How to distribute a own developed library and DriverKit driver (dext) to any other Mac platform without disabling SIP?

We have developed a library and a DriverKit driver on Mac platform. And we need to disable SIP to install dext and later point of time if we enable SIP then the dext is non functional. So is it mandatory to disable the SIP for whole life time of dext? Also it is not recommended to disable the SIP for a long time, as it may create a security hole. Standard ways are given on Apple support page that how to notarise an application to distribute over the internet. Here one mandatory account is required that is Apple Developer account which is a paid account we believe. Standing at this point can you share the complete steps of software distribution process which will include code signing, notarisation process and stapling.

Up vote post of PapanSingh Down vote post of PapanSingh
117 views
Posted by
PapanSingh
Reply
Add a Comment

Replies

I’m not entirely sure what you’re asking here, so let me state some factoids:

  • As you’re aware, disabling SIP is a bad idea.

  • macOS has a subsystem called Gatekeeper that requires [1] that all directly distributed code [2] be signed with a valid Developer ID and then notarised. For more on this, see the various resources linked to by Notarisation Resources.

  • To sign code with a Developer ID you must be a member of a paid Apple Developer Program team [3]

  • DriverKit DEXTs have additional restrictions around distribution. See [Requesting Entitlements for DriverKit Development][redf].

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] There are ways to bypass Gatekeeper but that’s a bad idea (although not as bad as disabling SIP!).

[2] Note that Mac App Store apps follow a different path here.

[3] Our platforms support the concept of an unpaid Personal Team, but that can’t be used for distribution.

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment