Hi,
Can somebody confirm that it is not possible to add a 3rd party KEXT to a prelinked kernel on systems with the T2 chip and active safeboot mode?
I need an IOKit object being probed against a device nub as early as possible. This requires a KEXT to be added to a prelinked kernel hosted at /System/Library/PrelinkedKernel . I noticed that the system uses /System/Library/PrelinkedKernel/immutablekernel instead of /System/Library/PrelinkedKernel/prelinkedkernel if safeboot is active and the system has the T2 chip . The immutablekernel file is protected by the UEFI boot module which checks a prelinked kernel signature saved at the Preboot volume so there is no way to modify it with the kextcache command.
The existing procedure when a 3rd party KEXT is being loaded by the kextd process after the system has been initialized might not be the best solution in my case.
Is there a procedure for a 3rd party KEXT to be linked with immutablekernel or change the system behavior to load /System/Library/PrelinkedKernel/prelinkedkernel in safeboot mode?