The extension has been in production for several months, it was working on Monterey, Big Sur, Catalina. It's a system extension. The entitlement: <key>Entitlements</key> <dict> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.application-identifier</key> <string>XXXXXXXXXX.AAA.BBBBBBBBB.CCCC.DDDDDDDDDDDD.EEEEEEEEE</string> <key>keychain-access-groups</key> <array> <string>XXXXXXXXXX.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>XXXXXXXXXX</string> </dict>

Thank you for your answer, but I'm not sure this is exactly the same issue. The workaround doesn't seem to work on M1 Macs: "Workaround: Go to System Settings > Privacy & Security > Full Disk Access, select the security product, use the minus (-) button to remove, and then use the plus (+) button to re-add the affected security product. A system restart might be required to restore expected functionality."

The CMAKE_OSX_DEPLOYMENT_TARGET was set to 10.15. Problem solved.

Thank you Omarlkram. FileProvider seems to be the solution of the future, but it is not easy to find an example of use. I will try to use it.

I finally managed to fix the problem. I created a dummy application in Xcode embedding my sysext and I was able to recover the right entitlements. Thank you, Quinn, for putting me on the path to the solution. % codesign -d --entitlements :- /Applications/myApp.app Executable=/Applications/myApp.app/Contents/MacOS/kDrive ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keycom.apple.application-identifier/key stringTTTTTTTT.a.b.c.d/string keycom.apple.developer.system-extension.install/key true/ keycom.apple.developer.team-identifier/key stringTTTTTTTT/string /dict /plist % codesign -d --entitlements :- /Applications/myApp.app/Contents/Library/SystemExtensions/a.b.c.d.mySysExt.systemextension Executable=/Applications/myApp.app/Contents/Library/SystemExtensions/a.b.c.d.mySysExt.systemextension/Contents/MacOS/a.b.c.d.mySysExt ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keycom.apple.application-identifier/key stringTTTTTTTT.a.b.c.d.mySysExt/string keycom.apple.developer.endpoint-security.client/key true/ keycom.apple.developer.team-identifier/key stringTTTTTTTT/string /dict /plist

I noticed that, in the embedded.provisionprofile of the app, there is: keycom.apple.application-identifier/key stringTTTTTTTT.a.b.c.d/string But the bundle id of the app is "a.b.c.d" (without the team id TTTTTTTT), could it be the problem? Also, in the embedded.provisionprofile of the sysext there is: keycom.apple.application-identifier/key stringTTTTTTTT.a.b.c.d.mySysExt/string Is it OK?

Here are the console messages in case that helps. 06:39:23.937315+0200 amfid Requirements for restricted entitlements failed to validate, error -67050, requirements: 'private', error: (null) 06:39:23.937344+0200 amfid Restricted entitlements not validated, bailing out. Error: (null) 06:39:23.937546+0200 kernel AMFI: code signature validation failed. 06:39:23.937516+0200 amfid /Applications/myApp.app/Contents/MacOS/myApp signature not valid: -67050 06:39:23.937551+0200 kernel AMFI: bailing out because of restricted entitlements. 06:39:23.937563+0200 kernel mac_vnode_check_signature: /Applications/myApp.app/Contents/MacOS/myApp: code signature validation failed fatally: When validating /Applications/myApp.app/Contents/MacOS/myApp: Code has restricted entitlements, but the validation of its code signature failed. Unsatisfied Entitlements: 06:39:23.937587+0200 kernel proc 1659: load code signature error 4 for file "myApp"

% security cms -D -i /Applications/myApp.app/Contents/Library/SystemExtensions/a.b.c.d.e.Extension.systemextension/Contents/embedded.provisionprofile ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keyAppIDName/key string.../string keyApplicationIdentifierPrefix/key array string.../string /array keyCreationDate/key date2021-05-20T06:31:00Z/date keyPlatform/key array stringOSX/string /array keyIsXcodeManaged/key false/ keyDeveloperCertificates/key array dataMIIFtjCCBJ6gAwIBAgIIDPP2OBmNMQwwDQYJKoZIhvcNAQELBQAweTEtMCsGA1UEAwwkRGV2ZWxvcGVyIElEIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwNjIyMTE1OTI1WhcNMjUwNjIzMTE1OTI1WjCBpTEaMBgGCgmSJomT8ixkAQEMCjg2NFZEQ1MyUVkxRTBDBgNVBAMMPERldmVsb3BlciBJRCBBcHBsaWNhdGlvbjogSW5mb21hbmlhayBOZXR3b3JrIFNBICg4NjRWRENTMlFZKTETMBEGA1UECwwKODY0VkRDUzJRWTEeMBwGA1UECgwVSW5mb21hbmlhayBOZXR3b3JrIFNBMQswCQYDVQQGEwJDSDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOPkChyZl1hPMQNeU+YEBi+lDQxQsFFmpjrFPpZNlM3noLKvzP8KI9uBs/TEt0Yx/OpbbuQHT+z0afr/eVepffT/c001dMMy96AwesjT0L3VI5tApzBC8Ds+iAXV0LBSkj41rcnxoRSH7tnOcIQ7pQbe2RJVBsc0R686b3lf8RTDDnKsDbYQ0NjLLRu+gg3XQaaF2YkGwavYlOH4W674UbhauyDp427yL4rHmpWqsWB16iKVLngATvhRsIAoMMDQNiqgpwFQvgM+RE87gWITXtMeiLJsN11ycZgC+NwIVlAgk6niLZkPJyQyRXtC/dMYUGlju0OxQJlR3aZ4FDUhl8UCAwEAAaOCAhMwggIPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUVxftos/cfJihEOD8voctLPLjF1QwQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzABhiRodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWRldmlkMDYwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBQSsj8IO9I/UtSJbMvBWka5Yp6GyTAOBgNVHQ8BAf8EBAMCB4AwHwYKKoZIhvdjZAYBIQQRDA8yMDE5MDkxNjAwMDAwMFowEwYKKoZIhvdjZAYBDQEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBABL6WyRaT4OIK8kEpcbAiLyy3J2MRuB9sWIyQR0iYoqZyd3D+I+kEhd25UCuMyxUN48nK1juNoKdHqtkEjl6xJqOioNMAGbBga3jHl8LTmOWZ8u5Vg2ODzsI2uX/oTmHelh1g6dAxk6nl2UBhiJdCTpszJXMPvOHUqIpbH8kRHhQUq+OoRXkkB32bJPd/fLyPjxnPz30tN4OFu6ms6rO08e1Z9avhQntwAMPi6OYy3LAED2n7NOSkdtpP8j9rFCz6yrcZyNjG0D045G1bIA8mVzU95j5bc68Bpb4NUKxC9vqkoUbNbM8vkTOVJmceuBqt3i+3bLRnfkeFwKrtDSeP00=/data /array keyEntitlements/key dict keycom.apple.developer.endpoint-security.client/key true/ keycom.apple.developer.system-extension.install/key true/ keycom.apple.application-identifier/key string....a.b.c.d.e.Extension/string keykeychain-access-groups/key array string....*/string /array keycom.apple.developer.team-identifier/key string.../string /dict keyExpirationDate/key date2039-05-16T06:31:00Z/date keyName/key string.../string keyProvisionsAllDevices/key true/ keyTeamIdentifier/key array string.../string /array keyTeamName/key string.../string keyTimeToLive/key integer6570/integer keyUUID/key string459e51b3-949a-46c2-bfe7-849223959889/string keyVersion/key integer1/integer /dict /plist Into the app bundle, there is also a FinderSync ext and a LoginItem agent. For them, the App Group is mandatory, I think, otherwise, they don't work. % codesign -d --entitlements :- /Applications/myApp.app/Contents/PlugIns/Extension.appex              Executable=/Applications/myApp.app/Contents/PlugIns/Extension.appex/Contents/MacOS/Extension ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keycom.apple.security.app-sandbox/key true/ keycom.apple.security.application-groups/key array string....a.b.c.d/string /array /dict /plist % codesign -d --entitlements :- /Applications/myApp.app/Contents/Library/LoginItems/....a.b.c.d.LoginItemAgent.app Executable=/Applications/myApp.app/Contents/Library/LoginItems/....a.b.c.d.LoginItemAgent.app/Contents/MacOS/....a.b.c.d.LoginItemAgent ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keycom.apple.security.app-sandbox/key true/ keycom.apple.security.application-groups/key array string....a.b.c.d/string /array /dict /plist

Unfortunately, the problem persists. % codesign -d --entitlements :- /Applications/myApp.app              Executable=/Applications/myApp.app/Contents/MacOS/myApp ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keycom.apple.developer.system-extension.install/key true/ /dict /plist % codesign -d --entitlements :- /Applications/myApp.app/Contents/Library/SystemExtensions/a.b.c.d.e.Extension.systemextension Executable=/Applications/myApp.app/Contents/Library/SystemExtensions/a.b.c.d.e.Extension.systemextension/Contents/MacOS/a.b.c.d.e.Extension ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keycom.apple.developer.endpoint-security.client/key true/ /dict /plist % security cms -D -i /Applications/myApp.app/Contents/embedded.provisionprofile ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keyAppIDName/key string.../string keyApplicationIdentifierPrefix/key array string.../string /array keyCreationDate/key date2021-05-20T06:30:38Z/date keyPlatform/key array stringOSX/string /array keyIsXcodeManaged/key false/ keyDeveloperCertificates/key array dataMIIFtjCCBJ6gAwIBAgIIDPP2OBmNMQwwDQYJKoZIhvcNAQELBQAweTEtMCsGA1UEAwwkRGV2ZWxvcGVyIElEIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwNjIyMTE1OTI1WhcNMjUwNjIzMTE1OTI1WjCBpTEaMBgGCgmSJomT8ixkAQEMCjg2NFZEQ1MyUVkxRTBDBgNVBAMMPERldmVsb3BlciBJRCBBcHBsaWNhdGlvbjogSW5mb21hbmlhayBOZXR3b3JrIFNBICg4NjRWRENTMlFZKTETMBEGA1UECwwKODY0VkRDUzJRWTEeMBwGA1UECgwVSW5mb21hbmlhayBOZXR3b3JrIFNBMQswCQYDVQQGEwJDSDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOPkChyZl1hPMQNeU+YEBi+lDQxQsFFmpjrFPpZNlM3noLKvzP8KI9uBs/TEt0Yx/OpbbuQHT+z0afr/eVepffT/c001dMMy96AwesjT0L3VI5tApzBC8Ds+iAXV0LBSkj41rcnxoRSH7tnOcIQ7pQbe2RJVBsc0R686b3lf8RTDDnKsDbYQ0NjLLRu+gg3XQaaF2YkGwavYlOH4W674UbhauyDp427yL4rHmpWqsWB16iKVLngATvhRsIAoMMDQNiqgpwFQvgM+RE87gWITXtMeiLJsN11ycZgC+NwIVlAgk6niLZkPJyQyRXtC/dMYUGlju0OxQJlR3aZ4FDUhl8UCAwEAAaOCAhMwggIPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUVxftos/cfJihEOD8voctLPLjF1QwQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzABhiRodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWRldmlkMDYwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBQSsj8IO9I/UtSJbMvBWka5Yp6GyTAOBgNVHQ8BAf8EBAMCB4AwHwYKKoZIhvdjZAYBIQQRDA8yMDE5MDkxNjAwMDAwMFowEwYKKoZIhvdjZAYBDQEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBABL6WyRaT4OIK8kEpcbAiLyy3J2MRuB9sWIyQR0iYoqZyd3D+I+kEhd25UCuMyxUN48nK1juNoKdHqtkEjl6xJqOioNMAGbBga3jHl8LTmOWZ8u5Vg2ODzsI2uX/oTmHelh1g6dAxk6nl2UBhiJdCTpszJXMPvOHUqIpbH8kRHhQUq+OoRXkkB32bJPd/fLyPjxnPz30tN4OFu6ms6rO08e1Z9avhQntwAMPi6OYy3LAED2n7NOSkdtpP8j9rFCz6yrcZyNjG0D045G1bIA8mVzU95j5bc68Bpb4NUKxC9vqkoUbNbM8vkTOVJmceuBqt3i+3bLRnfkeFwKrtDSeP00=/data /array keyEntitlements/key dict keycom.apple.developer.system-extension.install/key true/ keycom.apple.application-identifier/key string....a.b.c.d.e/string keykeychain-access-groups/key array string....*/string /array keycom.apple.developer.team-identifier/key string.../string /dict keyExpirationDate/key date2039-05-16T06:30:38Z/date keyName/key string.../string keyProvisionsAllDevices/key true/ keyTeamIdentifier/key array string.../string /array keyTeamName/key string.../string keyTimeToLive/key integer6570/integer keyUUID/key stringcde3e69d-9c21-4ffc-94b3-4379efae014a/string keyVersion/key integer1/integer /dict /plist

After adding manually the profile to the app, the issue persists. So now, the entitlements claimed by the app are: % codesign -d --entitlements :- /Applications/myApp.app Executable=/Applications/myApp.app/Contents/MacOS/myApp ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keycom.apple.developer.system-extension.install/key true/ keycom.apple.security.application-groups/key array string....a.b.c.d/string /array /dict /plist And the capabilities of the app: % security cms -D -i /Applications/myApp.app/Contents/embedded.provisionprofile ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keyAppIDName/key string.../string keyApplicationIdentifierPrefix/key array string.../string /array keyCreationDate/key date2021-05-20T06:30:38Z/date keyPlatform/key array stringOSX/string /array keyIsXcodeManaged/key false/ keyDeveloperCertificates/key array dataMIIFtjCCBJ6gAwIBAgIIDPP2OBmNMQwwDQYJKoZIhvcNAQELBQAweTEtMCsGA1UEAwwkRGV2ZWxvcGVyIElEIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwNjIyMTE1OTI1WhcNMjUwNjIzMTE1OTI1WjCBpTEaMBgGCgmSJomT8ixkAQEMCjg2NFZEQ1MyUVkxRTBDBgNVBAMMPERldmVsb3BlciBJRCBBcHBsaWNhdGlvbjogSW5mb21hbmlhayBOZXR3b3JrIFNBICg4NjRWRENTMlFZKTETMBEGA1UECwwKODY0VkRDUzJRWTEeMBwGA1UECgwVSW5mb21hbmlhayBOZXR3b3JrIFNBMQswCQYDVQQGEwJDSDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOPkChyZl1hPMQNeU+YEBi+lDQxQsFFmpjrFPpZNlM3noLKvzP8KI9uBs/TEt0Yx/OpbbuQHT+z0afr/eVepffT/c001dMMy96AwesjT0L3VI5tApzBC8Ds+iAXV0LBSkj41rcnxoRSH7tnOcIQ7pQbe2RJVBsc0R686b3lf8RTDDnKsDbYQ0NjLLRu+gg3XQaaF2YkGwavYlOH4W674UbhauyDp427yL4rHmpWqsWB16iKVLngATvhRsIAoMMDQNiqgpwFQvgM+RE87gWITXtMeiLJsN11ycZgC+NwIVlAgk6niLZkPJyQyRXtC/dMYUGlju0OxQJlR3aZ4FDUhl8UCAwEAAaOCAhMwggIPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUVxftos/cfJihEOD8voctLPLjF1QwQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzABhiRodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWRldmlkMDYwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBQSsj8IO9I/UtSJbMvBWka5Yp6GyTAOBgNVHQ8BAf8EBAMCB4AwHwYKKoZIhvdjZAYBIQQRDA8yMDE5MDkxNjAwMDAwMFowEwYKKoZIhvdjZAYBDQEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBABL6WyRaT4OIK8kEpcbAiLyy3J2MRuB9sWIyQR0iYoqZyd3D+I+kEhd25UCuMyxUN48nK1juNoKdHqtkEjl6xJqOioNMAGbBga3jHl8LTmOWZ8u5Vg2ODzsI2uX/oTmHelh1g6dAxk6nl2UBhiJdCTpszJXMPvOHUqIpbH8kRHhQUq+OoRXkkB32bJPd/fLyPjxnPz30tN4OFu6ms6rO08e1Z9avhQntwAMPi6OYy3LAED2n7NOSkdtpP8j9rFCz6yrcZyNjG0D045G1bIA8mVzU95j5bc68Bpb4NUKxC9vqkoUbNbM8vkTOVJmceuBqt3i+3bLRnfkeFwKrtDSeP00=/data /array keyEntitlements/key dict keycom.apple.developer.system-extension.install/key true/ keycom.apple.application-identifier/key string....a.b.c.d.e/string keykeychain-access-groups/key array string....*/string /array keycom.apple.developer.team-identifier/key string.../string /dict keyExpirationDate/key date2039-05-16T06:30:38Z/date keyName/key string.../string keyProvisionsAllDevices/key true/ keyTeamIdentifier/key array string.../string /array keyTeamName/key string.../string keyTimeToLive/key integer6570/integer keyUUID/key stringcde3e69d-9c21-4ffc-94b3-4379efae014a/string keyVersion/key integer1/integer /dict /plist To sum up, the app has got "com.apple.developer.system-extension.install" and the sysext "com.apple.developer.endpoint-security.client". What is missing?

I found that my app doesn't have an embedded.provisionprofile file in the Contents folder. The bundle is not generated by XCode. Should I add the profile manually or is there a command to do that? (no codesign option apparently)

Thank you for your help. So, the entitlements claimed by the sysex are: % codesign -d --entitlements :- /Applications/myApp.app/Contents/Library/SystemExtensions/a.b.c.d.e.Extension.systemextension              Executable=/Applications/myApp.app/Contents/Library/SystemExtensions/a.b.c.d.e.Extension.systemextension/Contents/MacOS/a.b.c.d.e.Extension ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keycom.apple.developer.endpoint-security.client/key true/ keycom.apple.security.application-groups/key array string.../string /array /dict /plist com.apple.developer.endpoint-security.client is in the sysex's profile. com.apple.security.application-groups seems to be missing. I have updated my provisioning profile to add App Groups, but the entitlements returned by the "security cms -D -i ..." command are still the same, and the "Code signature invalid" error persists. keyEntitlements/key dict keycom.apple.developer.endpoint-security.client/key true/ keycom.apple.developer.system-extension.install/key true/ keycom.apple.application-identifier/key string....a.b.c.d.e.Extension/string keykeychain-access-groups/key array string....*/string /array keycom.apple.developer.team-identifier/key string.../string /dict

Here it is: FB9110597 (Finder badges refresh issue)

Problem solved. It was due to 2 different structures with the same name.

Thank you for your answer. But doing what you explained, the error is nearly the same. NSXPCConnection: 0x12d834ab0 connection on anonymousListener or serviceListener from pid 36952: Exception caught during decoding of received selector hello, dropping incoming message. Exception: NSXPCDecoder: 0x10c9e6000 received a message or reply block that is not in the interface of the remote object (hello), dropping. ( 0  CoreFoundation           0x00007fff205f56af __exceptionPreprocess + 242 1  libobjc.A.dylib           0x00007fff2032d3c9 objc_exception_throw + 48 2  Foundation             0x00007fff212c73e4 -[NSXPCDecoder __decodeXPCObject:allowingSimpleMessageSend:outInvocation:outArguments:outArgumentsMaxCount:outMethodSignature:outSelector:isReply:replySelector:interface:] + 2244 3  Foundation             0x00007fff21312001 -[NSXPCDecoder _decodeMessageFromXPCObject:allowingSimpleMessageSend:outInvocation:outArguments:outArgumentsMaxCount:outMethodSignature:outSelector:interface:] + 33 4  Foundation             0x00007fff21310e3b -[NSXPCConnection _decodeAndInvokeMessageWithEvent:flags:] + 418 5  Foundation             0x00007fff212c8d49 message_handler + 206 6  libxpc.dylib            0x00007fff201c6c28 _xpc_connection_call_event_handler + 56 7  libxpc.dylib            0x00007fff201c5a9c _xpc_connection_mach_event + 935 8  libdispatch.dylib          0x00007fff202d8867 _dispatch_client_callout4 + 9 9  libdispatch.dylib          0x00007fff202efa47 _dispatch_mach_msg_invoke + 441 10 libdispatch.dylib          0x00007fff202de4a7 _dispatch_lane_serial_drain + 263 11 libdispatch.dylib          0x00007fff202f05b8 _dispatch_mach_invoke + 498 12 libdispatch.dylib          0x00007fff202de4a7 _dispatch_lane_serial_drain + 263 13 libdispatch.dylib          0x00007fff202df0fe _dispatch_lane_invoke + 426 14 libdispatch.dylib          0x00007fff202e8c5d _dispatch_workloop_worker_thread + 819 15 libsystem_pthread.dylib       0x00007fff20480499 _pthread_wqthread + 314 16 libsystem_pthread.dylib       0x00007fff2047f467 start_wqthread + 15