1/*!
2 * @header
3 * Cryptex1 chip environments.
4 */
5#ifndef __IMG4_CHIP_CRYPTEX1_H
6#define __IMG4_CHIP_CRYPTEX1_H
7
8#ifndef __IMG4_INDIRECT
9#error "Please #include <img4/firmware.h> instead of this file directly"
10#endif // __IMG4_INDIRECT
11
12__BEGIN_DECLS
13OS_ASSUME_NONNULL_BEGIN
14OS_ASSUME_PTR_ABI_SINGLE_BEGIN
15
16/*!
17 * @const IMG4_CHIP_CRYPTEX1_BOOT
18 * A virtual coprocessor environment hosted on the AP which derives its unique
19 * identity from the hosting AP. This chip assists in booting the AP's
20 * userspace.
21 */
22#if !XNU_KERNEL_PRIVATE
23IMG4_API_AVAILABLE_20211126
24OS_EXPORT
25const img4_chip_t _img4_chip_cryptex1_boot;
26#define IMG4_CHIP_CRYPTEX1_BOOT (&_img4_chip_cryptex1_boot)
27#else
28#define IMG4_CHIP_CRYPTEX1_BOOT (img4if->i4if_v17.chip_cryptex1_boot)
29#endif
30
31/*!
32 * @const IMG4_CHIP_CRYPTEX1_BOOT_REDUCED
33 * A virtual coprocessor environment hosted on the reduced-security AP which
34 * derives its unique identity from the hosting AP. This chip assists in booting
35 * the AP's userspace.
36 */
37#if !XNU_KERNEL_PRIVATE
38IMG4_API_AVAILABLE_20211126
39OS_EXPORT
40const img4_chip_t _img4_chip_cryptex1_boot_reduced;
41#define IMG4_CHIP_CRYPTEX1_BOOT_REDUCED \
42 (&_img4_chip_cryptex1_boot_reduced)
43#else
44#define IMG4_CHIP_CRYPTEX1_BOOT_REDUCED \
45 (img4if->i4if_v17.chip_cryptex1_boot_reduced)
46#endif
47
48/*!
49 * @const IMG4_CHIP_CRYPTEX1_BOOT_PROPOSAL
50 * Equivalent to {@link IMG4_CHIP_CRYPTEX1_BOOT} with internal use constraints
51 * relaxed to permit verification in scenarios where the currently-booted AP may
52 * not represent the ultimate execution environment.
53 *
54 * @discussion
55 * This environment should not be used for payload execution on the AP and is
56 * intended to facilitate local policy signing in the SEP.
57 */
58#if !XNU_KERNEL_PRIVATE
59IMG4_API_AVAILABLE_20220401
60OS_EXPORT
61const img4_chip_t _img4_chip_cryptex1_boot_proposal;
62#define IMG4_CHIP_CRYPTEX1_BOOT_PROPOSAL (&_img4_chip_cryptex1_boot_proposal)
63#else
64#define IMG4_CHIP_CRYPTEX1_BOOT_PROPOSAL \
65 (img4if->i4if_v18.chip_cryptex1_boot_proposal)
66#endif
67
68/*!
69 * @const IMG4_CHIP_CRYPTEX1_BOOT_REDUCED_PROPOSAL
70 * Equivalent to {@link IMG4_CHIP_CRYPTEX1_BOOT_REDUCED} with internal use
71 * constraints relaxed to permit verification in scenarios where the currently-
72 * booted AP may not represent the ultimate execution environment.
73 *
74 * @discussion
75 * This environment should not be used for payload execution on the AP and is
76 * intended to facilitate local policy signing in the SEP.
77 */
78#if !XNU_KERNEL_PRIVATE
79IMG4_API_AVAILABLE_20220401
80OS_EXPORT
81const img4_chip_t _img4_chip_cryptex1_boot_reduced_proposal;
82#define IMG4_CHIP_CRYPTEX1_BOOT_REDUCED_PROPOSAL \
83 (&_img4_chip_cryptex1_boot_reduced_proposal)
84#else
85#define IMG4_CHIP_CRYPTEX1_BOOT_REDUCED_PROPOSAL \
86 (img4if->i4if_v18.chip_cryptex1_boot_reduced_proposal)
87#endif
88
89/*!
90 * @const IMG4_CHIP_CRYPTEX1_BOOT_X86
91 * A virtual coprocessor environment hosted on an x86 chip which has no unique
92 * identity. This chip assists in booting the x86 processor's userspace.
93 */
94#if !XNU_KERNEL_PRIVATE
95IMG4_API_AVAILABLE_20211126
96OS_EXPORT
97const img4_chip_t _img4_chip_cryptex1_boot_x86;
98#define IMG4_CHIP_CRYPTEX1_BOOT_X86 (&_img4_chip_cryptex1_boot_x86)
99#else
100#define IMG4_CHIP_CRYPTEX1_BOOT_X86 (img4if->i4if_v17.chip_cryptex1_boot_x86)
101#endif
102
103/*!
104 * @const IMG4_CHIP_CRYPTEX1_BOOT_STATIC_X86
105 * A virtual coprocessor environment hosted on an x86 chip which has no unique
106 * identity. This chip assists in booting the x86 processor's userspace. This
107 * chip has no ability to enforce expiration on its manifests.
108 */
109#if !XNU_KERNEL_PRIVATE
110IMG4_API_AVAILABLE_20220912
111OS_EXPORT
112const img4_chip_t _img4_chip_cryptex1_boot_static_x86;
113#define IMG4_CHIP_CRYPTEX1_BOOT_STATIC_X86 \
114 (&_img4_chip_cryptex1_boot_static_x86)
115#else
116#define IMG4_CHIP_CRYPTEX1_BOOT_STATIC_X86 \
117 (img4if->i4if_v19.chip_cryptex1_boot_static_x86)
118#endif
119
120/*!
121 * @const IMG4_CHIP_CRYPTEX1_BOOT_RELAXED_X86
122 * A virtual coprocessor environment hosted on an x86 chip which has no unique
123 * identity and has secure boot disabled. This chip assists in booting the x86
124 * processor's userspace.
125 */
126#if !XNU_KERNEL_PRIVATE
127IMG4_API_AVAILABLE_20220711
128OS_EXPORT
129const img4_chip_t _img4_chip_cryptex1_boot_relaxed_x86;
130#define IMG4_CHIP_CRYPTEX1_BOOT_RELAXED_X86 \
131 (&_img4_chip_cryptex1_boot_relaxed_x86)
132#else
133#define IMG4_CHIP_CRYPTEX1_BOOT_RELAXED_X86 \
134 (img4if->i4if_v19.chip_cryptex1_boot_relaxed_x86)
135#endif
136
137/*!
138 * @const IMG4_CHIP_CRYPTEX1_BOOT_VMA2
139 * A virtual coprocessor environment hosted on a virtualized ARM AP which
140 * derives its unique identity from the hosting AP. This chip assists in booting
141 * the AP's userspace.
142 */
143#if !XNU_KERNEL_PRIVATE
144IMG4_API_AVAILABLE_20220128
145OS_EXPORT
146const img4_chip_t _img4_chip_cryptex1_boot_vma2;
147#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2 (&_img4_chip_cryptex1_boot_vma2)
148#else
149#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2 (img4if->i4if_v17.chip_cryptex1_boot_vma2)
150#endif
151
152/*!
153 * @const IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE
154 * A virtual coprocessor environment hosted on a virtualized ARM AP which
155 * derives its unique identity from the hosting AP. This chip assists in booting
156 * the AP's userspace. This is the clone version which doesn't enforce ECID
157 * and UDID.
158 */
159#if !XNU_KERNEL_PRIVATE
160IMG4_API_AVAILABLE_20220322
161OS_EXPORT
162const img4_chip_t _img4_chip_cryptex1_boot_vma2_clone;
163#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE \
164 (&_img4_chip_cryptex1_boot_vma2_clone)
165#else
166#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE \
167 (img4if->i4if_v18.chip_cryptex1_boot_vma2_clone)
168#endif
169
170/*!
171 * @const IMG4_CHIP_CRYPTEX1_BOOT_VMA2_PROPOSAL
172 * Equivalent to {@link IMG4_CHIP_CRYPTEX1_BOOT_VMA2} with internal use
173 * constraints relaxed to permit verification in scenarios where the currently-
174 * booted AP may not represent the ultimate execution environment.
175 *
176 * @discussion
177 * This environment should not be used for payload execution on the AP and is
178 * intended to facilitate local policy signing in the BootPolicy kext.
179 */
180#if !XNU_KERNEL_PRIVATE
181IMG4_API_AVAILABLE_20220401
182OS_EXPORT
183const img4_chip_t _img4_chip_cryptex1_boot_vma2_proposal;
184#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_PROPOSAL \
185 (&_img4_chip_cryptex1_boot_vma2_proposal)
186#else
187#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_PROPOSAL \
188 (img4if->i4if_v18.chip_cryptex1_boot_vma2_proposal)
189#endif
190
191/*!
192 * @const IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE_PROPOSAL
193 * Equivalent to {@link IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE} with internal use
194 * constraints relaxed to permit verification in scenarios where the currently-
195 * booted AP may not represent the ultimate execution environment.
196 *
197 * @discussion
198 * This environment should not be used for payload execution on the AP and is
199 * intended to facilitate local policy signing in the BootPolicy kext.
200 */
201#if !XNU_KERNEL_PRIVATE
202IMG4_API_AVAILABLE_20220401
203OS_EXPORT
204const img4_chip_t _img4_chip_cryptex1_boot_vma2_clone_proposal;
205#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE_PROPOSAL \
206 (&_img4_chip_cryptex1_boot_vma2_clone_proposal)
207#else
208#define IMG4_CHIP_CRYPTEX1_BOOT_VMA2_CLONE_PROPOSAL \
209 (img4if->i4if_v18.chip_cryptex1_boot_vma2_clone_proposal)
210#endif
211
212/*!
213 * @const IMG4_CHIP_CRYPTEX1_PREBOOT
214 * A virtual coprocessor environment hosted on the AP which derives its unique
215 * identity from the hosting AP. This chip permits executing payloads intended
216 * for the next boot prior to that boot. It does not assist in booting the AP.
217 */
218#if !XNU_KERNEL_PRIVATE
219IMG4_API_AVAILABLE_20211126
220OS_EXPORT
221const img4_chip_t _img4_chip_cryptex1_preboot;
222#define IMG4_CHIP_CRYPTEX1_PREBOOT (&_img4_chip_cryptex1_preboot)
223#else
224#define IMG4_CHIP_CRYPTEX1_PREBOOT (img4if->i4if_v17.chip_cryptex1_preboot)
225#endif
226
227/*!
228 * @const IMG4_CHIP_CRYPTEX1_PREBOOT_REDUCED
229 * A virtual coprocessor environment hosted on the reduced-security AP which
230 * derives its unique identity from the hosting AP. This chip permits executing
231 * payloads intended for the next boot prior to that boot. It does not assist in
232 * booting the AP.
233 */
234#if !XNU_KERNEL_PRIVATE
235IMG4_API_AVAILABLE_20211126
236OS_EXPORT
237const img4_chip_t _img4_chip_cryptex1_preboot_reduced;
238#define IMG4_CHIP_CRYPTEX1_PREBOOT_REDUCED \
239 (&_img4_chip_cryptex1_preboot_reduced)
240#else
241#define IMG4_CHIP_CRYPTEX1_PREBOOT_REDUCED \
242 (img4if->i4if_v17.chip_cryptex1_preboot_reduced)
243#endif
244
245/*!
246 * @const IMG4_CHIP_CRYPTEX1_PREBOOT_X86
247 * A virtual coprocessor environment hosted on an x86 chip which has no unique
248 * identity. This chip permits executing payloads intended for the next boot
249 * prior to that boot. It does not assist in booting the x86 chip.
250 */
251#if !XNU_KERNEL_PRIVATE
252IMG4_API_AVAILABLE_20211126
253OS_EXPORT
254const img4_chip_t _img4_chip_cryptex1_preboot_x86;
255#define IMG4_CHIP_CRYPTEX1_PREBOOT_X86 \
256 (&_img4_chip_cryptex1_preboot_x86)
257#else
258#define IMG4_CHIP_CRYPTEX1_PREBOOT_X86 \
259 (img4if->i4if_v17.chip_cryptex1_preboot_x86)
260#endif
261
262/*!
263 * @const IMG4_CHIP_CRYPTEX1_PREBOOT_STATIC_X86
264 * A virtual coprocessor environment hosted on an x86 chip which has no unique
265 * identity. This chip permits executing payloads intended for the next boot
266 * prior to that boot. It does not assist in booting the x86 chip. This chip has
267 * no ability to enforce expiration on its manifests.
268 */
269#if !XNU_KERNEL_PRIVATE
270IMG4_API_AVAILABLE_20211126
271OS_EXPORT
272const img4_chip_t _img4_chip_cryptex1_preboot_static_x86;
273#define IMG4_CHIP_CRYPTEX1_PREBOOT_STATIC_X86 \
274 (&_img4_chip_cryptex1_preboot_static_x86)
275#else
276#define IMG4_CHIP_CRYPTEX1_PREBOOT_STATIC_X86 \
277 (img4if->i4if_v19.chip_cryptex1_preboot_static_x86)
278#endif
279
280/*!
281 * @const IMG4_CHIP_CRYPTEX1_PREBOOT_RELAXED_X86
282 * A virtual coprocessor environment hosted on an x86 chip which has no unique
283 * identity and has secure boot disabled. This chip permits executing payloads
284 * intended for the next boot prior to that boot. It does not assist in booting
285 * the x86 chip.
286 */
287#if !XNU_KERNEL_PRIVATE
288IMG4_API_AVAILABLE_20220711
289OS_EXPORT
290const img4_chip_t _img4_chip_cryptex1_preboot_relaxed_x86;
291#define IMG4_CHIP_CRYPTEX1_PREBOOT_RELAXED_X86 \
292 (&_img4_chip_cryptex1_preboot_relaxed_x86)
293#else
294#define IMG4_CHIP_CRYPTEX1_PREBOOT_RELAXED_X86 \
295 (img4if->i4if_v17.chip_cryptex1_preboot_relaxed_x86)
296#endif
297
298/*!
299 * @const IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2
300 * A virtual coprocessor environment hosted on a virtualized ARM AP which
301 * derives its unique identity from the hosting AP. This chip permits executing
302 * payloads intended for the next boot prior to that boot. It does not assist in
303 * booting the AP.
304 */
305#if !XNU_KERNEL_PRIVATE
306IMG4_API_AVAILABLE_20220128
307OS_EXPORT
308const img4_chip_t _img4_chip_cryptex1_preboot_vma2;
309#define IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2 \
310 (&_img4_chip_cryptex1_preboot_vma2)
311#else
312#define IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2 \
313 (img4if->i4if_v17.chip_cryptex1_preboot_vma2)
314#endif
315
316/*!
317 * @const IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2_CLONE
318 * A virtual coprocessor environment hosted on a virtualized ARM AP which
319 * derives its unique identity from the hosting AP. This chip permits executing
320 * payloads intended for the next boot prior to that boot. It does not assist in
321 * booting the AP. This is the clone version which doesn't enforce ECID
322 * and UDID.
323 */
324#if !XNU_KERNEL_PRIVATE
325IMG4_API_AVAILABLE_20220322
326OS_EXPORT
327const img4_chip_t _img4_chip_cryptex1_preboot_vma2_clone;
328#define IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2_CLONE \
329 (&_img4_chip_cryptex1_preboot_vma2_clone)
330#else
331#define IMG4_CHIP_CRYPTEX1_PREBOOT_VMA2_CLONE \
332 (img4if->i4if_v18.chip_cryptex1_preboot_vma2_clone)
333#endif
334
335/*!
336 * @const IMG4_CHIP_CRYPTEX1_ASSET
337 * A virtual coprocessor environment hosted on the AP which derives its unique
338 * identity from the hosting AP. This chip assists in executing MobileAsset
339 * brain payloads during runtime, after the host AP has booted its userspace.
340 */
341#if !XNU_KERNEL_PRIVATE
342IMG4_API_AVAILABLE_20211126
343OS_EXPORT
344const img4_chip_t _img4_chip_cryptex1_asset;
345#define IMG4_CHIP_CRYPTEX1_ASSET (&_img4_chip_cryptex1_asset)
346#else
347#define IMG4_CHIP_CRYPTEX1_ASSET (img4if->i4if_v17.chip_cryptex1_asset)
348#endif
349
350/*!
351 * @const IMG4_CHIP_CRYPTEX1_ASSET_X86
352 * A virtual coprocessor environment hosted on the AP which derives its unique
353 * identity from the hosting AP. This chip assists in executing MobileAsset
354 * brain payloads during runtime, after the host AP has booted its userspace.
355 */
356#if !XNU_KERNEL_PRIVATE
357IMG4_API_AVAILABLE_20220401
358OS_EXPORT
359const img4_chip_t _img4_chip_cryptex1_asset_x86;
360#define IMG4_CHIP_CRYPTEX1_ASSET_X86 (&_img4_chip_cryptex1_asset_x86)
361#else
362#define IMG4_CHIP_CRYPTEX1_ASSET_X86 (img4if->i4if_v18.chip_cryptex1_asset_x86)
363#endif
364
365/*!
366 * @const IMG4_CHIP_CRYPTEX1_GENERIC
367 * A virtual coprocessor environment hosted on the AP which derives its unique
368 * identity from the hosting AP. This chip assists in executing generic cryptex
369 * payloads during runtime, after the host AP has booted its userspace.
370 */
371#if !XNU_KERNEL_PRIVATE
372IMG4_API_AVAILABLE_20221202
373OS_EXPORT
374const img4_chip_t _img4_chip_cryptex1_generic;
375#define IMG4_CHIP_CRYPTEX1_GENERIC \
376 (&_img4_chip_cryptex1_generic)
377#else
378#define IMG4_CHIP_CRYPTEX1_GENERIC \
379 (img4if->i4if_v20.chip_cryptex1_generic)
380#endif
381
382/*!
383 * @const IMG4_CHIP_CRYPTEX1_GENERIC_SUPPLEMENTAL
384 * A virtual coprocessor environment hosted on the AP which derives its unique
385 * identity from the hosting AP. This chip assists in executing generic cryptex
386 * payloads during runtime, after the host AP has booted its userspace. Its
387 * trust is rooted in a supplemental root of trust authorized by the Secure Boot
388 * CA.
389 */
390#if !XNU_KERNEL_PRIVATE
391IMG4_API_AVAILABLE_20221202
392OS_EXPORT
393const img4_chip_t _img4_chip_cryptex1_generic_supplemental;
394#define IMG4_CHIP_CRYPTEX1_GENERIC_SUPPLEMENTAL \
395 (&_img4_chip_cryptex1_generic_supplemental)
396#else
397#define IMG4_CHIP_CRYPTEX1_GENERIC_SUPPLEMENTAL \
398 (img4if->i4if_v20.chip_cryptex1_generic_supplemental)
399#endif
400
401/*!
402 * @const IMG4_CHIP_CRYPTEX1_GENERIC_X86
403 * A virtual coprocessor environment hosted on an x86 chip. This chip assists in
404 * executing generic cryptex payloads during runtime after the x86 chip has
405 * booted.
406 */
407#if !XNU_KERNEL_PRIVATE
408IMG4_API_AVAILABLE_20221202
409OS_EXPORT
410const img4_chip_t _img4_chip_cryptex1_generic_x86;
411#define IMG4_CHIP_CRYPTEX1_GENERIC_X86 \
412 (&_img4_chip_cryptex1_generic_x86)
413#else
414#define IMG4_CHIP_CRYPTEX1_GENERIC_X86 \
415 (img4if->i4if_v20.chip_cryptex1_generic_x86)
416#endif
417
418OS_ASSUME_PTR_ABI_SINGLE_END
419OS_ASSUME_NONNULL_END
420__END_DECLS
421
422#endif // __IMG4_CHIP_CRYPTEX1_H
423