Thank you for the reply. I found the answer yesterday. The security level is set from the Startup Disk utility in Recovery Mode.
Post
Replies
Boosts
Views
Activity
Is the given workaround still necessary? Where within the entitlements plist structure does it go?
I added it at the top level and it had no apparent effect.
Hmmm, my deployment target *is* macOS 11 and I added the key pair at the top level of the .entitlements file for the System Extension.
The errors I see are mostly 100001 and 100002 and seem to only happen immediately after the extension is loaded and then enabled by my controlling app. The flows that causes the issue look like this:
Handling new flow:
identifier = 653961C1-DD57-4D21-911F-FFDAAB85A5C6
hostname = gateway.icloud.com
sourceAppIdentifier = .com.apple.Notes
sourceAppVersion = 4.8
procPID = 541
eprocPID = 0
direction = outbound
inBytes = 0
outBytes = 0
signature = 32:{length = 32, bytes = 0x6fc70082 f36f6a3f 06f2f743 9d080e85 ... 2c19f9f3 158a5fd3 }
remoteEndpoint = 17.248.242.37:443
remoteHostname = gateway.icloud.com
protocol = 6
family = 2
type = 1
procUUID = DBA793E1-FD3D-348E-BE25-18E5C8A0DFD4
eprocUUID = 09F24272-54CB-3550-8826-D54C7A324D99
I was able to reproduce this 100% of the time. I only have to launch my app which loads and then enables the sysex.
When I quit Notes, the error doesn't occur. If I launch Notes after loading the system extension, the error occurs. It appears that Notes.app is properly signed although I note that it is in /System/Applications:
codesign -d --requirements - /System/Applications/Notes.app
Executable=/System/Applications/Notes.app/Contents/MacOS/Notes
designated = identifier "com.apple.Notes" and anchor apple
Does this only affect system apps? Or are you seeing it with third-party apps installed in /Applications?
The only application that seems to have this issue is the Notes app. I have not seen any issue with third-party apps.
I moved my proxy executable to /Applications and the sourceAppAuditToken started appearing in flows.
Happening to me, too.
Also looking for a workaround or alternative solution to this problem.
I think this issue is fixed in 13.4.1c
Is there an update for this issue? We also filed a feedback ticket but have heard nothing.