trustcache.h
1 /* 2 * Copyright (c) 2018 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29 #ifndef _KERN_TRUSTCACHE_H_ 30 #define _KERN_TRUSTCACHE_H_ 31 32 #include <stdint.h> 33 34 #include <kern/cs_blobs.h> 35 36 #include <uuid/uuid.h> 37 38 #ifdef PLATFORM_BridgeOS 39 /* Version 0 trust caches: No defined sorting order (thus only suitable for small trust caches). 40 * Used for loadable trust caches only, until phasing out support. */ 41 typedef uint8_t trust_cache_hash0[CS_CDHASH_LEN]; 42 struct trust_cache_module0 { 43 uint32_t version; 44 uuid_t uuid; 45 uint32_t num_hashes; 46 trust_cache_hash0 hashes[]; 47 } __attribute__((__packed__)); 48 #endif 49 50 51 /* Version 1 trust caches: Always sorted by cdhash, added hash type and flags field. 52 * Suitable for all trust caches. */ 53 54 struct trust_cache_entry1 { 55 uint8_t cdhash[CS_CDHASH_LEN]; 56 uint8_t hash_type; 57 uint8_t flags; 58 } __attribute__((__packed__)); 59 60 struct trust_cache_module1 { 61 uint32_t version; 62 uuid_t uuid; 63 uint32_t num_entries; 64 struct trust_cache_entry1 entries[]; 65 } __attribute__((__packed__)); 66 67 // Trust Cache Entry Flags 68 #define CS_TRUST_CACHE_AMFID 0x1 // valid cdhash for amfid 69 70 /* Trust Cache lookup functions return their result as a 32bit value 71 * comprised of subfields, for straightforward passing through layers. 72 * 73 * Format: 74 * 75 * 0xXXCCBBAA 76 * 77 * AA: 0-7: lookup result 78 * bit 0: TC_LOOKUP_FOUND: set if any entry found 79 * bit 1: (obsolete) TC_LOOKUP_FALLBACK: set if found in legacy static trust cache 80 * bit 2-7: reserved 81 * BB: 8-15: entry flags pass-through, see "Trust Cache Entry Flags" above 82 * CC: 16-23: code directory hash type of entry, see CS_HASHTYPE_* in cs_blobs.h 83 * XX: 24-31: reserved 84 */ 85 86 #define TC_LOOKUP_HASH_TYPE_SHIFT 16 87 #define TC_LOOKUP_HASH_TYPE_MASK 0xff0000L; 88 #define TC_LOOKUP_FLAGS_SHIFT 8 89 #define TC_LOOKUP_FLAGS_MASK 0xff00L 90 #define TC_LOOKUP_RESULT_SHIFT 0 91 #define TC_LOOKUP_RESULT_MASK 0xffL 92 93 #define TC_LOOKUP_FOUND 1 94 95 #ifdef XNU_KERNEL_PRIVATE 96 97 // Serialized Trust Caches 98 99 /* This is how iBoot delivers them to us. */ 100 struct serialized_trust_caches { 101 uint32_t num_caches; 102 uint32_t offsets[0]; 103 } __attribute__((__packed__)); 104 105 106 void trust_cache_init(void); 107 108 uint32_t lookup_in_static_trust_cache(const uint8_t cdhash[CS_CDHASH_LEN]); 109 110 bool lookup_in_trust_cache_module(struct trust_cache_module1 const * const module, 111 uint8_t const cdhash[CS_CDHASH_LEN], 112 uint8_t * const hash_type, 113 uint8_t * const flags); 114 115 #endif 116 117 #endif /* _KERN_TRUSTCACHE_H */