1 | #ifndef _CHUNKLIST_H |
2 | #define _CHUNKLIST_H |
3 | |
4 | #include <libkern/crypto/sha2.h> |
5 | |
6 | /* |
7 | * Chunklist file format |
8 | */ |
9 | #define CHUNKLIST_MAGIC 0x4C4B4E43 |
10 | #define CHUNKLIST_FILE_VERSION_10 1 |
11 | #define CHUNKLIST_CHUNK_METHOD_10 1 |
12 | #define CHUNKLIST_SIGNATURE_METHOD_REV1 1 |
13 | #define CHUNKLIST_REV1_SIG_LEN 256 |
14 | #define CHUNKLIST_PUBKEY_LEN (2048/8) |
15 | #define CHUNKLIST_SIGNATURE_LEN (2048/8) |
16 | |
17 | struct chunklist_hdr { |
18 | uint32_t cl_magic; |
19 | uint32_t ; |
20 | uint8_t cl_file_ver; |
21 | uint8_t cl_chunk_method; |
22 | uint8_t cl_sig_method; |
23 | uint8_t __unused1; |
24 | uint64_t cl_chunk_count; |
25 | uint64_t cl_chunk_offset; |
26 | uint64_t cl_sig_offset; |
27 | } __attribute__((packed)); |
28 | |
29 | struct chunklist_chunk { |
30 | uint32_t chunk_size; |
31 | uint8_t chunk_sha256[SHA256_DIGEST_LENGTH]; |
32 | } __attribute__((packed)); |
33 | |
34 | struct chunklist_pubkey { |
35 | const boolean_t is_production; |
36 | const uint8_t key[CHUNKLIST_PUBKEY_LEN]; |
37 | }; |
38 | |
39 | int authenticate_root_with_chunklist(const char *rootdmg_path, boolean_t *out_enforced); |
40 | int authenticate_root_version_check(void); |
41 | int authenticate_bootkc_uuid(void); |
42 | int authenticate_libkern_uuid(void); |
43 | #endif /* _CHUNKLIST_H */ |
44 | |