Signature Check Patch

From The Apple Wiki

For a BootROM-based jailbreak, you may need to patch the signature checking. This allows the loading and booting of unsigned and patched images.

This patch is done in gaster by writing mov x0, #0 into an address inside of image4_validate_property_callback(), so that it always returns 0 (meaning that the verification was a success). You can see this patch here.

A signature check patch is not necessary for a BootROM-based jailbreak, as shown with checkra1n, which requires a valid boot chain in order to boot PongoOS. Instead, it patches the trampoline so that when the LLB/iBoot thinks that it is jumping to XNU, it actually jumps to PongoOS.

External Links