Notarizing CFPlugIn

My CFPlugin-based CoreMediaIO plugin works with FaceTime on macOS 10.13. On macOS 10.14 FaceTime uses hardened runtime that only allows using Apple-signed camera drivers. My understanding is that a notarized plugin would work, is this correct?


I can upload and get my plugin notarized from command line, but looks like stapler-tool does not support this type of file. Is stapler step necessary and if it would work do apps using hardened runtime (like FaceTime) recognize it?

Replies

My understanding is that a notarized plugin would work, is this correct?

I don’t think so. The particular stumbling block you’ve encountered is that FaceTime enables library validation which prevents it from loading third-party code. This is true regardless of whether the code is notarised or not.

Alas, CoreMediaIO is somewhat outside of my area of expertise, so I’m not able to give you a definitive answer here. My recommendation is that you open a DTS tech support incident and talk to our CoreMediaIO about your options.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thank you for reply. Looks like DTS is the way to go from here. Details available on notarization are very few, but I remember reading somewhere notarization can be seen as co-signing. That made me think my plugin would not technically be third-party code as it would be co-signed by Apple.

Hi, did you manage to find out something about 3rd party plugin loading in the notarized brave new world? I'd appreciate any bit of information!

How did it went with DTS? What were the options of CoreMediaIO plugin to work with FaceTime? (and hopefully other apps that uses the camera) – now since macOS Catalina is on the horizon and mandates hardening.