How to generate macOS Application certificate with kernel extensions support

Hi,

I'd to re-sign an app with an embedded kernel extension. The primary reason for it is that the author of the extension has not signed the binary with timestamp ("The signature does not include a secure timestamp.") as such the app fails the notarisation process.

Sadly, I cannot find any way in the Developer Program admin panel to generate a certificate with kernel extensions support.

What's the process of generating this certificate?

Many thanks for help

Answered by patratacus in 707299022

I think you have to request it from Apple. There are other questions in the forum discussing this. Unfortunately, Apple has been very slow to respond to any requests. I think maybe it has to do with the new paradigm of not wanting developer to touch kext anymore. Maybe they are moving everything toward a higher level interface as they are doing now with USB devices via dext with DriverKit. Sadly, it's been extremely difficult so far for me to get answers on DriverKit ...

https://developer.apple.com/forums/thread/69170

Accepted Answer

I think you have to request it from Apple. There are other questions in the forum discussing this. Unfortunately, Apple has been very slow to respond to any requests. I think maybe it has to do with the new paradigm of not wanting developer to touch kext anymore. Maybe they are moving everything toward a higher level interface as they are doing now with USB devices via dext with DriverKit. Sadly, it's been extremely difficult so far for me to get answers on DriverKit ...

https://developer.apple.com/forums/thread/69170

I think you have to request it from Apple.

That’s correct. For more background on this, see KEXT Code Signing Problems.

I think maybe it has to do with the new paradigm of not wanting developer to touch kext anymore.

Well, I can’t comment on your conclusion but your premise, that Apple is rapidly moving away from KEXTs, is spot on (-:

Sadly, it's been extremely difficult so far for me to get answers on DriverKit

DriverKit isn’t really my field, but if you need answers in that space and can’t find them elsewhere I encourage you to open a DTS tech support incident and talk to DTS’s DriverKit expert (-:

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thank you both. I am aware of DriverKit, however, the tool I am signing is coming from our vendor, and as you can imagine, my influence is slightly limited : ). I will send them a reminder about the future of KEXT in case they've missed it.

How to generate macOS Application certificate with kernel extensions support
 
 
Q