diff --git a/Docs/Configuration.pdf b/Docs/Configuration.pdf index d69c92dcd1a2fef5e85c83ef0224d7df1ad07e78..45704b65af75960986b59e4118c873d24028af46 100644 Binary files a/Docs/Configuration.pdf and b/Docs/Configuration.pdf differ diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex old mode 100644 new mode 100755 index f38cd93a9d6b31c205d65f0a95eeaa07f6c08be3..038c64a49862d7059cbb634f27c7456b70560461 --- a/Docs/Configuration.tex +++ b/Docs/Configuration.tex @@ -1419,12 +1419,12 @@ behaviour that does not go to any other sections \begin{itemize} \tightlist - \item \texttt{0x00000002} --- \texttt{DEBUG\_WARN} in \texttt{DEBUG}, + \item \texttt{0x00000002} (bit \texttt{1}) --- \texttt{DEBUG\_WARN} in \texttt{DEBUG}, \texttt{NOOPT}, \texttt{RELEASE}. - \item \texttt{0x00000040} --- \texttt{DEBUG\_INFO} in \texttt{DEBUG}, + \item \texttt{0x00000040} (bit \texttt{6}) --- \texttt{DEBUG\_INFO} in \texttt{DEBUG}, \texttt{NOOPT}. - \item \texttt{0x00400000} --- \texttt{DEBUG\_VERBOSE} in custom builds. - \item \texttt{0x80000000} --- \texttt{DEBUG\_ERROR} in \texttt{DEBUG}, + \item \texttt{0x00400000} (bit \texttt{22}) --- \texttt{DEBUG\_VERBOSE} in custom builds. + \item \texttt{0x80000000} (bit \texttt{31}) --- \texttt{DEBUG\_ERROR} in \texttt{DEBUG}, \texttt{NOOPT}, \texttt{RELEASE}. \end{itemize} @@ -1440,13 +1440,13 @@ behaviour that does not go to any other sections \begin{itemize} \tightlist - \item \texttt{0x01} --- Enable logging, otherwise all log is discarded. - \item \texttt{0x02} --- Enable basic console (onscreen) logging. - \item \texttt{0x04} --- Enable logging to Data Hub. - \item \texttt{0x08} --- Enable serial port logging. - \item \texttt{0x10} --- Enable UEFI variable logging. - \item \texttt{0x20} --- Enable non-volatile UEFI variable logging. - \item \texttt{0x40} --- Enable logging to file. + \item \texttt{0x01} (bit \texttt{0}) --- Enable logging, otherwise all log is discarded. + \item \texttt{0x02} (bit \texttt{1}) --- Enable basic console (onscreen) logging. + \item \texttt{0x04} (bit \texttt{2}) --- Enable logging to Data Hub. + \item \texttt{0x08} (bit \texttt{3}) --- Enable serial port logging. + \item \texttt{0x10} (bit \texttt{4}) --- Enable UEFI variable logging. + \item \texttt{0x20} (bit \texttt{5}) --- Enable non-volatile UEFI variable logging. + \item \texttt{0x40} (bit \texttt{6}) --- Enable logging to file. \end{itemize} Console logging prints less than all the other variants. @@ -1623,34 +1623,34 @@ rm vault.pub \begin{itemize} \tightlist - \item \texttt{0x00000001} --- \texttt{OC\_SCAN\_FILE\_SYSTEM\_LOCK}, restricts + \item \texttt{0x00000001} (bit \texttt{0}) --- \texttt{OC\_SCAN\_FILE\_SYSTEM\_LOCK}, restricts scanning to only known file systems defined as a part of this policy. File system drivers may not be aware of this policy, and to avoid mounting of undesired file systems it is best not to load its driver. This bit does not affect dmg mounting, which may have any file system. Known file systems are prefixed with \texttt{OC\_SCAN\_ALLOW\_FS\_}. - \item \texttt{0x00000002} --- \texttt{OC\_SCAN\_DEVICE\_LOCK}, restricts scanning + \item \texttt{0x00000002} (bit \texttt{1}) --- \texttt{OC\_SCAN\_DEVICE\_LOCK}, restricts scanning to only known device types defined as a part of this policy. This is not always possible to detect protocol tunneling, so be aware that on some systems it may be possible for e.g. USB HDDs to be recognised as SATA. Cases like this must be reported. Known device types are prefixed with \texttt{OC\_SCAN\_ALLOW\_DEVICE\_}. - \item \texttt{0x00000100} --- \texttt{OC\_SCAN\_ALLOW\_FS\_APFS}, allows scanning + \item \texttt{0x00000100} (bit \texttt{8}) --- \texttt{OC\_SCAN\_ALLOW\_FS\_APFS}, allows scanning of APFS file system. - \item \texttt{0x00010000} --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_SATA}, allow + \item \texttt{0x00010000} (bit \texttt{16}) --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_SATA}, allow scanning SATA devices. - \item \texttt{0x00020000} --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_SASEX}, allow + \item \texttt{0x00020000} (bit \texttt{17}) --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_SASEX}, allow scanning SAS and Mac NVMe devices. - \item \texttt{0x00040000} --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_SCSI}, allow + \item \texttt{0x00040000} (bit \texttt{18}) --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_SCSI}, allow scanning SCSI devices. - \item \texttt{0x00080000} --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_NVME}, allow + \item \texttt{0x00080000} (bit \texttt{19}) --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_NVME}, allow scanning NVMe devices. - \item \texttt{0x00100000} --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_ATAPI}, allow + \item \texttt{0x00100000} (bit \texttt{20}) --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_ATAPI}, allow scanning CD/DVD devices. - \item \texttt{0x00200000} --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_USB}, allow + \item \texttt{0x00200000} (bit \texttt{21}) --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_USB}, allow scanning USB devices. - \item \texttt{0x00400000} --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_FIREWIRE}, allow + \item \texttt{0x00400000} (bit \texttt{22}) --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_FIREWIRE}, allow scanning FireWire devices. - \item \texttt{0x00800000} --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_SDCARD}, allow + \item \texttt{0x00800000} (bit \texttt{23}) --- \texttt{OC\_SCAN\_ALLOW\_DEVICE\_SDCARD}, allow scanning card reader devices. \end{itemize} diff --git a/Docs/Differences/Differences.pdf b/Docs/Differences/Differences.pdf index 2c01f7e56eb9b94c8eadcbe406e9c6bb1e8fa245..391ac82307d570a2eddb8129f96d21192790866c 100644 Binary files a/Docs/Differences/Differences.pdf and b/Docs/Differences/Differences.pdf differ diff --git a/Docs/Differences/Differences.tex b/Docs/Differences/Differences.tex index 7008b5aacebea9cf025693b8d0caa61c24873499..a3280aa5aba48e705dd25f7e74442a8f8bd23c14 100644 --- a/Docs/Differences/Differences.tex +++ b/Docs/Differences/Differences.tex @@ -1,7 +1,7 @@ \documentclass[]{article} %DIF LATEXDIFF DIFFERENCE FILE %DIF DEL PreviousConfiguration.tex Fri May 3 12:13:06 2019 -%DIF ADD ../Configuration.tex Sun May 19 09:05:08 2019 +%DIF ADD ../Configuration.tex Tue May 21 19:03:28 2019 \usepackage{lmodern} \usepackage{amssymb,amsmath} @@ -1508,12 +1508,12 @@ behaviour that does not go to any other sections \begin{itemize} \tightlist - \item \texttt{0x00000002} --- \texttt{DEBUG\_WARN} in \texttt{DEBUG}, + \item \texttt{0x00000002} \DIFaddbegin \DIFadd{(bit }\texttt{\DIFadd{1}}\DIFadd{) }\DIFaddend --- \texttt{DEBUG\_WARN} in \texttt{DEBUG}, \texttt{NOOPT}, \texttt{RELEASE}. - \item \texttt{0x00000040} --- \texttt{DEBUG\_INFO} in \texttt{DEBUG}, + \item \texttt{0x00000040} \DIFaddbegin \DIFadd{(bit }\texttt{\DIFadd{6}}\DIFadd{) }\DIFaddend --- \texttt{DEBUG\_INFO} in \texttt{DEBUG}, \texttt{NOOPT}. - \item \texttt{0x00400000} --- \texttt{DEBUG\_VERBOSE} in custom builds. - \item \texttt{0x80000000} --- \texttt{DEBUG\_ERROR} in \texttt{DEBUG}, + \item \texttt{0x00400000} \DIFaddbegin \DIFadd{(bit }\texttt{\DIFadd{22}}\DIFadd{) }\DIFaddend --- \texttt{DEBUG\_VERBOSE} in custom builds. + \item \texttt{0x80000000} \DIFaddbegin \DIFadd{(bit }\texttt{\DIFadd{31}}\DIFadd{) }\DIFaddend --- \texttt{DEBUG\_ERROR} in \texttt{DEBUG}, \texttt{NOOPT}, \texttt{RELEASE}. \end{itemize} @@ -1575,13 +1575,13 @@ behaviour that does not go to any other sections \begin{itemize} \tightlist - \item \texttt{0x01} --- Enable logging, otherwise all log is discarded. - \item \texttt{0x02} --- Enable basic console (onscreen) logging. - \item \texttt{0x04} --- Enable logging to Data Hub. - \item \texttt{0x08} --- Enable serial port logging. - \item \texttt{0x10} --- Enable UEFI variable logging. - \item \texttt{0x20} --- Enable non-volatile UEFI variable logging. - \item \texttt{0x40} --- Enable logging to file. + \item \texttt{0x01} \DIFaddbegin \DIFadd{(bit }\texttt{\DIFadd{0}}\DIFadd{) }\DIFaddend --- Enable logging, otherwise all log is discarded. + \item \texttt{0x02} \DIFaddbegin \DIFadd{(bit }\texttt{\DIFadd{1}}\DIFadd{) }\DIFaddend --- Enable basic console (onscreen) logging. + \item \texttt{0x04} \DIFaddbegin \DIFadd{(bit }\texttt{\DIFadd{2}}\DIFadd{) }\DIFaddend --- Enable logging to Data Hub. + \item \texttt{0x08} \DIFaddbegin \DIFadd{(bit }\texttt{\DIFadd{3}}\DIFadd{) }\DIFaddend --- Enable serial port logging. + \item \texttt{0x10} \DIFaddbegin \DIFadd{(bit }\texttt{\DIFadd{4}}\DIFadd{) }\DIFaddend --- Enable UEFI variable logging. + \item \texttt{0x20} \DIFaddbegin \DIFadd{(bit }\texttt{\DIFadd{5}}\DIFadd{) }\DIFaddend --- Enable non-volatile UEFI variable logging. + \item \texttt{0x40} \DIFaddbegin \DIFadd{(bit }\texttt{\DIFadd{6}}\DIFadd{) }\DIFaddend --- Enable logging to file. \end{itemize} Console logging prints less than all the other variants. @@ -1782,34 +1782,34 @@ rm vault.pub \begin{itemize} \tightlist - \item \texttt{\DIFadd{0x00000001}} \DIFadd{--- }\texttt{\DIFadd{OC\_SCAN\_FILE\_SYSTEM\_LOCK}}\DIFadd{, restricts + \item \texttt{\DIFadd{0x00000001}} \DIFadd{(bit }\texttt{\DIFadd{0}}\DIFadd{) --- }\texttt{\DIFadd{OC\_SCAN\_FILE\_SYSTEM\_LOCK}}\DIFadd{, restricts scanning to only known file systems defined as a part of this policy. File system drivers may not be aware of this policy, and to avoid mounting of undesired file systems it is best not to load its driver. This bit does not affect dmg mounting, which may have any file system. Known file systems are prefixed with }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_FS\_}}\DIFadd{. - }\item \texttt{\DIFadd{0x00000002}} \DIFadd{--- }\texttt{\DIFadd{OC\_SCAN\_DEVICE\_LOCK}}\DIFadd{, restricts scanning + }\item \texttt{\DIFadd{0x00000002}} \DIFadd{(bit }\texttt{\DIFadd{1}}\DIFadd{) --- }\texttt{\DIFadd{OC\_SCAN\_DEVICE\_LOCK}}\DIFadd{, restricts scanning to only known device types defined as a part of this policy. This is not always possible to detect protocol tunneling, so be aware that on some systems it may be possible for e.g. USB HDDs to be recognised as SATA. Cases like this must be reported. Known device types are prefixed with }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_}}\DIFadd{. - }\item \texttt{\DIFadd{0x00000100}} \DIFadd{--- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_FS\_APFS}}\DIFadd{, allows scanning + }\item \texttt{\DIFadd{0x00000100}} \DIFadd{(bit }\texttt{\DIFadd{8}}\DIFadd{) --- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_FS\_APFS}}\DIFadd{, allows scanning of APFS file system. - }\item \texttt{\DIFadd{0x00010000}} \DIFadd{--- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_SATA}}\DIFadd{, allow + }\item \texttt{\DIFadd{0x00010000}} \DIFadd{(bit }\texttt{\DIFadd{16}}\DIFadd{) --- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_SATA}}\DIFadd{, allow scanning SATA devices. - }\item \texttt{\DIFadd{0x00020000}} \DIFadd{--- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_SASEX}}\DIFadd{, allow + }\item \texttt{\DIFadd{0x00020000}} \DIFadd{(bit }\texttt{\DIFadd{17}}\DIFadd{) --- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_SASEX}}\DIFadd{, allow scanning SAS and Mac NVMe devices. - }\item \texttt{\DIFadd{0x00040000}} \DIFadd{--- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_SCSI}}\DIFadd{, allow + }\item \texttt{\DIFadd{0x00040000}} \DIFadd{(bit }\texttt{\DIFadd{18}}\DIFadd{) --- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_SCSI}}\DIFadd{, allow scanning SCSI devices. - }\item \texttt{\DIFadd{0x00080000}} \DIFadd{--- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_NVME}}\DIFadd{, allow + }\item \texttt{\DIFadd{0x00080000}} \DIFadd{(bit }\texttt{\DIFadd{19}}\DIFadd{) --- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_NVME}}\DIFadd{, allow scanning NVMe devices. - }\item \texttt{\DIFadd{0x00100000}} \DIFadd{--- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_ATAPI}}\DIFadd{, allow + }\item \texttt{\DIFadd{0x00100000}} \DIFadd{(bit }\texttt{\DIFadd{20}}\DIFadd{) --- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_ATAPI}}\DIFadd{, allow scanning CD/DVD devices. - }\item \texttt{\DIFadd{0x00200000}} \DIFadd{--- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_USB}}\DIFadd{, allow + }\item \texttt{\DIFadd{0x00200000}} \DIFadd{(bit }\texttt{\DIFadd{21}}\DIFadd{) --- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_USB}}\DIFadd{, allow scanning USB devices. - }\item \texttt{\DIFadd{0x00400000}} \DIFadd{--- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_FIREWIRE}}\DIFadd{, allow + }\item \texttt{\DIFadd{0x00400000}} \DIFadd{(bit }\texttt{\DIFadd{22}}\DIFadd{) --- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_FIREWIRE}}\DIFadd{, allow scanning FireWire devices. - }\item \texttt{\DIFadd{0x00800000}} \DIFadd{--- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_SDCARD}}\DIFadd{, allow + }\item \texttt{\DIFadd{0x00800000}} \DIFadd{(bit }\texttt{\DIFadd{23}}\DIFadd{) --- }\texttt{\DIFadd{OC\_SCAN\_ALLOW\_DEVICE\_SDCARD}}\DIFadd{, allow scanning card reader devices. }\end{itemize}