/*!
* @header
* Cryptex1 chip environments.
*/
#ifndef __IMG4_CHIP_CRYPTEX1_H
#define __IMG4_CHIP_CRYPTEX1_H
#ifndef __IMG4_INDIRECT
#error "Please #include <img4/firmware.h> instead of this file directly"
#endif // __IMG4_INDIRECT
__BEGIN_DECLS
OS_ASSUME_NONNULL_BEGIN
OS_ASSUME_PTR_ABI_SINGLE_BEGIN
/*!
* @const IMG4_CHIP_CRYPTEX1_BOOT
* A virtual coprocessor environment hosted on the AP which derives its unique
* identity from the hosting AP. This chip assists in booting the AP's
* userspace.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20211126
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_boot;
#define IMG4_CHIP_CRYPTEX1_BOOT (&_img4_chip_cryptex1_boot)
#else
#define IMG4_CHIP_CRYPTEX1_BOOT (img4if->i4if_v17.chip_cryptex1_boot)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_BOOT_REDUCED
* A virtual coprocessor environment hosted on the reduced-security AP which
* derives its unique identity from the hosting AP. This chip assists in booting
* the AP's userspace.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20211126
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_boot_reduced;
#define IMG4_CHIP_CRYPTEX1_BOOT_REDUCED \
(&_img4_chip_cryptex1_boot_reduced)
#else
#define IMG4_CHIP_CRYPTEX1_BOOT_REDUCED \
(img4if->i4if_v17.chip_cryptex1_boot_reduced)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_BOOT_PROPOSAL
* Equivalent to {@link IMG4_CHIP_CRYPTEX1_BOOT} with internal use constraints
* relaxed to permit verification in scenarios where the currently-booted AP may
* not represent the ultimate execution environment.
*
* @discussion
* This environment should not be used for payload execution on the AP and is
* intended to facilitate local policy signing in the SEP.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20220401
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_boot_proposal;
#define IMG4_CHIP_CRYPTEX1_BOOT_PROPOSAL (&_img4_chip_cryptex1_boot_proposal)
#else
#define IMG4_CHIP_CRYPTEX1_BOOT_PROPOSAL \
(img4if->i4if_v18.chip_cryptex1_boot_proposal)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_BOOT_REDUCED_PROPOSAL
* Equivalent to {@link IMG4_CHIP_CRYPTEX1_BOOT_REDUCED} with internal use
* constraints relaxed to permit verification in scenarios where the currently-
* booted AP may not represent the ultimate execution environment.
*
* @discussion
* This environment should not be used for payload execution on the AP and is
* intended to facilitate local policy signing in the SEP.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20220401
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_boot_reduced_proposal;
#define IMG4_CHIP_CRYPTEX1_BOOT_REDUCED_PROPOSAL \
(&_img4_chip_cryptex1_boot_reduced_proposal)
#else
#define IMG4_CHIP_CRYPTEX1_BOOT_REDUCED_PROPOSAL \
(img4if->i4if_v18.chip_cryptex1_boot_reduced_proposal)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_BOOT_X86
* A virtual coprocessor environment hosted on an x86 chip which has no unique
* identity. This chip assists in booting the x86 processor's userspace.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20211126
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_boot_x86;
#define IMG4_CHIP_CRYPTEX1_BOOT_X86 (&_img4_chip_cryptex1_boot_x86)
#else
#define IMG4_CHIP_CRYPTEX1_BOOT_X86 (img4if->i4if_v17.chip_cryptex1_boot_x86)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_BOOT_STATIC_X86
* A virtual coprocessor environment hosted on an x86 chip which has no unique
* identity. This chip assists in booting the x86 processor's userspace. This
* chip has no ability to enforce expiration on its manifests.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20220912
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_boot_static_x86;
#define IMG4_CHIP_CRYPTEX1_BOOT_STATIC_X86 \
(&_img4_chip_cryptex1_boot_static_x86)
#else
#define IMG4_CHIP_CRYPTEX1_BOOT_STATIC_X86 \
(img4if->i4if_v19.chip_cryptex1_boot_static_x86)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_BOOT_RELAXED_X86
* A virtual coprocessor environment hosted on an x86 chip which has no unique
* identity and has secure boot disabled. This chip assists in booting the x86
* processor's userspace.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20220711
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_boot_relaxed_x86;
#define IMG4_CHIP_CRYPTEX1_BOOT_RELAXED_X86 \
(&_img4_chip_cryptex1_boot_relaxed_x86)
#else
#define IMG4_CHIP_CRYPTEX1_BOOT_RELAXED_X86 \
(img4if->i4if_v19.chip_cryptex1_boot_relaxed_x86)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_BOOT_VMA2
* A virtual coprocessor environment hosted on a virtualized ARM AP which
* derives its unique identity from the hosting AP. This chip assists in booting
* the AP's userspace.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20220128
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_boot_vma2;
#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2 (&_img4_chip_cryptex1_boot_vma2)
#else
#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2 (img4if->i4if_v17.chip_cryptex1_boot_vma2)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE
* A virtual coprocessor environment hosted on a virtualized ARM AP which
* derives its unique identity from the hosting AP. This chip assists in booting
* the AP's userspace. This is the clone version which doesn't enforce ECID
* and UDID.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20220322
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_boot_vma2_clone;
#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE \
(&_img4_chip_cryptex1_boot_vma2_clone)
#else
#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE \
(img4if->i4if_v18.chip_cryptex1_boot_vma2_clone)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_BOOT_VMA2_PROPOSAL
* Equivalent to {@link IMG4_CHIP_CRYPTEX1_BOOT_VMA2} with internal use
* constraints relaxed to permit verification in scenarios where the currently-
* booted AP may not represent the ultimate execution environment.
*
* @discussion
* This environment should not be used for payload execution on the AP and is
* intended to facilitate local policy signing in the BootPolicy kext.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20220401
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_boot_vma2_proposal;
#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_PROPOSAL \
(&_img4_chip_cryptex1_boot_vma2_proposal)
#else
#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_PROPOSAL \
(img4if->i4if_v18.chip_cryptex1_boot_vma2_proposal)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE_PROPOSAL
* Equivalent to {@link IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE} with internal use
* constraints relaxed to permit verification in scenarios where the currently-
* booted AP may not represent the ultimate execution environment.
*
* @discussion
* This environment should not be used for payload execution on the AP and is
* intended to facilitate local policy signing in the BootPolicy kext.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20220401
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_boot_vma2_clone_proposal;
#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE_PROPOSAL \
(&_img4_chip_cryptex1_boot_vma2_clone_proposal)
#else
#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE_PROPOSAL \
(img4if->i4if_v18.chip_cryptex1_boot_vma2_clone_proposal)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_PREBOOT
* A virtual coprocessor environment hosted on the AP which derives its unique
* identity from the hosting AP. This chip permits executing payloads intended
* for the next boot prior to that boot. It does not assist in booting the AP.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20211126
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_preboot;
#define IMG4_CHIP_CRYPTEX1_PREBOOT (&_img4_chip_cryptex1_preboot)
#else
#define IMG4_CHIP_CRYPTEX1_PREBOOT (img4if->i4if_v17.chip_cryptex1_preboot)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_PREBOOT_REDUCED
* A virtual coprocessor environment hosted on the reduced-security AP which
* derives its unique identity from the hosting AP. This chip permits executing
* payloads intended for the next boot prior to that boot. It does not assist in
* booting the AP.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20211126
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_preboot_reduced;
#define IMG4_CHIP_CRYPTEX1_PREBOOT_REDUCED \
(&_img4_chip_cryptex1_preboot_reduced)
#else
#define IMG4_CHIP_CRYPTEX1_PREBOOT_REDUCED \
(img4if->i4if_v17.chip_cryptex1_preboot_reduced)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_PREBOOT_X86
* A virtual coprocessor environment hosted on an x86 chip which has no unique
* identity. This chip permits executing payloads intended for the next boot
* prior to that boot. It does not assist in booting the x86 chip.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20211126
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_preboot_x86;
#define IMG4_CHIP_CRYPTEX1_PREBOOT_X86 \
(&_img4_chip_cryptex1_preboot_x86)
#else
#define IMG4_CHIP_CRYPTEX1_PREBOOT_X86 \
(img4if->i4if_v17.chip_cryptex1_preboot_x86)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_PREBOOT_STATIC_X86
* A virtual coprocessor environment hosted on an x86 chip which has no unique
* identity. This chip permits executing payloads intended for the next boot
* prior to that boot. It does not assist in booting the x86 chip. This chip has
* no ability to enforce expiration on its manifests.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20211126
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_preboot_static_x86;
#define IMG4_CHIP_CRYPTEX1_PREBOOT_STATIC_X86 \
(&_img4_chip_cryptex1_preboot_static_x86)
#else
#define IMG4_CHIP_CRYPTEX1_PREBOOT_STATIC_X86 \
(img4if->i4if_v19.chip_cryptex1_preboot_static_x86)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_PREBOOT_RELAXED_X86
* A virtual coprocessor environment hosted on an x86 chip which has no unique
* identity and has secure boot disabled. This chip permits executing payloads
* intended for the next boot prior to that boot. It does not assist in booting
* the x86 chip.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20220711
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_preboot_relaxed_x86;
#define IMG4_CHIP_CRYPTEX1_PREBOOT_RELAXED_X86 \
(&_img4_chip_cryptex1_preboot_relaxed_x86)
#else
#define IMG4_CHIP_CRYPTEX1_PREBOOT_RELAXED_X86 \
(img4if->i4if_v17.chip_cryptex1_preboot_relaxed_x86)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2
* A virtual coprocessor environment hosted on a virtualized ARM AP which
* derives its unique identity from the hosting AP. This chip permits executing
* payloads intended for the next boot prior to that boot. It does not assist in
* booting the AP.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20220128
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_preboot_vma2;
#define IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2 \
(&_img4_chip_cryptex1_preboot_vma2)
#else
#define IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2 \
(img4if->i4if_v17.chip_cryptex1_preboot_vma2)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2_CLONE
* A virtual coprocessor environment hosted on a virtualized ARM AP which
* derives its unique identity from the hosting AP. This chip permits executing
* payloads intended for the next boot prior to that boot. It does not assist in
* booting the AP. This is the clone version which doesn't enforce ECID
* and UDID.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20220322
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_preboot_vma2_clone;
#define IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2_CLONE \
(&_img4_chip_cryptex1_preboot_vma2_clone)
#else
#define IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2_CLONE \
(img4if->i4if_v18.chip_cryptex1_preboot_vma2_clone)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_ASSET
* A virtual coprocessor environment hosted on the AP which derives its unique
* identity from the hosting AP. This chip assists in executing MobileAsset
* brain payloads during runtime, after the host AP has booted its userspace.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20211126
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_asset;
#define IMG4_CHIP_CRYPTEX1_ASSET (&_img4_chip_cryptex1_asset)
#else
#define IMG4_CHIP_CRYPTEX1_ASSET (img4if->i4if_v17.chip_cryptex1_asset)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_ASSET_X86
* A virtual coprocessor environment hosted on the AP which derives its unique
* identity from the hosting AP. This chip assists in executing MobileAsset
* brain payloads during runtime, after the host AP has booted its userspace.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20220401
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_asset_x86;
#define IMG4_CHIP_CRYPTEX1_ASSET_X86 (&_img4_chip_cryptex1_asset_x86)
#else
#define IMG4_CHIP_CRYPTEX1_ASSET_X86 (img4if->i4if_v18.chip_cryptex1_asset_x86)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_GENERIC
* A virtual coprocessor environment hosted on the AP which derives its unique
* identity from the hosting AP. This chip assists in executing generic cryptex
* payloads during runtime, after the host AP has booted its userspace.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20221202
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_generic;
#define IMG4_CHIP_CRYPTEX1_GENERIC \
(&_img4_chip_cryptex1_generic)
#else
#define IMG4_CHIP_CRYPTEX1_GENERIC \
(img4if->i4if_v20.chip_cryptex1_generic)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_GENERIC_SUPPLEMENTAL
* A virtual coprocessor environment hosted on the AP which derives its unique
* identity from the hosting AP. This chip assists in executing generic cryptex
* payloads during runtime, after the host AP has booted its userspace. Its
* trust is rooted in a supplemental root of trust authorized by the Secure Boot
* CA.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20221202
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_generic_supplemental;
#define IMG4_CHIP_CRYPTEX1_GENERIC_SUPPLEMENTAL \
(&_img4_chip_cryptex1_generic_supplemental)
#else
#define IMG4_CHIP_CRYPTEX1_GENERIC_SUPPLEMENTAL \
(img4if->i4if_v20.chip_cryptex1_generic_supplemental)
#endif
/*!
* @const IMG4_CHIP_CRYPTEX1_GENERIC_X86
* A virtual coprocessor environment hosted on an x86 chip. This chip assists in
* executing generic cryptex payloads during runtime after the x86 chip has
* booted.
*/
#if !XNU_KERNEL_PRIVATE
IMG4_API_AVAILABLE_20221202
OS_EXPORT
const img4_chip_t _img4_chip_cryptex1_generic_x86;
#define IMG4_CHIP_CRYPTEX1_GENERIC_X86 \
(&_img4_chip_cryptex1_generic_x86)
#else
#define IMG4_CHIP_CRYPTEX1_GENERIC_X86 \
(img4if->i4if_v20.chip_cryptex1_generic_x86)
#endif
OS_ASSUME_PTR_ABI_SINGLE_END
OS_ASSUME_NONNULL_END
__END_DECLS
#endif // __IMG4_CHIP_CRYPTEX1_H