e1fSApple OSS Distributions txm_reclaim_region(profile_addr, profile_size);
892*e3723e1fSApple OSS Distributions
893*e3723e1fSApple OSS Distributions /* Free the memory range */
894*e3723e1fSApple OSS Distributions kmem_free(kernel_map, profile_addr, profile_size);
895*e3723e1fSApple OSS Distributions
896*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
897*e3723e1fSApple OSS Distributions }
898*e3723e1fSApple OSS Distributions
899*e3723e1fSApple OSS Distributions kern_return_t
txm_associate_provisioning_profile(void * sig_obj,void * profile_obj)900*e3723e1fSApple OSS Distributions txm_associate_provisioning_profile(
901*e3723e1fSApple OSS Distributions void *sig_obj,
902*e3723e1fSApple OSS Distributions void *profile_obj)
903*e3723e1fSApple OSS Distributions {
904*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
905*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorAssociateProvisioningProfile,
906*e3723e1fSApple OSS Distributions .num_input_args = 2,
907*e3723e1fSApple OSS Distributions };
908*e3723e1fSApple OSS Distributions
909*e3723e1fSApple OSS Distributions return txm_kernel_call(&txm_call, sig_obj, profile_obj);
910*e3723e1fSApple OSS Distributions }
911*e3723e1fSApple OSS Distributions
912*e3723e1fSApple OSS Distributions kern_return_t
txm_disassociate_provisioning_profile(void * sig_obj)913*e3723e1fSApple OSS Distributions txm_disassociate_provisioning_profile(
914*e3723e1fSApple OSS Distributions void *sig_obj)
915*e3723e1fSApple OSS Distributions {
916*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
917*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorDisassociateProvisioningProfile,
918*e3723e1fSApple OSS Distributions .num_input_args = 1,
919*e3723e1fSApple OSS Distributions };
920*e3723e1fSApple OSS Distributions
921*e3723e1fSApple OSS Distributions /*
922*e3723e1fSApple OSS Distributions * Take the unregistration sync lock.
923*e3723e1fSApple OSS Distributions * For more information: rdar://99205627.
924*e3723e1fSApple OSS Distributions */
925*e3723e1fSApple OSS Distributions lck_mtx_lock(&unregister_sync_lock);
926*e3723e1fSApple OSS Distributions
927*e3723e1fSApple OSS Distributions /* Disassociate the profile from the signature */
928*e3723e1fSApple OSS Distributions kern_return_t ret = txm_kernel_call(&txm_call, sig_obj);
929*e3723e1fSApple OSS Distributions
930*e3723e1fSApple OSS Distributions /* Release the unregistration sync lock */
931*e3723e1fSApple OSS Distributions lck_mtx_unlock(&unregister_sync_lock);
932*e3723e1fSApple OSS Distributions
933*e3723e1fSApple OSS Distributions return ret;
934*e3723e1fSApple OSS Distributions }
935*e3723e1fSApple OSS Distributions
936*e3723e1fSApple OSS Distributions void
txm_set_compilation_service_cdhash(const uint8_t cdhash[CS_CDHASH_LEN])937*e3723e1fSApple OSS Distributions txm_set_compilation_service_cdhash(
938*e3723e1fSApple OSS Distributions const uint8_t cdhash[CS_CDHASH_LEN])
939*e3723e1fSApple OSS Distributions {
940*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
941*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorAuthorizeCompilationServiceCDHash,
942*e3723e1fSApple OSS Distributions .num_input_args = 1,
943*e3723e1fSApple OSS Distributions };
944*e3723e1fSApple OSS Distributions
945*e3723e1fSApple OSS Distributions lck_mtx_lock(&compilation_service_lock);
946*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, cdhash);
947*e3723e1fSApple OSS Distributions lck_mtx_unlock(&compilation_service_lock);
948*e3723e1fSApple OSS Distributions }
949*e3723e1fSApple OSS Distributions
950*e3723e1fSApple OSS Distributions bool
txm_match_compilation_service_cdhash(const uint8_t cdhash[CS_CDHASH_LEN])951*e3723e1fSApple OSS Distributions txm_match_compilation_service_cdhash(
952*e3723e1fSApple OSS Distributions const uint8_t cdhash[CS_CDHASH_LEN])
953*e3723e1fSApple OSS Distributions {
954*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
955*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorMatchCompilationServiceCDHash,
956*e3723e1fSApple OSS Distributions .failure_silent = true,
957*e3723e1fSApple OSS Distributions .num_input_args = 1,
958*e3723e1fSApple OSS Distributions .num_output_args = 1,
959*e3723e1fSApple OSS Distributions };
960*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
961*e3723e1fSApple OSS Distributions
962*e3723e1fSApple OSS Distributions /* Be safe and take the lock (avoid thread collisions) */
963*e3723e1fSApple OSS Distributions lck_mtx_lock(&compilation_service_lock);
964*e3723e1fSApple OSS Distributions ret = txm_kernel_call(&txm_call, cdhash);
965*e3723e1fSApple OSS Distributions lck_mtx_unlock(&compilation_service_lock);
966*e3723e1fSApple OSS Distributions
967*e3723e1fSApple OSS Distributions if (ret == KERN_SUCCESS) {
968*e3723e1fSApple OSS Distributions return true;
969*e3723e1fSApple OSS Distributions }
970*e3723e1fSApple OSS Distributions return false;
971*e3723e1fSApple OSS Distributions }
972*e3723e1fSApple OSS Distributions
973*e3723e1fSApple OSS Distributions void
txm_set_local_signing_public_key(const uint8_t public_key[XNU_LOCAL_SIGNING_KEY_SIZE])974*e3723e1fSApple OSS Distributions txm_set_local_signing_public_key(
975*e3723e1fSApple OSS Distributions const uint8_t public_key[XNU_LOCAL_SIGNING_KEY_SIZE])
976*e3723e1fSApple OSS Distributions {
977*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
978*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorSetLocalSigningPublicKey,
979*e3723e1fSApple OSS Distributions .num_input_args = 1,
980*e3723e1fSApple OSS Distributions };
981*e3723e1fSApple OSS Distributions
982*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, public_key);
983*e3723e1fSApple OSS Distributions }
984*e3723e1fSApple OSS Distributions
985*e3723e1fSApple OSS Distributions uint8_t*
txm_get_local_signing_public_key(void)986*e3723e1fSApple OSS Distributions txm_get_local_signing_public_key(void)
987*e3723e1fSApple OSS Distributions {
988*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
989*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorGetLocalSigningPublicKey,
990*e3723e1fSApple OSS Distributions .num_output_args = 1,
991*e3723e1fSApple OSS Distributions };
992*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
993*e3723e1fSApple OSS Distributions
994*e3723e1fSApple OSS Distributions ret = txm_kernel_call(&txm_call);
995*e3723e1fSApple OSS Distributions if (ret != KERN_SUCCESS) {
996*e3723e1fSApple OSS Distributions return NULL;
997*e3723e1fSApple OSS Distributions }
998*e3723e1fSApple OSS Distributions
999*e3723e1fSApple OSS Distributions return (uint8_t*)txm_call.return_words[0];
1000*e3723e1fSApple OSS Distributions }
1001*e3723e1fSApple OSS Distributions
1002*e3723e1fSApple OSS Distributions void
txm_unrestrict_local_signing_cdhash(const uint8_t cdhash[CS_CDHASH_LEN])1003*e3723e1fSApple OSS Distributions txm_unrestrict_local_signing_cdhash(
1004*e3723e1fSApple OSS Distributions const uint8_t cdhash[CS_CDHASH_LEN])
1005*e3723e1fSApple OSS Distributions {
1006*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1007*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorAuthorizeLocalSigningCDHash,
1008*e3723e1fSApple OSS Distributions .num_input_args = 1,
1009*e3723e1fSApple OSS Distributions };
1010*e3723e1fSApple OSS Distributions
1011*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, cdhash);
1012*e3723e1fSApple OSS Distributions }
1013*e3723e1fSApple OSS Distributions
1014*e3723e1fSApple OSS Distributions kern_return_t
txm_register_code_signature(const vm_address_t signature_addr,const vm_size_t signature_size,const vm_offset_t code_directory_offset,const char * signature_path,void ** sig_obj,vm_address_t * txm_signature_addr)1015*e3723e1fSApple OSS Distributions txm_register_code_signature(
1016*e3723e1fSApple OSS Distributions const vm_address_t signature_addr,
1017*e3723e1fSApple OSS Distributions const vm_size_t signature_size,
1018*e3723e1fSApple OSS Distributions const vm_offset_t code_directory_offset,
1019*e3723e1fSApple OSS Distributions const char *signature_path,
1020*e3723e1fSApple OSS Distributions void **sig_obj,
1021*e3723e1fSApple OSS Distributions vm_address_t *txm_signature_addr)
1022*e3723e1fSApple OSS Distributions {
1023*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1024*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorRegisterCodeSignature,
1025*e3723e1fSApple OSS Distributions .num_input_args = 3,
1026*e3723e1fSApple OSS Distributions .num_output_args = 2,
1027*e3723e1fSApple OSS Distributions };
1028*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
1029*e3723e1fSApple OSS Distributions
1030*e3723e1fSApple OSS Distributions /*
1031*e3723e1fSApple OSS Distributions * TXM performs more exhaustive validation of the code signature and figures
1032*e3723e1fSApple OSS Distributions * out the best code directory to use on its own. As a result, this offset here
1033*e3723e1fSApple OSS Distributions * is not used.
1034*e3723e1fSApple OSS Distributions */
1035*e3723e1fSApple OSS Distributions (void)code_directory_offset;
1036*e3723e1fSApple OSS Distributions
1037*e3723e1fSApple OSS Distributions /*
1038*e3723e1fSApple OSS Distributions * If the signature is large enough to not fit within TXM's managed signature
1039*e3723e1fSApple OSS Distributions * size, then we need to transfer it over so it is owned by TXM.
1040*e3723e1fSApple OSS Distributions */
1041*e3723e1fSApple OSS Distributions if (signature_size > txm_managed_code_signature_size()) {
1042*e3723e1fSApple OSS Distributions txm_transfer_region(signature_addr, signature_size);
1043*e3723e1fSApple OSS Distributions }
1044*e3723e1fSApple OSS Distributions
1045*e3723e1fSApple OSS Distributions ret = txm_kernel_call(
1046*e3723e1fSApple OSS Distributions &txm_call,
1047*e3723e1fSApple OSS Distributions signature_addr,
1048*e3723e1fSApple OSS Distributions signature_size,
1049*e3723e1fSApple OSS Distributions signature_path);
1050*e3723e1fSApple OSS Distributions
1051*e3723e1fSApple OSS Distributions if (ret != KERN_SUCCESS) {
1052*e3723e1fSApple OSS Distributions goto exit;
1053*e3723e1fSApple OSS Distributions }
1054*e3723e1fSApple OSS Distributions
1055*e3723e1fSApple OSS Distributions *sig_obj = (void*)txm_call.return_words[0];
1056*e3723e1fSApple OSS Distributions *txm_signature_addr = txm_call.return_words[1];
1057*e3723e1fSApple OSS Distributions
1058*e3723e1fSApple OSS Distributions exit:
1059*e3723e1fSApple OSS Distributions if ((ret != KERN_SUCCESS) && (signature_size > txm_managed_code_signature_size())) {
1060*e3723e1fSApple OSS Distributions txm_reclaim_region(signature_addr, signature_size);
1061*e3723e1fSApple OSS Distributions }
1062*e3723e1fSApple OSS Distributions
1063*e3723e1fSApple OSS Distributions return ret;
1064*e3723e1fSApple OSS Distributions }
1065*e3723e1fSApple OSS Distributions
1066*e3723e1fSApple OSS Distributions kern_return_t
txm_unregister_code_signature(void * sig_obj)1067*e3723e1fSApple OSS Distributions txm_unregister_code_signature(
1068*e3723e1fSApple OSS Distributions void *sig_obj)
1069*e3723e1fSApple OSS Distributions {
1070*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1071*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorUnregisterCodeSignature,
1072*e3723e1fSApple OSS Distributions .failure_fatal = true,
1073*e3723e1fSApple OSS Distributions .num_input_args = 1,
1074*e3723e1fSApple OSS Distributions .num_output_args = 2,
1075*e3723e1fSApple OSS Distributions };
1076*e3723e1fSApple OSS Distributions TXMCodeSignature_t *cs_obj = sig_obj;
1077*e3723e1fSApple OSS Distributions vm_address_t signature_addr = 0;
1078*e3723e1fSApple OSS Distributions vm_size_t signature_size = 0;
1079*e3723e1fSApple OSS Distributions bool txm_managed = false;
1080*e3723e1fSApple OSS Distributions
1081*e3723e1fSApple OSS Distributions /*
1082*e3723e1fSApple OSS Distributions * Unregistering a code signature can cause lock contention in TXM against a
1083*e3723e1fSApple OSS Distributions * set of other functions. The unregistration operation is very common when the
1084*e3723e1fSApple OSS Distributions * system is about to reboot because the VFS layer unmounts all volumes.
1085*e3723e1fSApple OSS Distributions *
1086*e3723e1fSApple OSS Distributions * In order to avoid this issue, we detect if the code signature in question
1087*e3723e1fSApple OSS Distributions * has been mapped in other address spaces, and if so, we avoid unregistering
1088*e3723e1fSApple OSS Distributions * the code signature when we're about to shut down. This leaks memory, but
1089*e3723e1fSApple OSS Distributions * we're about to shut down.
1090*e3723e1fSApple OSS Distributions */
1091*e3723e1fSApple OSS Distributions if ((cs_obj->referenceCount > 0) && (get_system_inshutdown() != 0)) {
1092*e3723e1fSApple OSS Distributions printf("TXM [XNU]: unregistration of signature skipped as system is in shutdown\n");
1093*e3723e1fSApple OSS Distributions return KERN_ABORTED;
1094*e3723e1fSApple OSS Distributions }
1095*e3723e1fSApple OSS Distributions
1096*e3723e1fSApple OSS Distributions /* Check if the signature memory is TXM managed */
1097*e3723e1fSApple OSS Distributions txm_managed = cs_obj->sptmType != TXM_BULK_DATA;
1098*e3723e1fSApple OSS Distributions
1099*e3723e1fSApple OSS Distributions /*
1100*e3723e1fSApple OSS Distributions * Take the unregistration sync lock.
1101*e3723e1fSApple OSS Distributions * For more information: rdar://99205627.
1102*e3723e1fSApple OSS Distributions */
1103*e3723e1fSApple OSS Distributions lck_mtx_lock(&unregister_sync_lock);
1104*e3723e1fSApple OSS Distributions
1105*e3723e1fSApple OSS Distributions /* Unregister the signature from TXM -- cannot fail */
1106*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, sig_obj);
1107*e3723e1fSApple OSS Distributions
1108*e3723e1fSApple OSS Distributions /* Release the unregistration sync lock */
1109*e3723e1fSApple OSS Distributions lck_mtx_unlock(&unregister_sync_lock);
1110*e3723e1fSApple OSS Distributions
1111*e3723e1fSApple OSS Distributions signature_addr = txm_call.return_words[0];
1112*e3723e1fSApple OSS Distributions signature_size = txm_call.return_words[1];
1113*e3723e1fSApple OSS Distributions
1114*e3723e1fSApple OSS Distributions /* Reclaim the memory range in case we need to */
1115*e3723e1fSApple OSS Distributions if (txm_managed == false) {
1116*e3723e1fSApple OSS Distributions txm_reclaim_region(signature_addr, signature_size);
1117*e3723e1fSApple OSS Distributions }
1118*e3723e1fSApple OSS Distributions
1119*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
1120*e3723e1fSApple OSS Distributions }
1121*e3723e1fSApple OSS Distributions
1122*e3723e1fSApple OSS Distributions kern_return_t
txm_verify_code_signature(void * sig_obj,uint32_t * trust_level)1123*e3723e1fSApple OSS Distributions txm_verify_code_signature(
1124*e3723e1fSApple OSS Distributions void *sig_obj,
1125*e3723e1fSApple OSS Distributions uint32_t *trust_level)
1126*e3723e1fSApple OSS Distributions {
1127*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1128*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorValidateCodeSignature,
1129*e3723e1fSApple OSS Distributions .num_input_args = 1,
1130*e3723e1fSApple OSS Distributions };
1131*e3723e1fSApple OSS Distributions kern_return_t ret = txm_kernel_call(&txm_call, sig_obj);
1132*e3723e1fSApple OSS Distributions
1133*e3723e1fSApple OSS Distributions if ((ret == KERN_SUCCESS) && (trust_level != NULL)) {
1134*e3723e1fSApple OSS Distributions /*
1135*e3723e1fSApple OSS Distributions * Abolsutely gross, but it's not worth linking all of libCodeSignature just for
1136*e3723e1fSApple OSS Distributions * this simple change. We should either return the trust level from TXM, or when
1137*e3723e1fSApple OSS Distributions * we adopt libCodeSignature more broadly, then use an accessor function.
1138*e3723e1fSApple OSS Distributions */
1139*e3723e1fSApple OSS Distributions *trust_level = ((TXMCodeSignature_t*)sig_obj)->sig.trustLevel;
1140*e3723e1fSApple OSS Distributions }
1141*e3723e1fSApple OSS Distributions return ret;
1142*e3723e1fSApple OSS Distributions }
1143*e3723e1fSApple OSS Distributions
1144*e3723e1fSApple OSS Distributions kern_return_t
txm_reconstitute_code_signature(void * sig_obj,vm_address_t * unneeded_addr,vm_size_t * unneeded_size)1145*e3723e1fSApple OSS Distributions txm_reconstitute_code_signature(
1146*e3723e1fSApple OSS Distributions void *sig_obj,
1147*e3723e1fSApple OSS Distributions vm_address_t *unneeded_addr,
1148*e3723e1fSApple OSS Distributions vm_size_t *unneeded_size)
1149*e3723e1fSApple OSS Distributions {
1150*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1151*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorReconstituteCodeSignature,
1152*e3723e1fSApple OSS Distributions .failure_fatal = true,
1153*e3723e1fSApple OSS Distributions .num_input_args = 1,
1154*e3723e1fSApple OSS Distributions .num_output_args = 2,
1155*e3723e1fSApple OSS Distributions };
1156*e3723e1fSApple OSS Distributions vm_address_t return_addr = 0;
1157*e3723e1fSApple OSS Distributions vm_size_t return_size = 0;
1158*e3723e1fSApple OSS Distributions
1159*e3723e1fSApple OSS Distributions /* Reconstitute the code signature -- cannot fail */
1160*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, sig_obj);
1161*e3723e1fSApple OSS Distributions
1162*e3723e1fSApple OSS Distributions return_addr = txm_call.return_words[0];
1163*e3723e1fSApple OSS Distributions return_size = txm_call.return_words[1];
1164*e3723e1fSApple OSS Distributions
1165*e3723e1fSApple OSS Distributions /* Reclaim the memory region if we need to */
1166*e3723e1fSApple OSS Distributions if ((return_addr != 0) && (return_size != 0)) {
1167*e3723e1fSApple OSS Distributions txm_reclaim_region(return_addr, return_size);
1168*e3723e1fSApple OSS Distributions }
1169*e3723e1fSApple OSS Distributions
1170*e3723e1fSApple OSS Distributions *unneeded_addr = return_addr;
1171*e3723e1fSApple OSS Distributions *unneeded_size = return_size;
1172*e3723e1fSApple OSS Distributions
1173*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
1174*e3723e1fSApple OSS Distributions }
1175*e3723e1fSApple OSS Distributions
1176*e3723e1fSApple OSS Distributions #pragma mark Address Spaces
1177*e3723e1fSApple OSS Distributions
1178*e3723e1fSApple OSS Distributions kern_return_t
txm_register_address_space(pmap_t pmap,uint16_t addr_space_id,TXMAddressSpaceFlags_t flags)1179*e3723e1fSApple OSS Distributions txm_register_address_space(
1180*e3723e1fSApple OSS Distributions pmap_t pmap,
1181*e3723e1fSApple OSS Distributions uint16_t addr_space_id,
1182*e3723e1fSApple OSS Distributions TXMAddressSpaceFlags_t flags)
1183*e3723e1fSApple OSS Distributions {
1184*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1185*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorRegisterAddressSpace,
1186*e3723e1fSApple OSS Distributions .failure_fatal = true,
1187*e3723e1fSApple OSS Distributions .num_input_args = 2,
1188*e3723e1fSApple OSS Distributions .num_output_args = 1,
1189*e3723e1fSApple OSS Distributions };
1190*e3723e1fSApple OSS Distributions TXMAddressSpace_t *txm_addr_space = NULL;
1191*e3723e1fSApple OSS Distributions
1192*e3723e1fSApple OSS Distributions /* Register the address space -- cannot fail */
1193*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, addr_space_id, flags);
1194*e3723e1fSApple OSS Distributions
1195*e3723e1fSApple OSS Distributions /* Set the address space object within the PMAP */
1196*e3723e1fSApple OSS Distributions txm_addr_space = (TXMAddressSpace_t*)txm_call.return_words[0];
1197*e3723e1fSApple OSS Distributions pmap_txm_set_addr_space(pmap, txm_addr_space);
1198*e3723e1fSApple OSS Distributions
1199*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
1200*e3723e1fSApple OSS Distributions }
1201*e3723e1fSApple OSS Distributions
1202*e3723e1fSApple OSS Distributions kern_return_t
txm_unregister_address_space(pmap_t pmap)1203*e3723e1fSApple OSS Distributions txm_unregister_address_space(
1204*e3723e1fSApple OSS Distributions pmap_t pmap)
1205*e3723e1fSApple OSS Distributions {
1206*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1207*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorUnregisterAddressSpace,
1208*e3723e1fSApple OSS Distributions .failure_fatal = true,
1209*e3723e1fSApple OSS Distributions .num_input_args = 1,
1210*e3723e1fSApple OSS Distributions };
1211*e3723e1fSApple OSS Distributions TXMAddressSpace_t *txm_addr_space = pmap_txm_addr_space(pmap);
1212*e3723e1fSApple OSS Distributions
1213*e3723e1fSApple OSS Distributions /*
1214*e3723e1fSApple OSS Distributions * Take the unregistration sync lock.
1215*e3723e1fSApple OSS Distributions * For more information: rdar://99205627.
1216*e3723e1fSApple OSS Distributions */
1217*e3723e1fSApple OSS Distributions lck_mtx_lock(&unregister_sync_lock);
1218*e3723e1fSApple OSS Distributions
1219*e3723e1fSApple OSS Distributions /* Unregister the address space -- cannot fail */
1220*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, txm_addr_space);
1221*e3723e1fSApple OSS Distributions
1222*e3723e1fSApple OSS Distributions /* Release the unregistration sync lock */
1223*e3723e1fSApple OSS Distributions lck_mtx_unlock(&unregister_sync_lock);
1224*e3723e1fSApple OSS Distributions
1225*e3723e1fSApple OSS Distributions /* Remove the address space from the pmap */
1226*e3723e1fSApple OSS Distributions pmap_txm_set_addr_space(pmap, NULL);
1227*e3723e1fSApple OSS Distributions
1228*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
1229*e3723e1fSApple OSS Distributions }
1230*e3723e1fSApple OSS Distributions
1231*e3723e1fSApple OSS Distributions kern_return_t
txm_associate_code_signature(pmap_t pmap,void * sig_obj,const vm_address_t region_addr,const vm_size_t region_size,const vm_offset_t region_offset)1232*e3723e1fSApple OSS Distributions txm_associate_code_signature(
1233*e3723e1fSApple OSS Distributions pmap_t pmap,
1234*e3723e1fSApple OSS Distributions void *sig_obj,
1235*e3723e1fSApple OSS Distributions const vm_address_t region_addr,
1236*e3723e1fSApple OSS Distributions const vm_size_t region_size,
1237*e3723e1fSApple OSS Distributions const vm_offset_t region_offset)
1238*e3723e1fSApple OSS Distributions {
1239*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1240*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorAssociateCodeSignature,
1241*e3723e1fSApple OSS Distributions .num_input_args = 5,
1242*e3723e1fSApple OSS Distributions };
1243*e3723e1fSApple OSS Distributions TXMAddressSpace_t *txm_addr_space = pmap_txm_addr_space(pmap);
1244*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
1245*e3723e1fSApple OSS Distributions
1246*e3723e1fSApple OSS Distributions /*
1247*e3723e1fSApple OSS Distributions * Associating a code signature may require exclusive access to the TXM address
1248*e3723e1fSApple OSS Distributions * space lock within TXM.
1249*e3723e1fSApple OSS Distributions */
1250*e3723e1fSApple OSS Distributions pmap_txm_acquire_exclusive_lock(pmap);
1251*e3723e1fSApple OSS Distributions
1252*e3723e1fSApple OSS Distributions /*
1253*e3723e1fSApple OSS Distributions * If the address space in question is a nested address space, then all associations
1254*e3723e1fSApple OSS Distributions * need to go into the shared region base range. The VM layer is inconsistent with
1255*e3723e1fSApple OSS Distributions * how it makes associations with TXM vs. how it maps pages into the shared region.
1256*e3723e1fSApple OSS Distributions *
1257*e3723e1fSApple OSS Distributions * For TXM, the associations are made without taking the base range into account,
1258*e3723e1fSApple OSS Distributions * but when mappings are entered into the shared region, the base range is taken
1259*e3723e1fSApple OSS Distributions * into account. To normalize this, we add the base range address here.
1260*e3723e1fSApple OSS Distributions */
1261*e3723e1fSApple OSS Distributions vm_address_t adjusted_region_addr = region_addr;
1262*e3723e1fSApple OSS Distributions if (txm_addr_space->addrSpaceID.type == kTXMAddressSpaceIDTypeSharedRegion) {
1263*e3723e1fSApple OSS Distributions adjusted_region_addr += SHARED_REGION_BASE;
1264*e3723e1fSApple OSS Distributions }
1265*e3723e1fSApple OSS Distributions
1266*e3723e1fSApple OSS Distributions /*
1267*e3723e1fSApple OSS Distributions * The VM tries a bunch of weird mappings within launchd for some platform code
1268*e3723e1fSApple OSS Distributions * which isn't mapped contiguously. These mappings don't succeed, but the failure
1269*e3723e1fSApple OSS Distributions * is fairly harmless since everything seems to work. However, since the call to
1270*e3723e1fSApple OSS Distributions * TXM fails, we make a series of logs. Hence, for launchd, we suppress failure
1271*e3723e1fSApple OSS Distributions * logs.
1272*e3723e1fSApple OSS Distributions */
1273*e3723e1fSApple OSS Distributions if (txm_addr_space->addrSpaceID.type == kTXMAddressSpaceIDTypeAddressSpace) {
1274*e3723e1fSApple OSS Distributions /* TXMTODO: Scope this to launchd better */
1275*e3723e1fSApple OSS Distributions txm_call.failure_code_silent = kTXMReturnPlatformCodeMapping;
1276*e3723e1fSApple OSS Distributions }
1277*e3723e1fSApple OSS Distributions
1278*e3723e1fSApple OSS Distributions /* Check if the main region has been set on the address space */
1279*e3723e1fSApple OSS Distributions bool main_region_set = txm_addr_space->mainRegion != NULL;
1280*e3723e1fSApple OSS Distributions bool main_region_set_after = false;
1281*e3723e1fSApple OSS Distributions
1282*e3723e1fSApple OSS Distributions ret = txm_kernel_call(
1283*e3723e1fSApple OSS Distributions &txm_call,
1284*e3723e1fSApple OSS Distributions txm_addr_space,
1285*e3723e1fSApple OSS Distributions sig_obj,
1286*e3723e1fSApple OSS Distributions adjusted_region_addr,
1287*e3723e1fSApple OSS Distributions region_size,
1288*e3723e1fSApple OSS Distributions region_offset);
1289*e3723e1fSApple OSS Distributions
1290*e3723e1fSApple OSS Distributions while (ret == KERN_OPERATION_TIMED_OUT) {
1291*e3723e1fSApple OSS Distributions /*
1292*e3723e1fSApple OSS Distributions * There is no easy method to sleep in the kernel. This operation has the
1293*e3723e1fSApple OSS Distributions * potential to burn CPU cycles, but that is alright since we don't actually
1294*e3723e1fSApple OSS Distributions * ever expect to enter this case on legitimately operating systems.
1295*e3723e1fSApple OSS Distributions */
1296*e3723e1fSApple OSS Distributions ret = txm_kernel_call(
1297*e3723e1fSApple OSS Distributions &txm_call,
1298*e3723e1fSApple OSS Distributions txm_addr_space,
1299*e3723e1fSApple OSS Distributions sig_obj,
1300*e3723e1fSApple OSS Distributions adjusted_region_addr,
1301*e3723e1fSApple OSS Distributions region_size,
1302*e3723e1fSApple OSS Distributions region_offset);
1303*e3723e1fSApple OSS Distributions }
1304*e3723e1fSApple OSS Distributions
1305*e3723e1fSApple OSS Distributions /*
1306*e3723e1fSApple OSS Distributions * If the main region wasn't set on the address space before hand, but this new
1307*e3723e1fSApple OSS Distributions * call into TXM was successful and sets the main region, it means this signature
1308*e3723e1fSApple OSS Distributions * object is associated with the main region on the address space. With this, we
1309*e3723e1fSApple OSS Distributions * can now set the appropriate trust level on the PMAP.
1310*e3723e1fSApple OSS Distributions */
1311*e3723e1fSApple OSS Distributions if (ret == KERN_SUCCESS) {
1312*e3723e1fSApple OSS Distributions main_region_set_after = txm_addr_space->mainRegion != NULL;
1313*e3723e1fSApple OSS Distributions }
1314*e3723e1fSApple OSS Distributions
1315*e3723e1fSApple OSS Distributions /* Unlock the TXM address space lock */
1316*e3723e1fSApple OSS Distributions pmap_txm_release_exclusive_lock(pmap);
1317*e3723e1fSApple OSS Distributions
1318*e3723e1fSApple OSS Distributions /* Check if we should set the trust level on the PMAP */
1319*e3723e1fSApple OSS Distributions if (!main_region_set && main_region_set_after) {
1320*e3723e1fSApple OSS Distributions const TXMCodeSignature_t *cs_obj = sig_obj;
1321*e3723e1fSApple OSS Distributions const SignatureValidation_t *sig = &cs_obj->sig;
1322*e3723e1fSApple OSS Distributions
1323*e3723e1fSApple OSS Distributions /*
1324*e3723e1fSApple OSS Distributions * This is gross, as we're dereferencing into a private data structure type.
1325*e3723e1fSApple OSS Distributions * There are 2 ways to clean this up in the future:
1326*e3723e1fSApple OSS Distributions * 1. Import libCodeSignature, so we can use "codeSignatureGetTrustLevel".
1327*e3723e1fSApple OSS Distributions * 2. Cache the trust level on the address space within TXM and then use it.
1328*e3723e1fSApple OSS Distributions */
1329*e3723e1fSApple OSS Distributions pmap_txm_set_trust_level(pmap, sig->trustLevel);
1330*e3723e1fSApple OSS Distributions }
1331*e3723e1fSApple OSS Distributions
1332*e3723e1fSApple OSS Distributions return ret;
1333*e3723e1fSApple OSS Distributions }
1334*e3723e1fSApple OSS Distributions
1335*e3723e1fSApple OSS Distributions kern_return_t
txm_allow_jit_region(pmap_t pmap)1336*e3723e1fSApple OSS Distributions txm_allow_jit_region(
1337*e3723e1fSApple OSS Distributions pmap_t pmap)
1338*e3723e1fSApple OSS Distributions {
1339*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1340*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorAllowJITRegion,
1341*e3723e1fSApple OSS Distributions .num_input_args = 1,
1342*e3723e1fSApple OSS Distributions };
1343*e3723e1fSApple OSS Distributions TXMAddressSpace_t *txm_addr_space = pmap_txm_addr_space(pmap);
1344*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
1345*e3723e1fSApple OSS Distributions
1346*e3723e1fSApple OSS Distributions pmap_txm_acquire_shared_lock(pmap);
1347*e3723e1fSApple OSS Distributions ret = txm_kernel_call(&txm_call, txm_addr_space);
1348*e3723e1fSApple OSS Distributions pmap_txm_release_shared_lock(pmap);
1349*e3723e1fSApple OSS Distributions
1350*e3723e1fSApple OSS Distributions return ret;
1351*e3723e1fSApple OSS Distributions }
1352*e3723e1fSApple OSS Distributions
1353*e3723e1fSApple OSS Distributions kern_return_t
txm_associate_jit_region(pmap_t pmap,const vm_address_t region_addr,const vm_size_t region_size)1354*e3723e1fSApple OSS Distributions txm_associate_jit_region(
1355*e3723e1fSApple OSS Distributions pmap_t pmap,
1356*e3723e1fSApple OSS Distributions const vm_address_t region_addr,
1357*e3723e1fSApple OSS Distributions const vm_size_t region_size)
1358*e3723e1fSApple OSS Distributions {
1359*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1360*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorAssociateJITRegion,
1361*e3723e1fSApple OSS Distributions .num_input_args = 3,
1362*e3723e1fSApple OSS Distributions };
1363*e3723e1fSApple OSS Distributions TXMAddressSpace_t *txm_addr_space = pmap_txm_addr_space(pmap);
1364*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
1365*e3723e1fSApple OSS Distributions
1366*e3723e1fSApple OSS Distributions /*
1367*e3723e1fSApple OSS Distributions * Associating a JIT region may require exclusive access to the TXM address
1368*e3723e1fSApple OSS Distributions * space lock within TXM.
1369*e3723e1fSApple OSS Distributions */
1370*e3723e1fSApple OSS Distributions pmap_txm_acquire_exclusive_lock(pmap);
1371*e3723e1fSApple OSS Distributions
1372*e3723e1fSApple OSS Distributions ret = txm_kernel_call(
1373*e3723e1fSApple OSS Distributions &txm_call,
1374*e3723e1fSApple OSS Distributions txm_addr_space,
1375*e3723e1fSApple OSS Distributions region_addr,
1376*e3723e1fSApple OSS Distributions region_size);
1377*e3723e1fSApple OSS Distributions
1378*e3723e1fSApple OSS Distributions /* Unlock the TXM address space lock */
1379*e3723e1fSApple OSS Distributions pmap_txm_release_exclusive_lock(pmap);
1380*e3723e1fSApple OSS Distributions
1381*e3723e1fSApple OSS Distributions return ret;
1382*e3723e1fSApple OSS Distributions }
1383*e3723e1fSApple OSS Distributions
1384*e3723e1fSApple OSS Distributions kern_return_t
txm_address_space_debugged(pmap_t pmap)1385*e3723e1fSApple OSS Distributions txm_address_space_debugged(
1386*e3723e1fSApple OSS Distributions pmap_t pmap)
1387*e3723e1fSApple OSS Distributions {
1388*e3723e1fSApple OSS Distributions TXMAddressSpace_t *txm_addr_space = pmap_txm_addr_space(pmap);
1389*e3723e1fSApple OSS Distributions bool debug_regions_allowed = false;
1390*e3723e1fSApple OSS Distributions
1391*e3723e1fSApple OSS Distributions /*
1392*e3723e1fSApple OSS Distributions * We do not actually need to trap into the monitor for this function for
1393*e3723e1fSApple OSS Distributions * now. It might be a tad bit more secure to actually trap into the monitor
1394*e3723e1fSApple OSS Distributions * as it implicitly verifies all of our pointers, but since this is a simple
1395*e3723e1fSApple OSS Distributions * state check against the address space, the real policy around it lies
1396*e3723e1fSApple OSS Distributions * within the kernel still, in which case entering the monitor doesn't
1397*e3723e1fSApple OSS Distributions * really provide much more security.
1398*e3723e1fSApple OSS Distributions */
1399*e3723e1fSApple OSS Distributions
1400*e3723e1fSApple OSS Distributions pmap_txm_acquire_shared_lock(pmap);
1401*e3723e1fSApple OSS Distributions debug_regions_allowed = os_atomic_load(&txm_addr_space->allowsInvalidCode, relaxed);
1402*e3723e1fSApple OSS Distributions pmap_txm_release_shared_lock(pmap);
1403*e3723e1fSApple OSS Distributions
1404*e3723e1fSApple OSS Distributions if (debug_regions_allowed == true) {
1405*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
1406*e3723e1fSApple OSS Distributions }
1407*e3723e1fSApple OSS Distributions return KERN_DENIED;
1408*e3723e1fSApple OSS Distributions }
1409*e3723e1fSApple OSS Distributions
1410*e3723e1fSApple OSS Distributions kern_return_t
txm_associate_debug_region(pmap_t pmap,const vm_address_t region_addr,const vm_size_t region_size)1411*e3723e1fSApple OSS Distributions txm_associate_debug_region(
1412*e3723e1fSApple OSS Distributions pmap_t pmap,
1413*e3723e1fSApple OSS Distributions const vm_address_t region_addr,
1414*e3723e1fSApple OSS Distributions const vm_size_t region_size)
1415*e3723e1fSApple OSS Distributions {
1416*e3723e1fSApple OSS Distributions #if kTXMKernelAPIVersion >= 10
1417*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1418*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorAssociateDebugRegion,
1419*e3723e1fSApple OSS Distributions .num_input_args = 3,
1420*e3723e1fSApple OSS Distributions };
1421*e3723e1fSApple OSS Distributions TXMAddressSpace_t *txm_addr_space = pmap_txm_addr_space(pmap);
1422*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
1423*e3723e1fSApple OSS Distributions
1424*e3723e1fSApple OSS Distributions /*
1425*e3723e1fSApple OSS Distributions * Associating a debug region may require exclusive access to the TXM address
1426*e3723e1fSApple OSS Distributions * space lock within TXM.
1427*e3723e1fSApple OSS Distributions */
1428*e3723e1fSApple OSS Distributions pmap_txm_acquire_exclusive_lock(pmap);
1429*e3723e1fSApple OSS Distributions
1430*e3723e1fSApple OSS Distributions ret = txm_kernel_call(
1431*e3723e1fSApple OSS Distributions &txm_call,
1432*e3723e1fSApple OSS Distributions txm_addr_space,
1433*e3723e1fSApple OSS Distributions region_addr,
1434*e3723e1fSApple OSS Distributions region_size);
1435*e3723e1fSApple OSS Distributions
1436*e3723e1fSApple OSS Distributions /* Unlock the TXM address space lock */
1437*e3723e1fSApple OSS Distributions pmap_txm_release_exclusive_lock(pmap);
1438*e3723e1fSApple OSS Distributions
1439*e3723e1fSApple OSS Distributions return ret;
1440*e3723e1fSApple OSS Distributions #else
1441*e3723e1fSApple OSS Distributions /*
1442*e3723e1fSApple OSS Distributions * This function is an interesting one. There is no need for us to make
1443*e3723e1fSApple OSS Distributions * a call into TXM for this one and instead, all we need to do here is
1444*e3723e1fSApple OSS Distributions * to verify that the TXM address space actually allows debug regions to
1445*e3723e1fSApple OSS Distributions * be mapped in or not.
1446*e3723e1fSApple OSS Distributions */
1447*e3723e1fSApple OSS Distributions (void)region_addr;
1448*e3723e1fSApple OSS Distributions (void)region_size;
1449*e3723e1fSApple OSS Distributions
1450*e3723e1fSApple OSS Distributions kern_return_t ret = txm_address_space_debugged(pmap);
1451*e3723e1fSApple OSS Distributions if (ret != KERN_SUCCESS) {
1452*e3723e1fSApple OSS Distributions printf("address space does not allow creating debug regions\n");
1453*e3723e1fSApple OSS Distributions }
1454*e3723e1fSApple OSS Distributions
1455*e3723e1fSApple OSS Distributions return ret;
1456*e3723e1fSApple OSS Distributions #endif
1457*e3723e1fSApple OSS Distributions }
1458*e3723e1fSApple OSS Distributions
1459*e3723e1fSApple OSS Distributions kern_return_t
txm_allow_invalid_code(pmap_t pmap)1460*e3723e1fSApple OSS Distributions txm_allow_invalid_code(
1461*e3723e1fSApple OSS Distributions pmap_t pmap)
1462*e3723e1fSApple OSS Distributions {
1463*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1464*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorAllowInvalidCode,
1465*e3723e1fSApple OSS Distributions .num_input_args = 1,
1466*e3723e1fSApple OSS Distributions };
1467*e3723e1fSApple OSS Distributions TXMAddressSpace_t *txm_addr_space = pmap_txm_addr_space(pmap);
1468*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
1469*e3723e1fSApple OSS Distributions
1470*e3723e1fSApple OSS Distributions /*
1471*e3723e1fSApple OSS Distributions * Allowing invalid code may require exclusive access to the TXM address
1472*e3723e1fSApple OSS Distributions * space lock within TXM.
1473*e3723e1fSApple OSS Distributions */
1474*e3723e1fSApple OSS Distributions
1475*e3723e1fSApple OSS Distributions pmap_txm_acquire_exclusive_lock(pmap);
1476*e3723e1fSApple OSS Distributions ret = txm_kernel_call(&txm_call, txm_addr_space);
1477*e3723e1fSApple OSS Distributions pmap_txm_release_exclusive_lock(pmap);
1478*e3723e1fSApple OSS Distributions
1479*e3723e1fSApple OSS Distributions return ret;
1480*e3723e1fSApple OSS Distributions }
1481*e3723e1fSApple OSS Distributions
1482*e3723e1fSApple OSS Distributions kern_return_t
txm_get_trust_level_kdp(pmap_t pmap,uint32_t * trust_level)1483*e3723e1fSApple OSS Distributions txm_get_trust_level_kdp(
1484*e3723e1fSApple OSS Distributions pmap_t pmap,
1485*e3723e1fSApple OSS Distributions uint32_t *trust_level)
1486*e3723e1fSApple OSS Distributions {
1487*e3723e1fSApple OSS Distributions CSTrust_t txm_trust_level = kCSTrustUntrusted;
1488*e3723e1fSApple OSS Distributions
1489*e3723e1fSApple OSS Distributions kern_return_t ret = pmap_txm_get_trust_level_kdp(pmap, &txm_trust_level);
1490*e3723e1fSApple OSS Distributions if (ret != KERN_SUCCESS) {
1491*e3723e1fSApple OSS Distributions return ret;
1492*e3723e1fSApple OSS Distributions }
1493*e3723e1fSApple OSS Distributions
1494*e3723e1fSApple OSS Distributions if (trust_level != NULL) {
1495*e3723e1fSApple OSS Distributions *trust_level = txm_trust_level;
1496*e3723e1fSApple OSS Distributions }
1497*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
1498*e3723e1fSApple OSS Distributions }
1499*e3723e1fSApple OSS Distributions
1500*e3723e1fSApple OSS Distributions kern_return_t
txm_get_jit_address_range_kdp(pmap_t pmap,uintptr_t * jit_region_start,uintptr_t * jit_region_end)1501*e3723e1fSApple OSS Distributions txm_get_jit_address_range_kdp(
1502*e3723e1fSApple OSS Distributions pmap_t pmap,
1503*e3723e1fSApple OSS Distributions uintptr_t *jit_region_start,
1504*e3723e1fSApple OSS Distributions uintptr_t *jit_region_end)
1505*e3723e1fSApple OSS Distributions {
1506*e3723e1fSApple OSS Distributions return pmap_txm_get_jit_address_range_kdp(pmap, jit_region_start, jit_region_end);
1507*e3723e1fSApple OSS Distributions }
1508*e3723e1fSApple OSS Distributions
1509*e3723e1fSApple OSS Distributions kern_return_t
txm_address_space_exempt(const pmap_t pmap)1510*e3723e1fSApple OSS Distributions txm_address_space_exempt(
1511*e3723e1fSApple OSS Distributions const pmap_t pmap)
1512*e3723e1fSApple OSS Distributions {
1513*e3723e1fSApple OSS Distributions if (pmap_performs_stage2_translations(pmap) == true) {
1514*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
1515*e3723e1fSApple OSS Distributions }
1516*e3723e1fSApple OSS Distributions
1517*e3723e1fSApple OSS Distributions return KERN_DENIED;
1518*e3723e1fSApple OSS Distributions }
1519*e3723e1fSApple OSS Distributions
1520*e3723e1fSApple OSS Distributions kern_return_t
txm_fork_prepare(pmap_t old_pmap,pmap_t new_pmap)1521*e3723e1fSApple OSS Distributions txm_fork_prepare(
1522*e3723e1fSApple OSS Distributions pmap_t old_pmap,
1523*e3723e1fSApple OSS Distributions pmap_t new_pmap)
1524*e3723e1fSApple OSS Distributions {
1525*e3723e1fSApple OSS Distributions /*
1526*e3723e1fSApple OSS Distributions * We'll add support for this as the need for it becomes more important.
1527*e3723e1fSApple OSS Distributions * TXMTODO: Complete this implementation.
1528*e3723e1fSApple OSS Distributions */
1529*e3723e1fSApple OSS Distributions (void)old_pmap;
1530*e3723e1fSApple OSS Distributions (void)new_pmap;
1531*e3723e1fSApple OSS Distributions
1532*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
1533*e3723e1fSApple OSS Distributions }
1534*e3723e1fSApple OSS Distributions
1535*e3723e1fSApple OSS Distributions kern_return_t
txm_acquire_signing_identifier(const void * sig_obj,const char ** signing_id)1536*e3723e1fSApple OSS Distributions txm_acquire_signing_identifier(
1537*e3723e1fSApple OSS Distributions const void *sig_obj,
1538*e3723e1fSApple OSS Distributions const char **signing_id)
1539*e3723e1fSApple OSS Distributions {
1540*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1541*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorAcquireSigningIdentifier,
1542*e3723e1fSApple OSS Distributions .num_input_args = 1,
1543*e3723e1fSApple OSS Distributions .num_output_args = 1,
1544*e3723e1fSApple OSS Distributions .failure_fatal = true,
1545*e3723e1fSApple OSS Distributions };
1546*e3723e1fSApple OSS Distributions
1547*e3723e1fSApple OSS Distributions /* Get the signing ID -- should not fail */
1548*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, sig_obj);
1549*e3723e1fSApple OSS Distributions
1550*e3723e1fSApple OSS Distributions if (signing_id != NULL) {
1551*e3723e1fSApple OSS Distributions *signing_id = (const char*)txm_call.return_words[0];
1552*e3723e1fSApple OSS Distributions }
1553*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
1554*e3723e1fSApple OSS Distributions }
1555*e3723e1fSApple OSS Distributions
1556*e3723e1fSApple OSS Distributions #pragma mark Entitlements
1557*e3723e1fSApple OSS Distributions
1558*e3723e1fSApple OSS Distributions kern_return_t
txm_associate_kernel_entitlements(void * sig_obj,const void * kernel_entitlements)1559*e3723e1fSApple OSS Distributions txm_associate_kernel_entitlements(
1560*e3723e1fSApple OSS Distributions void *sig_obj,
1561*e3723e1fSApple OSS Distributions const void *kernel_entitlements)
1562*e3723e1fSApple OSS Distributions {
1563*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1564*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorAssociateKernelEntitlements,
1565*e3723e1fSApple OSS Distributions .num_input_args = 2,
1566*e3723e1fSApple OSS Distributions .failure_fatal = true,
1567*e3723e1fSApple OSS Distributions };
1568*e3723e1fSApple OSS Distributions
1569*e3723e1fSApple OSS Distributions /* Associate the kernel entitlements -- should not fail */
1570*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, sig_obj, kernel_entitlements);
1571*e3723e1fSApple OSS Distributions
1572*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
1573*e3723e1fSApple OSS Distributions }
1574*e3723e1fSApple OSS Distributions
1575*e3723e1fSApple OSS Distributions kern_return_t
txm_resolve_kernel_entitlements(pmap_t pmap,const void ** kernel_entitlements)1576*e3723e1fSApple OSS Distributions txm_resolve_kernel_entitlements(
1577*e3723e1fSApple OSS Distributions pmap_t pmap,
1578*e3723e1fSApple OSS Distributions const void **kernel_entitlements)
1579*e3723e1fSApple OSS Distributions {
1580*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1581*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorResolveKernelEntitlementsAddressSpace,
1582*e3723e1fSApple OSS Distributions .skip_logs = true,
1583*e3723e1fSApple OSS Distributions .num_input_args = 1,
1584*e3723e1fSApple OSS Distributions .num_output_args = 1,
1585*e3723e1fSApple OSS Distributions .failure_silent = true,
1586*e3723e1fSApple OSS Distributions };
1587*e3723e1fSApple OSS Distributions TXMAddressSpace_t *txm_addr_space = NULL;
1588*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
1589*e3723e1fSApple OSS Distributions
1590*e3723e1fSApple OSS Distributions if (pmap == pmap_txm_kernel_pmap()) {
1591*e3723e1fSApple OSS Distributions return KERN_NOT_FOUND;
1592*e3723e1fSApple OSS Distributions }
1593*e3723e1fSApple OSS Distributions txm_addr_space = pmap_txm_addr_space(pmap);
1594*e3723e1fSApple OSS Distributions
1595*e3723e1fSApple OSS Distributions pmap_txm_acquire_shared_lock(pmap);
1596*e3723e1fSApple OSS Distributions ret = txm_kernel_call(&txm_call, txm_addr_space);
1597*e3723e1fSApple OSS Distributions pmap_txm_release_shared_lock(pmap);
1598*e3723e1fSApple OSS Distributions
1599*e3723e1fSApple OSS Distributions if ((ret == KERN_SUCCESS) && (kernel_entitlements != NULL)) {
1600*e3723e1fSApple OSS Distributions *kernel_entitlements = (const void*)txm_call.return_words[0];
1601*e3723e1fSApple OSS Distributions }
1602*e3723e1fSApple OSS Distributions return ret;
1603*e3723e1fSApple OSS Distributions }
1604*e3723e1fSApple OSS Distributions
1605*e3723e1fSApple OSS Distributions kern_return_t
txm_accelerate_entitlements(void * sig_obj,CEQueryContext_t * ce_ctx)1606*e3723e1fSApple OSS Distributions txm_accelerate_entitlements(
1607*e3723e1fSApple OSS Distributions void *sig_obj,
1608*e3723e1fSApple OSS Distributions CEQueryContext_t *ce_ctx)
1609*e3723e1fSApple OSS Distributions {
1610*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1611*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorAccelerateEntitlements,
1612*e3723e1fSApple OSS Distributions .num_input_args = 1,
1613*e3723e1fSApple OSS Distributions .num_output_args = 1,
1614*e3723e1fSApple OSS Distributions };
1615*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
1616*e3723e1fSApple OSS Distributions
1617*e3723e1fSApple OSS Distributions ret = txm_kernel_call(&txm_call, sig_obj);
1618*e3723e1fSApple OSS Distributions if ((ret == KERN_SUCCESS) && (ce_ctx != NULL)) {
1619*e3723e1fSApple OSS Distributions *ce_ctx = (CEQueryContext_t)txm_call.return_words[0];
1620*e3723e1fSApple OSS Distributions }
1621*e3723e1fSApple OSS Distributions
1622*e3723e1fSApple OSS Distributions return ret;
1623*e3723e1fSApple OSS Distributions }
1624*e3723e1fSApple OSS Distributions
1625*e3723e1fSApple OSS Distributions #pragma mark Image4
1626*e3723e1fSApple OSS Distributions
1627*e3723e1fSApple OSS Distributions void*
txm_image4_storage_data(__unused size_t * allocated_size)1628*e3723e1fSApple OSS Distributions txm_image4_storage_data(
1629*e3723e1fSApple OSS Distributions __unused size_t *allocated_size)
1630*e3723e1fSApple OSS Distributions {
1631*e3723e1fSApple OSS Distributions /*
1632*e3723e1fSApple OSS Distributions * AppleImage4 builds a variant of TXM which TXM should link against statically
1633*e3723e1fSApple OSS Distributions * thereby removing the need for the kernel to allocate some data on behalf of
1634*e3723e1fSApple OSS Distributions * the kernel extension.
1635*e3723e1fSApple OSS Distributions */
1636*e3723e1fSApple OSS Distributions panic("unsupported AppleImage4 interface");
1637*e3723e1fSApple OSS Distributions }
1638*e3723e1fSApple OSS Distributions
1639*e3723e1fSApple OSS Distributions void
txm_image4_set_nonce(const img4_nonce_domain_index_t ndi,const img4_nonce_t * nonce)1640*e3723e1fSApple OSS Distributions txm_image4_set_nonce(
1641*e3723e1fSApple OSS Distributions const img4_nonce_domain_index_t ndi,
1642*e3723e1fSApple OSS Distributions const img4_nonce_t *nonce)
1643*e3723e1fSApple OSS Distributions {
1644*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1645*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorImage4SetNonce,
1646*e3723e1fSApple OSS Distributions .failure_fatal = true,
1647*e3723e1fSApple OSS Distributions .num_input_args = 2,
1648*e3723e1fSApple OSS Distributions };
1649*e3723e1fSApple OSS Distributions
1650*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, ndi, nonce);
1651*e3723e1fSApple OSS Distributions }
1652*e3723e1fSApple OSS Distributions
1653*e3723e1fSApple OSS Distributions void
txm_image4_roll_nonce(const img4_nonce_domain_index_t ndi)1654*e3723e1fSApple OSS Distributions txm_image4_roll_nonce(
1655*e3723e1fSApple OSS Distributions const img4_nonce_domain_index_t ndi)
1656*e3723e1fSApple OSS Distributions {
1657*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1658*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorImage4RollNonce,
1659*e3723e1fSApple OSS Distributions .failure_fatal = true,
1660*e3723e1fSApple OSS Distributions .num_input_args = 1,
1661*e3723e1fSApple OSS Distributions };
1662*e3723e1fSApple OSS Distributions
1663*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, ndi);
1664*e3723e1fSApple OSS Distributions }
1665*e3723e1fSApple OSS Distributions
1666*e3723e1fSApple OSS Distributions errno_t
txm_image4_copy_nonce(const img4_nonce_domain_index_t ndi,img4_nonce_t * nonce_out)1667*e3723e1fSApple OSS Distributions txm_image4_copy_nonce(
1668*e3723e1fSApple OSS Distributions const img4_nonce_domain_index_t ndi,
1669*e3723e1fSApple OSS Distributions img4_nonce_t *nonce_out)
1670*e3723e1fSApple OSS Distributions {
1671*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1672*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorImage4GetNonce,
1673*e3723e1fSApple OSS Distributions .num_input_args = 1,
1674*e3723e1fSApple OSS Distributions .num_output_args = 1,
1675*e3723e1fSApple OSS Distributions };
1676*e3723e1fSApple OSS Distributions const img4_nonce_t *nonce = NULL;
1677*e3723e1fSApple OSS Distributions TXMReturn_t txm_ret = {0};
1678*e3723e1fSApple OSS Distributions kern_return_t ret = KERN_DENIED;
1679*e3723e1fSApple OSS Distributions
1680*e3723e1fSApple OSS Distributions ret = txm_kernel_call(&txm_call, ndi);
1681*e3723e1fSApple OSS Distributions if (ret != KERN_SUCCESS) {
1682*e3723e1fSApple OSS Distributions txm_ret = txm_call.txm_ret;
1683*e3723e1fSApple OSS Distributions if (txm_ret.returnCode != kTXMReturnCodeErrno) {
1684*e3723e1fSApple OSS Distributions return EPERM;
1685*e3723e1fSApple OSS Distributions }
1686*e3723e1fSApple OSS Distributions return txm_ret.errnoRet;
1687*e3723e1fSApple OSS Distributions }
1688*e3723e1fSApple OSS Distributions
1689*e3723e1fSApple OSS Distributions /* Acquire a pointer to the nonce from TXM */
1690*e3723e1fSApple OSS Distributions nonce = (const img4_nonce_t*)txm_call.return_words[0];
1691*e3723e1fSApple OSS Distributions
1692*e3723e1fSApple OSS Distributions if (nonce_out) {
1693*e3723e1fSApple OSS Distributions *nonce_out = *nonce;
1694*e3723e1fSApple OSS Distributions }
1695*e3723e1fSApple OSS Distributions return 0;
1696*e3723e1fSApple OSS Distributions }
1697*e3723e1fSApple OSS Distributions
1698*e3723e1fSApple OSS Distributions errno_t
txm_image4_execute_object(img4_runtime_object_spec_index_t obj_spec_index,const img4_buff_t * payload,const img4_buff_t * manifest)1699*e3723e1fSApple OSS Distributions txm_image4_execute_object(
1700*e3723e1fSApple OSS Distributions img4_runtime_object_spec_index_t obj_spec_index,
1701*e3723e1fSApple OSS Distributions const img4_buff_t *payload,
1702*e3723e1fSApple OSS Distributions const img4_buff_t *manifest)
1703*e3723e1fSApple OSS Distributions {
1704*e3723e1fSApple OSS Distributions /* Not supported within TXM yet */
1705*e3723e1fSApple OSS Distributions (void)obj_spec_index;
1706*e3723e1fSApple OSS Distributions (void)payload;
1707*e3723e1fSApple OSS Distributions (void)manifest;
1708*e3723e1fSApple OSS Distributions
1709*e3723e1fSApple OSS Distributions printf("image4 object execution isn't supported by TXM\n");
1710*e3723e1fSApple OSS Distributions return ENOSYS;
1711*e3723e1fSApple OSS Distributions }
1712*e3723e1fSApple OSS Distributions
1713*e3723e1fSApple OSS Distributions errno_t
txm_image4_copy_object(img4_runtime_object_spec_index_t obj_spec_index,vm_address_t object_out,size_t * object_length)1714*e3723e1fSApple OSS Distributions txm_image4_copy_object(
1715*e3723e1fSApple OSS Distributions img4_runtime_object_spec_index_t obj_spec_index,
1716*e3723e1fSApple OSS Distributions vm_address_t object_out,
1717*e3723e1fSApple OSS Distributions size_t *object_length)
1718*e3723e1fSApple OSS Distributions {
1719*e3723e1fSApple OSS Distributions /* Not supported within TXM yet */
1720*e3723e1fSApple OSS Distributions (void)obj_spec_index;
1721*e3723e1fSApple OSS Distributions (void)object_out;
1722*e3723e1fSApple OSS Distributions (void)object_length;
1723*e3723e1fSApple OSS Distributions
1724*e3723e1fSApple OSS Distributions printf("image4 object copying isn't supported by TXM\n");
1725*e3723e1fSApple OSS Distributions return ENOSYS;
1726*e3723e1fSApple OSS Distributions }
1727*e3723e1fSApple OSS Distributions
1728*e3723e1fSApple OSS Distributions const void*
txm_image4_get_monitor_exports(void)1729*e3723e1fSApple OSS Distributions txm_image4_get_monitor_exports(void)
1730*e3723e1fSApple OSS Distributions {
1731*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1732*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorImage4GetExports,
1733*e3723e1fSApple OSS Distributions .failure_fatal = true,
1734*e3723e1fSApple OSS Distributions .num_output_args = 1,
1735*e3723e1fSApple OSS Distributions };
1736*e3723e1fSApple OSS Distributions
1737*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call);
1738*e3723e1fSApple OSS Distributions return (const void*)txm_call.return_words[0];
1739*e3723e1fSApple OSS Distributions }
1740*e3723e1fSApple OSS Distributions
1741*e3723e1fSApple OSS Distributions errno_t
txm_image4_set_release_type(const char * release_type)1742*e3723e1fSApple OSS Distributions txm_image4_set_release_type(
1743*e3723e1fSApple OSS Distributions const char *release_type)
1744*e3723e1fSApple OSS Distributions {
1745*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1746*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorImage4SetReleaseType,
1747*e3723e1fSApple OSS Distributions .failure_fatal = true,
1748*e3723e1fSApple OSS Distributions .num_input_args = 1,
1749*e3723e1fSApple OSS Distributions };
1750*e3723e1fSApple OSS Distributions
1751*e3723e1fSApple OSS Distributions /* Set the release type -- cannot fail */
1752*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, release_type);
1753*e3723e1fSApple OSS Distributions
1754*e3723e1fSApple OSS Distributions return 0;
1755*e3723e1fSApple OSS Distributions }
1756*e3723e1fSApple OSS Distributions
1757*e3723e1fSApple OSS Distributions errno_t
txm_image4_set_bnch_shadow(const img4_nonce_domain_index_t ndi)1758*e3723e1fSApple OSS Distributions txm_image4_set_bnch_shadow(
1759*e3723e1fSApple OSS Distributions const img4_nonce_domain_index_t ndi)
1760*e3723e1fSApple OSS Distributions {
1761*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1762*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorImage4SetBootNonceShadow,
1763*e3723e1fSApple OSS Distributions .failure_fatal = true,
1764*e3723e1fSApple OSS Distributions .num_input_args = 1,
1765*e3723e1fSApple OSS Distributions };
1766*e3723e1fSApple OSS Distributions
1767*e3723e1fSApple OSS Distributions /* Set the release type -- cannot fail */
1768*e3723e1fSApple OSS Distributions txm_kernel_call(&txm_call, ndi);
1769*e3723e1fSApple OSS Distributions
1770*e3723e1fSApple OSS Distributions return 0;
1771*e3723e1fSApple OSS Distributions }
1772*e3723e1fSApple OSS Distributions
1773*e3723e1fSApple OSS Distributions #pragma mark Image4 - New
1774*e3723e1fSApple OSS Distributions
1775*e3723e1fSApple OSS Distributions static inline bool
_txm_image4_monitor_trap_supported(image4_cs_trap_t selector)1776*e3723e1fSApple OSS Distributions _txm_image4_monitor_trap_supported(
1777*e3723e1fSApple OSS Distributions image4_cs_trap_t selector)
1778*e3723e1fSApple OSS Distributions {
1779*e3723e1fSApple OSS Distributions switch (selector) {
1780*e3723e1fSApple OSS Distributions #if kTXMImage4APIVersion >= 1
1781*e3723e1fSApple OSS Distributions case IMAGE4_CS_TRAP_KMOD_SET_RELEASE_TYPE:
1782*e3723e1fSApple OSS Distributions case IMAGE4_CS_TRAP_NONCE_SET:
1783*e3723e1fSApple OSS Distributions case IMAGE4_CS_TRAP_NONCE_ROLL:
1784*e3723e1fSApple OSS Distributions case IMAGE4_CS_TRAP_IMAGE_ACTIVATE:
1785*e3723e1fSApple OSS Distributions return true;
1786*e3723e1fSApple OSS Distributions #endif
1787*e3723e1fSApple OSS Distributions
1788*e3723e1fSApple OSS Distributions default:
1789*e3723e1fSApple OSS Distributions return false;
1790*e3723e1fSApple OSS Distributions }
1791*e3723e1fSApple OSS Distributions }
1792*e3723e1fSApple OSS Distributions
1793*e3723e1fSApple OSS Distributions kern_return_t
txm_image4_transfer_region(image4_cs_trap_t selector,vm_address_t region_addr,vm_size_t region_size)1794*e3723e1fSApple OSS Distributions txm_image4_transfer_region(
1795*e3723e1fSApple OSS Distributions image4_cs_trap_t selector,
1796*e3723e1fSApple OSS Distributions vm_address_t region_addr,
1797*e3723e1fSApple OSS Distributions vm_size_t region_size)
1798*e3723e1fSApple OSS Distributions {
1799*e3723e1fSApple OSS Distributions if (_txm_image4_monitor_trap_supported(selector) == true) {
1800*e3723e1fSApple OSS Distributions txm_transfer_region(region_addr, region_size);
1801*e3723e1fSApple OSS Distributions }
1802*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
1803*e3723e1fSApple OSS Distributions }
1804*e3723e1fSApple OSS Distributions
1805*e3723e1fSApple OSS Distributions kern_return_t
txm_image4_reclaim_region(image4_cs_trap_t selector,vm_address_t region_addr,vm_size_t region_size)1806*e3723e1fSApple OSS Distributions txm_image4_reclaim_region(
1807*e3723e1fSApple OSS Distributions image4_cs_trap_t selector,
1808*e3723e1fSApple OSS Distributions vm_address_t region_addr,
1809*e3723e1fSApple OSS Distributions vm_size_t region_size)
1810*e3723e1fSApple OSS Distributions {
1811*e3723e1fSApple OSS Distributions if (_txm_image4_monitor_trap_supported(selector) == true) {
1812*e3723e1fSApple OSS Distributions txm_reclaim_region(region_addr, region_size);
1813*e3723e1fSApple OSS Distributions }
1814*e3723e1fSApple OSS Distributions return KERN_SUCCESS;
1815*e3723e1fSApple OSS Distributions }
1816*e3723e1fSApple OSS Distributions
1817*e3723e1fSApple OSS Distributions errno_t
txm_image4_monitor_trap(image4_cs_trap_t selector,const void * input_data,size_t input_size)1818*e3723e1fSApple OSS Distributions txm_image4_monitor_trap(
1819*e3723e1fSApple OSS Distributions image4_cs_trap_t selector,
1820*e3723e1fSApple OSS Distributions const void *input_data,
1821*e3723e1fSApple OSS Distributions size_t input_size)
1822*e3723e1fSApple OSS Distributions {
1823*e3723e1fSApple OSS Distributions txm_call_t txm_call = {
1824*e3723e1fSApple OSS Distributions .selector = kTXMKernelSelectorImage4Dispatch,
1825*e3723e1fSApple OSS Distributions .num_input_args = 5,
1826*e3723e1fSApple OSS Distributions };
1827*e3723e1fSApple OSS Distributions
1828*e3723e1fSApple OSS Distributions kern_return_t ret = txm_kernel_call(
1829*e3723e1fSApple OSS Distributions &txm_call, selector,
1830*e3723e1fSApple OSS Distributions input_data, input_size,
1831*e3723e1fSApple OSS Distributions NULL, NULL);
1832*e3723e1fSApple OSS Distributions
1833*e3723e1fSApple OSS Distributions /* Return 0 for success */
1834*e3723e1fSApple OSS Distributions if (ret == KERN_SUCCESS) {
1835*e3723e1fSApple OSS Distributions return 0;
1836*e3723e1fSApple OSS Distributions }
1837*e3723e1fSApple OSS Distributions
1838*e3723e1fSApple OSS Distributions /* Check for an errno_t return */
1839*e3723e1fSApple OSS Distributions if (txm_call.txm_ret.returnCode == kTXMReturnCodeErrno) {
1840*e3723e1fSApple OSS Distributions if (txm_call.txm_ret.errnoRet == 0) {
1841*e3723e1fSApple OSS Distributions panic("image4 dispatch: unexpected success errno_t: %llu", selector);
1842*e3723e1fSApple OSS Distributions }
1843*e3723e1fSApple OSS Distributions return txm_call.txm_ret.errnoRet;
1844*e3723e1fSApple OSS Distributions }
1845*e3723e1fSApple OSS Distributions
1846*e3723e1fSApple OSS Distributions /* Return a generic error */
1847*e3723e1fSApple OSS Distributions return EPERM;
1848*e3723e1fSApple OSS Distributions }
1849*e3723e1fSApple OSS Distributions
1850*e3723e1fSApple OSS Distributions #pragma mark Metrics
1851*e3723e1fSApple OSS Distributions
1852*e3723e1fSApple OSS Distributions #if DEVELOPMENT || DEBUG
1853*e3723e1fSApple OSS Distributions
1854*e3723e1fSApple OSS Distributions SYSCTL_DECL(_txm);
1855*e3723e1fSApple OSS Distributions SYSCTL_NODE(, OID_AUTO, txm, CTLFLAG_RD, 0, "TXM");
1856*e3723e1fSApple OSS Distributions
1857*e3723e1fSApple OSS Distributions SYSCTL_DECL(_txm_metrics);
1858*e3723e1fSApple OSS Distributions SYSCTL_NODE(_txm, OID_AUTO, metrics, CTLFLAG_RD, 0, "TXM Metrics");
1859*e3723e1fSApple OSS Distributions
1860*e3723e1fSApple OSS Distributions #define TXM_METRIC(type, name, field) \
1861*e3723e1fSApple OSS Distributions static int __txm_metric_ ## type ## _ ## name SYSCTL_HANDLER_ARGS; \
1862*e3723e1fSApple OSS Distributions SYSCTL_DECL(_txm_metrics_ ## type); \
1863*e3723e1fSApple OSS Distributions SYSCTL_PROC( \
1864*e3723e1fSApple OSS Distributions _txm_metrics_ ## type, OID_AUTO, \
1865*e3723e1fSApple OSS Distributions name, CTLTYPE_INT | CTLFLAG_RD, \
1866*e3723e1fSApple OSS Distributions NULL, 0, __txm_metric_ ## type ## _ ## name, \
1867*e3723e1fSApple OSS Distributions "I", "collected data from \'" #type "\':\'" #field "\'"); \
1868*e3723e1fSApple OSS Distributions static int __txm_metric_ ## type ## _ ## name SYSCTL_HANDLER_ARGS \
1869*e3723e1fSApple OSS Distributions { \
1870*e3723e1fSApple OSS Distributions if (req->newptr) { \
1871*e3723e1fSApple OSS Distributions return EPERM; \
1872*e3723e1fSApple OSS Distributions } \
1873*e3723e1fSApple OSS Distributions uint32_t value = os_atomic_load(&txm_metrics->field, relaxed); \
1874*e3723e1fSApple OSS Distributions return SYSCTL_OUT(req, &value, sizeof(value)); \
1875*e3723e1fSApple OSS Distributions }
1876*e3723e1fSApple OSS Distributions
1877*e3723e1fSApple OSS Distributions SYSCTL_DECL(_txm_metrics_memory);
1878*e3723e1fSApple OSS Distributions SYSCTL_NODE(_txm_metrics, OID_AUTO, memory, CTLFLAG_RD, 0, "TXM Metrics - Memory");
1879*e3723e1fSApple OSS Distributions
1880*e3723e1fSApple OSS Distributions #define TXM_ALLOCATOR_METRIC(name, field) \
1881*e3723e1fSApple OSS Distributions SYSCTL_DECL(_txm_metrics_memory_ ## name); \
1882*e3723e1fSApple OSS Distributions SYSCTL_NODE(_txm_metrics_memory, OID_AUTO, name, CTLFLAG_RD, 0, "\'" #name "\' allocator"); \
1883*e3723e1fSApple OSS Distributions TXM_METRIC(memory_ ## name, bytes_allocated, field->allocated); \
1884*e3723e1fSApple OSS Distributions TXM_METRIC(memory_ ## name, bytes_unused, field->unused); \
1885*e3723e1fSApple OSS Distributions TXM_METRIC(memory_ ## name, bytes_wasted, field->wasted); \
1886*e3723e1fSApple OSS Distributions
1887*e3723e1fSApple OSS Distributions TXM_METRIC(memory, bootstrap, memory.bootstrap);
1888*e3723e1fSApple OSS Distributions TXM_METRIC(memory, free_list, memory.freeList);
1889*e3723e1fSApple OSS Distributions TXM_METRIC(memory, bulk_data, memory.bulkData);
1890*e3723e1fSApple OSS Distributions TXM_ALLOCATOR_METRIC(trust_cache, memory.slabs.trustCache);
1891*e3723e1fSApple OSS Distributions TXM_ALLOCATOR_METRIC(provisioning_profile, memory.slabs.profile);
1892*e3723e1fSApple OSS Distributions TXM_ALLOCATOR_METRIC(code_signature, memory.slabs.codeSignature);
1893*e3723e1fSApple OSS Distributions TXM_ALLOCATOR_METRIC(code_region, memory.slabs.codeRegion);
1894*e3723e1fSApple OSS Distributions TXM_ALLOCATOR_METRIC(address_space, memory.slabs.addressSpace);
1895*e3723e1fSApple OSS Distributions TXM_ALLOCATOR_METRIC(bucket_1024, memory.buckets.b1024);
1896*e3723e1fSApple OSS Distributions TXM_ALLOCATOR_METRIC(bucket_2048, memory.buckets.b2048);
1897*e3723e1fSApple OSS Distributions TXM_ALLOCATOR_METRIC(bucket_4096, memory.buckets.b4096);
1898*e3723e1fSApple OSS Distributions TXM_ALLOCATOR_METRIC(bucket_8192, memory.buckets.b8192);
1899*e3723e1fSApple OSS Distributions
1900*e3723e1fSApple OSS Distributions SYSCTL_DECL(_txm_metrics_acceleration);
1901*e3723e1fSApple OSS Distributions SYSCTL_NODE(_txm_metrics, OID_AUTO, acceleration, CTLFLAG_RD, 0, "TXM Metrics - Acceleration");
1902*e3723e1fSApple OSS Distributions TXM_METRIC(acceleration, num_signature, acceleration.signature);
1903*e3723e1fSApple OSS Distributions TXM_METRIC(acceleration, num_bucket, acceleration.bucket);
1904*e3723e1fSApple OSS Distributions TXM_METRIC(acceleration, num_page, acceleration.page);
1905*e3723e1fSApple OSS Distributions TXM_METRIC(acceleration, bucket_256, acceleration.bucket256);
1906*e3723e1fSApple OSS Distributions TXM_METRIC(acceleration, unsupported, acceleration.large);
1907*e3723e1fSApple OSS Distributions
1908*e3723e1fSApple OSS Distributions SYSCTL_DECL(_txm_metrics_trustcaches);
1909*e3723e1fSApple OSS Distributions SYSCTL_NODE(_txm_metrics, OID_AUTO, trustcaches, CTLFLAG_RD, 0, "TXM Metrics - Trust Caches");
1910*e3723e1fSApple OSS Distributions TXM_METRIC(trustcaches, bytes_needed, trustCaches.bytesNeeded);
1911*e3723e1fSApple OSS Distributions TXM_METRIC(trustcaches, bytes_allocated, trustCaches.bytesAllocated);
1912*e3723e1fSApple OSS Distributions TXM_METRIC(trustcaches, bytes_locked, trustCaches.bytesLocked);
1913*e3723e1fSApple OSS Distributions TXM_METRIC(trustcaches, bytes_tombstoned, trustCaches.bytesTombstoned);
1914*e3723e1fSApple OSS Distributions
1915*e3723e1fSApple OSS Distributions #endif /* DEVELOPMENT || DEBUG */
1916*e3723e1fSApple OSS Distributions
1917*e3723e1fSApple OSS Distributions
1918*e3723e1fSApple OSS Distributions #endif /* CONFIG_SPTM */
1919