From 10c15d596eb54c9b97cd7e6323ac8416349ca225 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Thu, 9 Nov 2023 20:25:38 +0100
Subject: Fix update restore by making sure the premanifest is properly
 generated

---
 src/idevicerestore.c |  4 ++--
 src/img4.c           | 11 +++++------
 src/tss.c            | 31 +++++++++++++++++++++++++------
 3 files changed, 32 insertions(+), 14 deletions(-)

diff --git a/src/idevicerestore.c b/src/idevicerestore.c
index b218510..9bc9f8b 100644
--- a/src/idevicerestore.c
+++ b/src/idevicerestore.c
@@ -1981,7 +1981,7 @@ int get_preboard_manifest(struct idevicerestore_client_t* client, plist_t build_
 	plist_t overrides = plist_new_dict();
 	plist_dict_set_item(overrides, "@APTicket", plist_new_bool(1));
 	plist_dict_set_item(overrides, "ApProductionMode", plist_new_uint(0));
-	plist_dict_set_item(overrides, "ApSecurityDomain", plist_new_uint(0));
+	plist_dict_set_item(overrides, "ApSecurityDomain", plist_new_uint(1));
 
 	plist_dict_set_item(parameters, "ApProductionMode", plist_new_bool(0));
 	plist_dict_set_item(parameters, "ApSecurityMode", plist_new_bool(0));
@@ -2005,7 +2005,7 @@ int get_preboard_manifest(struct idevicerestore_client_t* client, plist_t build_
 		return -1;
 	}
 
-	plist_dict_set_item(parameters, "_OnlyFWComponents", plist_new_bool(1));
+	plist_dict_set_item(parameters, "_OnlyFWOrTrustedComponents", plist_new_bool(1));
 
 	/* add tags from manifest */
 	if (tss_request_add_ap_tags(request, parameters, NULL) < 0) {
diff --git a/src/img4.c b/src/img4.c
index c21a075..56b0496 100644
--- a/src/img4.c
+++ b/src/img4.c
@@ -844,13 +844,12 @@ int img4_create_local_manifest(plist_t request, plist_t build_identity, plist_t*
 				comp = _img4_get_component_tag(key);
 			}
 			if (!comp) {
-				error("ERROR: %s: Unhandled component '%s' - can't create manifest\n", __func__, key);
-				free(iter);
-				free(buf);
-				return -1;
+				debug("DEBUG: %s: Unhandled component '%s'\n", __func__, key);
+				_manifest_write_component(&p, &length, key, val);
+			} else {
+				debug("DEBUG: found component %s (%s)\n", comp, key);
+				_manifest_write_component(&p, &length, comp, val);
 			}
-			debug("DEBUG: found component %s (%s)\n", comp, key);
-			_manifest_write_component(&p, &length, comp, val);
 		}
 		free(key);
 	} while (val);
diff --git a/src/tss.c b/src/tss.c
index 5e676f4..e9d68f3 100644
--- a/src/tss.c
+++ b/src/tss.c
@@ -582,8 +582,15 @@ int tss_request_add_ap_recovery_tags(plist_t request, plist_t parameters, plist_
 				continue;
 			}
 
-			if (!_plist_dict_get_bool(info_dict, "IsFirmwarePayload") && !_plist_dict_get_bool(info_dict, "IsSecondaryFirmwarePayload") && !_plist_dict_get_bool(info_dict, "IsFUDFirmware")) {
-				debug("DEBUG: %s: Skipping '%s' as it is neither firmware nor secondary nor FUD firmware payload\n", __func__, key);
+			if (!_plist_dict_get_bool(info_dict, "IsFirmwarePayload")
+			 && !_plist_dict_get_bool(info_dict, "IsSecondaryFirmwarePayload")
+			 && !_plist_dict_get_bool(info_dict, "IsFUDFirmware")
+			 && !_plist_dict_get_bool(info_dict, "IsLoadedByiBoot")
+			 && !_plist_dict_get_bool(info_dict, "IsEarlyAccessFirmware")
+			 && !_plist_dict_get_bool(info_dict, "IsiBootEANFirmware")
+			 && !_plist_dict_get_bool(info_dict, "IsiBootNonEssentialFirmware"))
+			{
+				debug("DEBUG: %s: Skipping '%s' as it is not a firmware payload\n", __func__, key);
 				continue;
 			}
 		}
@@ -679,14 +686,26 @@ int tss_request_add_ap_tags(plist_t request, plist_t parameters, plist_t overrid
 			}
 		}
 
-		if (_plist_dict_get_bool(parameters, "_OnlyFWComponents")) {
+		int is_fw_payload = _plist_dict_get_bool(info_dict, "IsFirmwarePayload")
+				 || _plist_dict_get_bool(info_dict, "IsSecondaryFirmwarePayload")
+				 || _plist_dict_get_bool(info_dict, "IsFUDFirmware")
+				 || _plist_dict_get_bool(info_dict, "IsLoadedByiBoot")
+				 || _plist_dict_get_bool(info_dict, "IsEarlyAccessFirmware")
+				 || _plist_dict_get_bool(info_dict, "IsiBootEANFirmware")
+				 || _plist_dict_get_bool(info_dict, "IsiBootNonEssentialFirmware");
+
+		if (_plist_dict_get_bool(parameters, "_OnlyFWOrTrustedComponents")) {
+			if (!_plist_dict_get_bool(manifest_entry, "Trusted") && !is_fw_payload) {
+				debug("DEBUG: %s: Skipping '%s' as it is neither firmware payload nor trusted\n", __func__, key);
+				continue;
+			}
+		} else if (_plist_dict_get_bool(parameters, "_OnlyFWComponents")) {
 			if (!_plist_dict_get_bool(manifest_entry, "Trusted")) {
 				debug("DEBUG: %s: Skipping '%s' as it is not trusted\n", __func__, key);
 				continue;
 			}
-
-			if (!_plist_dict_get_bool(info_dict, "IsFirmwarePayload") && !_plist_dict_get_bool(info_dict, "IsSecondaryFirmwarePayload") && !_plist_dict_get_bool(info_dict, "IsFUDFirmware")) {
-				debug("DEBUG: %s: Skipping '%s' as it is neither firmware nor secondary nor FUD firmware payload\n", __func__, key);
+			if (!is_fw_payload) {
+				debug("DEBUG: %s: Skipping '%s' as it is not a firmware payload\n", __func__, key);
 				continue;
 			}
 		}
-- 
cgit v1.1-32-gdbae