macOS Catalina - kext loading bug

Just tried beta 2 and the bug present on beta 1 is still present.


Now kextload works (great!), but is displaying same error when trying to load an approved unsigned kext (any included on kextsOSKextSigExceptionHashList).


When doing kextutil -v "path to kext" (one unsigned and present on kextsOSKextSigExceptionHashList included with AppleKextExcludeList) shows:


"...is in hash exception list, allowing to load..."


And inmediately after this, it shows "...is missing or has an invalid CDHash. Disallowing load." which doesn't makes sense since cdhash is only available if the kext is signed and we're processing unsigned and allowed kexts here! 🙂


Hope Apple fixes this soon, since there are some utilities not working yet with macOS Catalina beta 2 and would like to use them without needing to disable SIP.

Accepted Reply

Well, finally seems to be fixed at developer beta 6!! (public beta 5).


Now all kext seems to load fine.., vmware is working back again, elgato drivers too, osxfuse, disabling turbo boost.., great!!!

Replies

Opened a bug at feedback assistant days ago (FB6139463).


Any chance of getting some feedback? Eskimo? 🙂


Thanks!

Same error persists on developer beta 3.., and no feedback yet 😟

Keeps failing on dev beta 4, no answer from apple.


Now fails even a Serial Ata controller that worked perfectly fine with previous macOS releases.. 😟 It would be great if at least Apple or someone confirms that this is intended or not.


As far as I know and from WWDC sessions, he official word from Apple is that kext will still load if user approved and explicity allowed with SIP enabled.., so this should be a bug.., or Apple forgot to mention this 😟


sudo kextutil -v JMicronATA.kext Defaulting to kernel file '/System/Library/Kernels/kernel' 
Cache file /System/Library/Caches/com.apple.kext.caches/Directories/Library/Extensions/KextIdentifiers.plist.gz 
is out of date; not using.
 Cache file /System/Library/Caches/com.apple.kext.caches/Directories/Library/Extensions/KextIdentifiers.plist.gz 
is out of date; not using. 
kext file:///Library/StagedExtensions/Library/Extensions/C363B637-698C-4992-B276-AA176445080E.kext/ i
s in hash exception list, allowing to load 
Cache file /System/Library/Caches/com.apple.kext.caches/Directories/Library/Extensions/KextIdentifiers.plist.gz 
is out of date; not using. 
kext file:///Library/StagedExtensions/Library/Extensions/JMicronATA.kext/ is in hash exception list, 
allowing to load Skipping migration.plist import (allowBundleIDs:43, cdhashArrayRef:43)
 <OSKext 0x7fd68261b800 [0x7fff96506690]> 
{ URL = "file:///Library/StagedExtensions/Library/Extensions/JMicronATA.kext/", ID = "com.jmicron.JMicronATA" }
 is missing or has an invalid CDHash. Disallowing load. Kext rejected due to system policy: 
<OSKext 0x7fd68261b800 [0x7fff96506690]> { 
URL = "file:///Library/StagedExtensions/Library/Extensions/JMicronATA.kext/", ID = "com.jmicron.JMicronATA" } 
kext file:///Library/StagedExtensions/Library/Extensions/JMicronATA.kext/ is in hash exception list, 
allowing to load <OSKext 0x7fd68261b800 [0x7fff96506690]> { 
URL = "file:///Library/StagedExtensions/Library/Extensions/JMicronATA.kext/", ID = "com.jmicron.JMicronATA" } 
is missing or has an invalid CDHash. Disallowing load. Kext rejected due to system policy: <OSKext 0x7fd68261b800 
[0x7fff96506690]> { URL = "file:///Library/StagedExtensions/Library/Extensions/JMicronATA.kext/", 
ID = "com.jmicron.JMicronATA" }
 Code Signing Failure: not code signed Diagnostics for /Library/Extensions/JMicronATA.kext:

Still failing with beta 5, and found this from WWDC 2019 (thanks rtrouton), proving this is really a bug?:


Will whitelisting third-party kernel extensions continue to work on Catalina like it does on Mojave?


Answer: Yes, with the UAMDM kext whitelist profile option.


https://forums.developer.apple.com/thread/117268


Well, in Mojave after user aproval kexts works fine, but it seems it doesn't in Catalina beta released so far.

Well, finally seems to be fixed at developer beta 6!! (public beta 5).


Now all kext seems to load fine.., vmware is working back again, elgato drivers too, osxfuse, disabling turbo boost.., great!!!