Module apple_codesign::embedded_signature
source · Expand description
Common embedded signature data structures (superblobs, magic values, etc).
This module defines types and data structures that are common to Apple’s embedded signature format.
Within this module are constants for header magic, definitions of serialized data structures like superblobs and blobs, and some common enumerations.
There is no official specification of the Mach-O structure for various code signing primitives. So the definitions in here could diverge from what is actually implemented.
The best source of the specification comes from Apple’s open source headers, notably cs_blobs.h (e.g. https://opensource.apple.com/source/xnu/xnu-7195.81.3/osfmk/kern/cs_blobs.h.auto.html). (Go to https://opensource.apple.com/source/xnu and check for newer versions of xnu to look for new features.)
The high-level format of embedded signature data is roughly as follows:
- A
SuperBlobheader describes the total length of data and the number of blob sections that follow. - An array of
BlobIndexdescribing the type and offset of all blob sections that follow. The type here is a slot and describes what type of data the blob contains (code directory, entitlements, embedded signature, etc). - N blob sections of varying formats and lengths.
We only support the CodeSigningMagic::EmbeddedSignature magic in the SuperBlob,
as this is what is used in the wild. (It is even unclear if other magic values
can occur in SuperBlob headers.)
The EmbeddedSignature type represents a lightly parsed SuperBlob. It
provides access to BlobEntry which describe the blob sections within the
super blob. A BlobEntry can be parsed into the more concrete ParsedBlob,
which allows some access to data within each specific blob type.