xref: /xnu-11215/bsd/sys/code_signing_internal.h (revision 8d741a5d) 
1 /*
2  * Copyright (c) 2022 Apple Computer, Inc. All rights reserved.
3  *
4  * @APPLE_LICENSE_HEADER_START@
5  *
6  * The contents of this file constitute Original Code as defined in and
7  * are subject to the Apple Public Source License Version 1.1 (the
8  * "License").  You may not use this file except in compliance with the
9  * License.  Please obtain a copy of the License at
10  * http://www.apple.com/publicsource and read it before using this file.
11  *
12  * This Original Code and all software distributed under the License are
13  * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
17  * License for the specific language governing rights and limitations
18  * under the License.
19  *
20  * @APPLE_LICENSE_HEADER_END@
21  */
22 
23 #ifndef _SYS_CODE_SIGNING_INTERNAL_H_
24 #define _SYS_CODE_SIGNING_INTERNAL_H_
25 
26 #include <sys/cdefs.h>
27 __BEGIN_DECLS
28 
29 #pragma GCC diagnostic push
30 #pragma GCC diagnostic ignored "-Wnullability-completeness"
31 #pragma GCC diagnostic ignored "-Wnullability-completeness-on-arrays"
32 
33 #ifdef XNU_KERNEL_PRIVATE
34 
35 #include <mach/boolean.h>
36 #include <mach/kern_return.h>
37 #include <kern/cs_blobs.h>
38 #include <vm/pmap.h>
39 #include <vm/pmap_cs.h>
40 #include <img4/firmware.h>
41 #include <libkern/image4/dlxk.h>
42 
43 #if CONFIG_SPTM
44 /* TrustedExecutionMonitor */
45 #define CODE_SIGNING_MONITOR 1
46 #define CODE_SIGNING_MONITOR_PREFIX txm
47 
48 #elif PMAP_CS_PPL_MONITOR
49 /* Page Protection Layer -- PMAP_CS */
50 #define CODE_SIGNING_MONITOR 1
51 #define CODE_SIGNING_MONITOR_PREFIX ppl
52 
53 #else
54 /* No monitor -- XNU */
55 #define CODE_SIGNING_MONITOR 0
56 #define CODE_SIGNING_MONITOR_PREFIX xnu
57 
58 #endif /* CONFIG_SPTM */
59 
60 /**
61  * This macro can be used by code which is abstracting out the concept of the code
62  * signing monitor in order to redirect calls to the correct monitor environment.
63  */
64 #define __CSM_PREFIX(prefix, name) prefix##_##name
65 #define _CSM_PREFIX(prefix, name)  __CSM_PREFIX(prefix, name)
66 #define CSM_PREFIX(name)           _CSM_PREFIX(CODE_SIGNING_MONITOR_PREFIX, name)
67 
68 void CSM_PREFIX(toggle_developer_mode)(
69 	bool state);
70 
71 kern_return_t CSM_PREFIX(rem_enable)(void);
72 
73 kern_return_t CSM_PREFIX(rem_state)(void);
74 
75 kern_return_t CSM_PREFIX(secure_channel_shared_page)(
76 	uint64_t * secure_channel_phys,
77 	size_t *secure_channel_size);
78 
79 void CSM_PREFIX(update_device_state)(void);
80 
81 void CSM_PREFIX(complete_security_boot_mode)(
82 	uint32_t security_boot_mode);
83 
84 void CSM_PREFIX(set_compilation_service_cdhash)(
85 	const uint8_t cdhash[CS_CDHASH_LEN]);
86 
87 bool CSM_PREFIX(match_compilation_service_cdhash)(
88 	const uint8_t cdhash[CS_CDHASH_LEN]);
89 
90 void CSM_PREFIX(set_local_signing_public_key)(
91 	const uint8_t * public_key);
92 
93 uint8_t* CSM_PREFIX(get_local_signing_public_key)(void);
94 
95 void* CSM_PREFIX(image4_storage_data)(
96 	size_t * allocated_size);
97 
98 void CSM_PREFIX(image4_set_nonce)(
99 	const img4_nonce_domain_index_t ndi,
100 	const img4_nonce_t *nonce);
101 
102 void CSM_PREFIX(image4_roll_nonce)(
103 	const img4_nonce_domain_index_t ndi);
104 
105 errno_t CSM_PREFIX(image4_copy_nonce)(
106 	const img4_nonce_domain_index_t ndi,
107 	img4_nonce_t *nonce_out);
108 
109 errno_t CSM_PREFIX(image4_execute_object)(
110 	img4_runtime_object_spec_index_t obj_spec_index,
111 	const img4_buff_t *payload,
112 	const img4_buff_t *manifest);
113 
114 errno_t CSM_PREFIX(image4_copy_object)(
115 	img4_runtime_object_spec_index_t obj_spec_index,
116 	vm_address_t object_out,
117 	size_t *object_length);
118 
119 const void* CSM_PREFIX(image4_get_monitor_exports)(void);
120 
121 errno_t CSM_PREFIX(image4_set_release_type)(
122 	const char *release_type);
123 
124 errno_t CSM_PREFIX(image4_set_bnch_shadow)(
125 	const img4_nonce_domain_index_t ndi);
126 
127 kern_return_t CSM_PREFIX(image4_transfer_region)(
128 	image4_cs_trap_t selector,
129 	vm_address_t region_addr,
130 	vm_size_t region_size);
131 
132 kern_return_t CSM_PREFIX(image4_reclaim_region)(
133 	image4_cs_trap_t selector,
134 	vm_address_t region_addr,
135 	vm_size_t region_size);
136 
137 errno_t CSM_PREFIX(image4_monitor_trap)(
138 	image4_cs_trap_t selector,
139 	const void *input_data,
140 	size_t input_size);
141 
142 #if CODE_SIGNING_MONITOR
143 /* Function prototypes needed only when we have a monitor environment */
144 
145 bool CSM_PREFIX(code_signing_enabled)(void);
146 
147 void CSM_PREFIX(enter_lockdown_mode)(void);
148 
149 vm_size_t CSM_PREFIX(managed_code_signature_size)(void);
150 
151 void CSM_PREFIX(unrestrict_local_signing_cdhash)(
152 	const uint8_t cdhash[CS_CDHASH_LEN]);
153 
154 kern_return_t CSM_PREFIX(register_provisioning_profile)(
155 	const void *profile_blob,
156 	const size_t profile_blob_size,
157 	void **profile_obj);
158 
159 kern_return_t CSM_PREFIX(trust_provisioning_profile)(
160 	void *profile_obj,
161 	const void *sig_data,
162 	size_t sig_size);
163 
164 kern_return_t CSM_PREFIX(unregister_provisioning_profile)(
165 	void *profile_obj);
166 
167 kern_return_t CSM_PREFIX(associate_provisioning_profile)(
168 	void *sig_obj,
169 	void *profile_obj);
170 
171 kern_return_t CSM_PREFIX(disassociate_provisioning_profile)(
172 	void *sig_obj);
173 
174 kern_return_t CSM_PREFIX(register_code_signature)(
175 	const vm_address_t signature_addr,
176 	const vm_size_t signature_size,
177 	const vm_offset_t code_directory_offset,
178 	const char *signature_path,
179 	void **sig_obj,
180 	vm_address_t *txm_signature_addr);
181 
182 kern_return_t CSM_PREFIX(unregister_code_signature)(
183 	void *sig_obj);
184 
185 kern_return_t CSM_PREFIX(verify_code_signature)(
186 	void *sig_obj);
187 
188 kern_return_t CSM_PREFIX(reconstitute_code_signature)(
189 	void *sig,
190 	vm_address_t *unneeded_addr,
191 	vm_size_t *unneeded_size);
192 
193 kern_return_t CSM_PREFIX(associate_code_signature)(
194 	pmap_t pmap,
195 	void *sig_obj,
196 	const vm_address_t region_addr,
197 	const vm_size_t region_size,
198 	const vm_offset_t region_offset);
199 
200 kern_return_t CSM_PREFIX(allow_jit_region)(
201 	pmap_t pmap);
202 
203 kern_return_t CSM_PREFIX(associate_jit_region)(
204 	pmap_t pmap,
205 	const vm_address_t region_addr,
206 	const vm_size_t region_size);
207 
208 kern_return_t CSM_PREFIX(associate_debug_region)(
209 	pmap_t pmap,
210 	const vm_address_t region_addr,
211 	const vm_size_t region_size);
212 
213 kern_return_t CSM_PREFIX(address_space_debugged)(
214 	pmap_t pmap);
215 
216 kern_return_t CSM_PREFIX(allow_invalid_code)(
217 	pmap_t pmap);
218 
219 kern_return_t CSM_PREFIX(get_trust_level_kdp)(
220 	pmap_t pmap,
221 	uint32_t *trust_level);
222 
223 kern_return_t CSM_PREFIX(get_jit_address_range_kdp)(
224 	pmap_t pmap,
225 	uintptr_t *jit_region_start,
226 	uintptr_t *jit_region_end);
227 
228 kern_return_t CSM_PREFIX(address_space_exempt)(
229 	const pmap_t pmap);
230 
231 kern_return_t CSM_PREFIX(fork_prepare)(
232 	pmap_t old_pmap,
233 	pmap_t new_pmap);
234 
235 kern_return_t CSM_PREFIX(acquire_signing_identifier)(
236 	const void *sig_obj,
237 	const char **signing_id);
238 
239 kern_return_t CSM_PREFIX(associate_kernel_entitlements)(
240 	void *sig_obj,
241 	const void *kernel_entitlements);
242 
243 kern_return_t CSM_PREFIX(resolve_kernel_entitlements)(
244 	pmap_t pmap,
245 	const void **kernel_entitlements);
246 
247 kern_return_t CSM_PREFIX(accelerate_entitlements)(
248 	void *sig_obj,
249 	CEQueryContext_t *ce_ctx);
250 
251 #endif /* CODE_SIGNING_MONITOR */
252 
253 #endif /* XNU_KERNEL_PRIVATE */
254 
255 #pragma GCC diagnostic pop
256 
257 __END_DECLS
258 #endif /* _SYS_CODE_SIGNING_INTERNAL_H_ */
259