With respect to 19E5209h and the the nvram settings for SRD, when possible, please provide examples for the existing nvram settings and for those nvram settings disabling KTRR, CTRR and kASLR.
nvram wishlist
Please consider including nvram settings to programmatically configure the SRD following IPSW Operations with Finder, srdutil or other Tooling that may be made available.
Proposed nvram setting:
nvram bypass-setup --ecid=blah
The proposed nvram setting bypass-setup would take an SRD with IPSW and bypass Manual Configuration. The nvram configuration option would setup the SRD with wireless, ip, netmask, gateway, dns OR optionally dhcp, --ipv4=ipv4_dhcp, which consumes the IPv4 Defaults from the Network.
The proposed nvram setting interface would take an SRD with IPSW and output all Interface Property Index Details or a specified Index.
nvram show interface index
Proposed nvram setting:
nvram reboot --ecid=blah --cpuid=Index
The proposed nvram setting reboot would provide for programmatic Reboot of SRD or optionally take an Index to Halt and Start a CPU.
nvram config file
Please also consider adding additional nvram settings, such as those shown below, that could be placed in a nvram.cfg settings file on the Host to programmatically manage SRD:
! start: srd nvram config description file
! This file contains all descriptors for nvram with example usage
nvram console log comment Starting IPSW install of blah^Z
! Set mode to Restore
nvram mode restore
! Set mode to DFU
nvram mode dfu
! Write 100 lines from Console Log to stdout
nvram console log 100
echo "Running IPSW Provisioning Script for ECID $blah"
srdutil restore ipsw
nvram bypass-setup --ecid=blah --ssid=public --password=secret --type=wpa --ipv4=192.168.x.y --ipv4netmask=255.255.255.0 --gateway=192.168.x.y --dns=192.168.x.y
nvram show interface index
...
make install
ssh 192.168.x.y
...
nvram reboot --ecid=blah --cpuid==Index
## Sample Code Requests
- Please consider providing sample code to demonstrate and confirm the disablement and enablement of KTRR & CTRR capabilities for the SRD
- Please consider providing sample code to demonstrate and confirm that kASLR is enabled & disabled for the SRD
Thank You
Added to Discussion https://github.com/apple/security-research-device/discussions/2
SUMMARY
With respect to 19E5209h and the the nvram settings for SRD, when possible, please provide examples for the existing nvram settings and for those nvram settings disabling KTRR, CTRR and kASLR.
nvram wishlist
Please consider including nvram settings to programmatically configure the SRD following IPSW Operations with Finder, srdutil or other Tooling that may be made available.
Proposed nvram setting:
The proposed nvram setting bypass-setup would take an SRD with IPSW and bypass Manual Configuration. The nvram configuration option would setup the SRD with wireless, ip, netmask, gateway, dns OR optionally dhcp, --ipv4=ipv4_dhcp, which consumes the IPv4 Defaults from the Network.
Proposed nvram setting:
The proposed nvram setting interface would take an SRD with IPSW and output all Interface Property Index Details or a specified Index.
Proposed nvram setting:
The proposed nvram setting reboot would provide for programmatic Reboot of SRD or optionally take an Index to Halt and Start a CPU.
nvram config file
! SRD needs programmatic Reboot functionality nvram reboot ! end: srd nv
!/bin/sh
echo "Running IPSW Provisioning Script for ECID $blah" srdutil restore ipsw nvram bypass-setup --ecid=blah --ssid=public --password=secret --type=wpa --ipv4=192.168.x.y --ipv4netmask=255.255.255.0 --gateway=192.168.x.y --dns=192.168.x.y nvram show interface index ... make install ssh 192.168.x.y ... nvram reboot --ecid=blah --cpuid==Index