Enumeration

SecCodeSignatureFlags

Specify option flags that can be embedded in a code signature during signing and that govern the use of the signature.

Declaration

typedef enum SecCodeSignatureFlags : uint32_t {
    ...
} SecCodeSignatureFlags;

Overview

Some of these flags can be set through the codesign(1) command’s --options argument and some are set implicitly based on signing circumstances. The flags here appear as the value associated with the kSecCodeInfoFlags key in the signing information dictionary. See Signing Information Dictionary Keys.

Topics

Constants

kSecCodeSignatureHost

May host guest code.

kSecCodeSignatureAdhoc

Must be used without a signing identity.

kSecCodeSignatureForceHard

Always set the kSecCodeStatusHard status flag on launch.

kSecCodeSignatureForceKill

Always set the kSecCodeStatusKill status flag on launch.

kSecCodeSignatureForceExpiration

Always set the kSecCSConsiderExpiration flag when validating the code.

kSecCodeSignatureEnforcement

Enforce code signing.

kSecCodeSignatureLibraryValidation

Require library validation.

kSecCodeSignatureRestrict

Restrict dyld loading.

kSecCodeSignatureRuntime

Apply runtime hardening policies as required by the hardened runtime version.

See Also

Code Signatures

SecCodeCopySigningInformation

Retrieves various pieces of information from a code signature.

Code Signing Information Flags

Use these supplemental flags to retrieve signing information.

Signing Information Dictionary Keys

Use these keys from the information dictionary when you retrieve information from a code signature.

SecCSDigestAlgorithm

The list of digest algorithms available for code signatures.