Post

Replies

Boosts

Views

Activity

Reply to DriverKit code signing/driver loading issues.
To the question you didn't understand, i'll try to explain a bit better. The entitlements in the app request a certain set. In order for the app/driver to run, the identity/profile retrieved from Apple needs to have the same set to grant. can the apple side have MORE than requested and have everything still work fine, or do both sides need to match exactly? example. App.entitlements requests a, b, and c. Identity with Profile from Apple Developer page grants a, b, c, d, and e. Will it all still run OK, or does the Identity need to disable the d and e grants?
Oct ’22
Reply to DriverKit code signing/driver loading issues.
I went back and put everything back to Xcode managed for provisioning profile, made sure everything matched, and still getting errors when trying to load the driver. The app itself loads fine and it installs the driver without issue. Again, any help would be appreciated. Here is one such collection of errors from the system log as an example (with edits changing bundleId and paths, as well as removing stuff so it would allow me to post this): ReportCrash: ...(Code Signature Invalid)","incidentID":"someUUID","logwritten":0,"process":"com.me.App.Driver","terminationReasonExceptionCode":"0x1","terminationReasonNamespace":"CODESIGNING"... taskgated-helper Disallowing com.me.App.Driver because no eligible provisioning profiles found amfid /path/to/com.me.App.Driver.dext/com.me.App.Driver signature not valid: -67671 kernel mac_vnode_check_signature: /path/to/com.me.App.Driver.dext/com.me.App.Driver: code signature validation failed fatally: When validating /path/to/com.me.App.Driver.dext/com.me.App.Driver:   Code has restricted entitlements, but the validation of its code signature failed. Unsatisfied Entitlements: (nothing in the list of unsatisfied Entitlements) also kernel: proc 48767: load code signature error 4 for file "com.me.App.Driver"
Oct ’22
Reply to DriverKit code signing/driver loading issues.
For the provisioning profile, the capabilities include the 3 DriverKit entitlements I request as well two others that i dont request (In-App Purchase and Keychain Sharing). Entitlements for the profile also include the three i requested and a handful of others that i haven't but look 'standard' (i.e. get-task-allow, application-identifier, and other more generic sounding ones). The embedded profile (for me it shows up as embedded.mobileprovision could this be the issue? This is how Xcode 14 set this up for me...) it shows the entitlements as I expect. As for the other thread, capabilities match as expected. I even verified that the certificate signatures matched as per one of eskimo's other posts about troubleshooting code signing.
Oct ’22
Reply to DriverKit code signing/driver loading issues.
OK, then I'm Still at a loss. I just created a brand new project, just in case something is wonky with the other one. Leaving everything XCode managed, this time on my M1 mini instead of my Intel MacBook Pro. SwiftUI app instead of XIB, once again with an activate button and deactivate that make the appropriate OSSystemExtensionRequests. The Second target added via File->New->Target is the DriverKit group's Driver project template. Gave everything the same entitlements as above (though i probably dont need the HID ones, as i'm not even changing the default IOService type or any code in the driver other than adding an entitlements file and setting that file as Code Signing Entitlements under Build Settings->Signing->Code Signing Entitlements. From everything You have been telling me, that should work, unless i'm just missing something in my frustration. App runs fine, activating the extension via the app runs fine, but still errors actually running the extension. systemextensionctl list shows it should be loading: * * NMX3RG6P6L com.eklynx.TestHidService.TestService (1.0/1) com.eklynx.TestHidService.TestService [activated enabled] But once again, logging still shows the app is being killed due to code signing. /Library/SystemExtensions/AC89C292-DA43-407D-9BDF-B832D5BC16F6/com.eklynx.TestHidService.TestService.dext/com.eklynx.TestHidService.TestService not valid: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found"... mac_vnode_check_signature: /path/to/com.eklynx.TestHidService.TestService.dext/com.eklynx.TestHidService.TestService: code signature validation failed fatally: When validating /path/to/com.eklynx.TestHidService.TestService.dext/com.eklynx.TestHidService.TestService:   Code has restricted entitlements, but the validation of its code signature failed. Unsatisfied Entitlements: proc 15887: load code signature error 4 for file "com.eklynx.TestHidService.TestService" Error occurred while handling request "DextLaunch(arguments: Optional(["Check In Token": 483, "CFBundleIdentifier": com.eklynx.TestHidService.TestService, "kOSBundleDextUniqueIdentifier": <removed>, "DriverKit Reslide Shared Cache": 0, "Driver Extension Server Name": com.eklynx.TestHidService.TestService, "Driver Extension Server Tag": removed]))": Error Domain=NSPOSIXErrorDomain Code=8 "Exec format error"
Oct ’22
Reply to DriverKit code signing/driver loading issues.
Started from scratch one more time noting every small detail. Initially after adding the driverkit target, the signing profile was not set; building gave the error error: Embedded binary is not signed with the same certificate as the parent app. Verify the embedded binary target's code sign settings match the parent app's. Looking at the settings, the Provisioning profile is set to Xcode Managed Profile with Signing Certificate set to None. I unchecked and re-checked the 'Automatically manage signing` and set my developer profile to fix this. Was this the correct way to proceed? @sscmith_c: Since you have a working setup do you mind telling what are your signing settings are set to for the DriverKit extension?
Oct ’22