Loading...
iokit/Kernel/IONVRAM.cpp xnu-12377.121.6 xnu-12377.1.9
--- xnu/xnu-12377.121.6/iokit/Kernel/IONVRAM.cpp
+++ xnu/xnu-12377.1.9/iokit/Kernel/IONVRAM.cpp
@@ -311,7 +311,6 @@
 	 .p.Bits.NeverAllowedToDelete = 1},
 	{"boot-image", .p.Bits.UserWrite = 1},
 	{"com.apple.System.fp-state", .p.Bits.KernelOnly = 1},
-	{"enable-ephdm", .p.Bits.RestoreModifyOnly = 1},
 	{"fm-account-masked", .p.Bits.RootRequired = 1,
 	 .p.Bits.NeverAllowedToDelete = 1},
 	{"fm-activation-locked", .p.Bits.RootRequired = 1,
@@ -337,6 +336,7 @@
 	{"darkboot", .p.Bits.UserWrite = 1},
 	{"nonce-seeds", .p.Bits.KernelOnly = 1},
 #endif /* !defined(__x86_64__) */
+	{"darwin-init-system", .p.Bits.RestoreModifyOnly = 1},
 	// Variables used for testing permissions
 	{"testSysReadHidden", .p.Bits.SystemReadHidden = 1,
 	 .p.Bits.TestingOnly = 1},
@@ -381,8 +381,6 @@
 	{OP_MOD_RD, &gAppleNVRAMGuid, "fmm-mobileme-token-FMM-BridgeHasAccount", "com.apple.private.security.nvram.fmm"},
 	{OP_MOD_RD, &gAppleSystemVariableGuid, "fmm-computer-name", "com.apple.private.security.nvram.fmm"},
 	{OP_MOD_RD, &gAppleNVRAMGuid, "fmm-computer-name", "com.apple.private.security.nvram.fmm"},
-	{OP_MOD, &gAppleSystemVariableGuid, "rdma-enable", "com.apple.private.iokit.rdma"},
-	{OP_MOD, &gAppleNVRAMGuid, "rdma-enable", "com.apple.private.iokit.rdma"},
 	// Variables used for testing entitlement
 	{OP_MOD_RST, &gAppleNVRAMGuid, "testEntModRst", "com.apple.private.iokit.testEntModRst"},
 	{OP_MOD_RST, &gAppleSystemVariableGuid, "testEntModRstSys", "com.apple.private.iokit.testEntModRst"},
@@ -777,7 +775,7 @@
 
 	length = sizeof(uuid_string_t) - 1 + sizeof(':') + strlen(cstring) + 1;
 
-	canonicalString = (char *) IOMallocZeroData(length);
+	canonicalString = (char *) IOMallocData(length);
 	if (canonicalString == nullptr) {
 		return NULL;
 	}
@@ -837,26 +835,6 @@
 	}
 	IOLog("\n");
 }
-
-
-typedef struct {
-	const char            *name;
-	OSSharedPtr<OSObject> value;
-} ephDMAllowListEntry;
-
-// common region variables to preserve on ephemeral boot
-static
-ephDMAllowListEntry ephDMEntries[] = {
-	// Mobile Obliteration clears the following variables after it runs
-	{ .name = "oblit-begins" },
-	{ .name = "orig-oblit" },
-	{ .name = "oblit-failure" },
-	{ .name = "oblit-inprogress" },
-	{ .name = "obliteration" },
-	// darwin-init is used for configuring internal builds
-	{ .name = "darwin-init" },
-	{ .name = "darwin-init-system" }
-};
 
 // ************************** IODTNVRAMPlatformNotifier ****************************
 // private IOService based class for passing notifications to IODTNVRAM
@@ -957,7 +935,7 @@
 
 public:
 	bool start(IOService * provider) APPLE_KEXT_OVERRIDE;
-	void logVariable(NVRAMPartitionType region, IONVRAMOperation op, const char *name, void *data = nullptr, void *offset = nullptr);
+	void logVariable(NVRAMPartitionType region, IONVRAMOperation op, const char *name, void *data);
 };
 
 OSDefineMetaClassAndStructors(IODTNVRAMDiags, IOService)
@@ -994,22 +972,21 @@
 }
 
 void
-IODTNVRAMDiags::logVariable(NVRAMPartitionType region, IONVRAMOperation op, const char *name, void *data, void *offset)
+IODTNVRAMDiags::logVariable(NVRAMPartitionType region, IONVRAMOperation op, const char *name, void *data)
 {
 	// "Stats"        : OSDictionary
 	// - "XX:varName" : OSDictionary, XX is the region value prefix to distinguish which dictionary the variable is in
-	//   - "Init"     : OSNumber variable offset (in the proxy image passed via EDT) if variable is present at initialization (unserialize)
+	//   - "Init"     : OSBoolean True/present if variable present at initialization
 	//   - "Read"     : OSNumber count
 	//   - "Write"    : OSNumber count
 	//   - "Delete"   : OSNumber count
-	//   - "Size"     : OSNumber data size, latest size from either init or write
+	//   - "Size"     : OSNumber size, latest size from either init or write
 	//   - "Present"  : OSBoolean True/False if variable is present or not
 	char                      *entryKey;
 	size_t                    entryKeySize;
 	OSSharedPtr<OSDictionary> existingEntry;
 	OSSharedPtr<OSNumber>     currentCount;
 	OSSharedPtr<OSNumber>     varSize;
-	OSSharedPtr<OSNumber>     varOffset;
 	const char                *opCountKey = nullptr;
 
 	entryKeySize = strlen("XX:") + strlen(name) +  1;
@@ -1046,8 +1023,7 @@
 		break;
 	case kIONVRAMOperationInit:
 		varSize = OSNumber::withNumber((size_t)data, 64);
-		varOffset = OSNumber::withNumber((size_t)offset, 64);
-		existingEntry->setObject(kIODTNVRAMDiagsInitKey, varOffset);
+		existingEntry->setObject(kIODTNVRAMDiagsInitKey, varSize);
 		existingEntry->setObject(kIODTNVRAMDiagsSizeKey, varSize);
 		existingEntry->setObject(kIODTNVRAMDiagsPresentKey, kOSBooleanTrue);
 		break;
@@ -1293,7 +1269,6 @@
 	virtual uint32_t getCommonUsed(void) const = 0;
 	virtual bool     getSystemPartitionActive(void) const = 0;
 	virtual IOReturn getVarDict(OSSharedPtr<OSDictionary> &varDictCopy) = 0;
-	IOReturn handleEphDM(void);
 };
 
 IODTNVRAMFormatHandler::~IODTNVRAMFormatHandler()
@@ -1341,67 +1316,6 @@
 
 exit:
 	return ok;
-}
-
-IOReturn
-IODTNVRAMFormatHandler::handleEphDM(void)
-{
-	OSSharedPtr<IORegistryEntry> entry;
-	OSData*                      data;
-	OSSharedPtr<OSObject>        prop;
-	uint32_t                     ephDM = 0;
-	IOReturn                     ret = kIOReturnSuccess;
-	OSSharedPtr<const OSSymbol>  canonicalKey;
-	uint32_t                     skip = 0;
-	OSSharedPtr<OSDictionary>    varDict;
-
-	// For ephemeral data mode, NVRAM needs to be cleared on every boot
-	// For system region supported targets, iBoot clears the system region
-	// For other targets, iBoot clears all the persistent variables
-	// So xnu only needs to clear the common region
-	entry = IORegistryEntry::fromPath("/product", gIODTPlane);
-	if (entry) {
-		prop = entry->copyProperty("ephemeral-data-mode");
-		if (prop) {
-			data = OSDynamicCast(OSData, prop.get());
-			if (data) {
-				ephDM = *((uint32_t *)data->getBytesNoCopy());
-			}
-		}
-	}
-
-	require_action(ephDM != 0, exit, DEBUG_ALWAYS("ephemeral-data-mode not supported\n"));
-	require_action(getSystemPartitionActive(), exit, DEBUG_ALWAYS("No system region, no need to clear\n"));
-
-	if (PE_parse_boot_argn("epdm-skip-nvram", &skip, sizeof(skip))) {
-		require_action(!(gInternalBuild && (skip == 1)), exit, DEBUG_ALWAYS("Internal build + epdm-skip-nvram set to true, skip nvram clearing\n"));
-	}
-
-	// Get the current variable dictionary
-	ret = getVarDict(varDict);
-	require_noerr_action(ret, exit, DEBUG_ERROR("Failed to get variable dictionary for EphDM handling\n"));
-
-	// Go through the allowlist and stash the values
-	for (uint32_t entry = 0; entry < ARRAY_SIZE(ephDMEntries); entry++) {
-		canonicalKey = keyWithGuidAndCString(gAppleNVRAMGuid, ephDMEntries[entry].name);
-		ephDMEntries[entry].value.reset(OSDynamicCast(OSData, varDict->getObject(canonicalKey.get())), OSRetain);
-	}
-
-	DEBUG_ALWAYS("Obliterating common region\n");
-	ret = flush(gAppleNVRAMGuid, kIONVRAMOperationObliterate);
-	require_noerr_action(ret, exit, DEBUG_ERROR("Flushing common region failed, ret=%#08x\n", ret));
-
-	// Now write the allowlist variables back
-	for (uint32_t entry = 0; entry < ARRAY_SIZE(ephDMEntries); entry++) {
-		if (ephDMEntries[entry].value.get() == nullptr) {
-			continue;
-		}
-		ret = setVariable(gAppleNVRAMGuid, ephDMEntries[entry].name, ephDMEntries[entry].value.get());
-		require_noerr_action(ret, exit, DEBUG_ERROR("Setting allowlist variable %s failed, ret=%#08x\n", ephDMEntries[entry].name, ret));
-	}
-
-exit:
-	return ret;
 }
 
 #include "IONVRAMCHRPHandler.cpp"
@@ -1859,7 +1773,7 @@
 	theObject.reset(localVarDict->getObject(canonicalKey.get()), OSRetain);
 
 	if (_diags) {
-		_diags->logVariable(getPartitionTypeForGUID(newGuid), kIONVRAMOperationRead, name);
+		_diags->logVariable(getPartitionTypeForGUID(newGuid), kIONVRAMOperationRead, name, NULL);
 	}
 
 	if (theObject != nullptr) {